windows 2012 NPS 为 H3C&CISCO提供 radius服务

时间：2015-08-07 07:12:50 阅读：1218 评论：0 收藏：0 [点我收藏+]

标签：nps radius freeradius windows 2008

windows 2008和2012内嵌了NPS，其可以作为radius服务器，

参数什么的和Freeradius差不多，指南很少，文档很少

接下来主要记录的是

NPS为cisco&h3c 提供telnet认证服务
ipsec用户认证(测试中，逐渐补完)

The Network Policy and Access Services include the following role services:
Network Policy Server (NPS)
Health Registration Authority (HRA)
Host Credential Authorization Protocol (HCAP)
RADIUS server and proxy

Windows 2012 NPS for CISCO telnet authentication

具体参照这个帖子

Cisco IOS Radius Authentication with Windows Server 2012 NPS

关键是这一段:

Next you will need to add a Vendor Specific Attribute by clicking on “Vendor Specific” under the left side settings and clicking the Add… button

Scroll down the list and select “Cisco-AV-Pair” and click add. You will be prompted to add the Attribute Information, here you will click Add… and set the attribute value as shell:priv-lvl=15

This specifies which privilege level is returned to the authenticating user/device after successful authentication. For Network Engineers this would be shell:priv-lvl=15 and the Network Support Technicians would use shell:priv-lvl=1

2. Freeradius for H3C/HP Comware 7 telnet authentication

具体参考这篇文档

Freeradius AAA Comware 7

参数基本是一样的，唯一不同的是shell的写法,

e.g.

shell:roles=\"nework-operator\"

3. Using Windows Server 2008 as a RADIUS Server for a Cisco ASA

windows 2008下的NPS和windows 2012差不多，可以参考下

http://fixingitpro.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/

4. Windows NPS for cisco L2TP IPSEC VPN

具体配置参考如下链接

http://adminboard.mcsm.eu/index.php/guides/other/43-cisco-l2tp-ipsec-tunnel