windows 2008和2012內嵌了NPS,其可以作爲radius服務器,
參數什麼的和Freeradius差不多,指南很少,文檔很少
接下來主要記錄的是
NPS爲cisco&h3c 提供telnet認證服務
ipsec用戶認證(測試中,逐漸補完)
The Network Policy and Access Services include the following role services: Network Policy Server (NPS) Health Registration Authority (HRA) Host Credential Authorization Protocol (HCAP) RADIUS server and proxy
Windows 2012 NPS for CISCO telnet authentication
具體參照這個帖子
Cisco IOS Radius Authentication with Windows Server 2012 NPS
關鍵是這一段:
Next you will need to add a Vendor Specific Attribute by clicking on “Vendor Specific” under the left side settings and clicking the Add… button
Scroll down the list and select “Cisco-AV-Pair” and click add. You will be prompted to add the Attribute Information, here you will click Add… and set the attribute value as shell:priv-lvl=15
This specifies which privilege level is returned to the authenticating user/device after successful authentication. For Network Engineers this would be shell:priv-lvl=15 and the Network Support Technicians would use shell:priv-lvl=1
2. Work with Comware 5 & Comware 7
A. Freeradius for H3C/HP Comware 7 telnet authentication
具體參考這篇文檔
參數基本是一樣的,唯一不同的是shell的寫法,
e.g.
shell:roles=\"nework-operator\"
B. Windows NPS for Comware 5
配置參見附件
3. Using Windows Server 2008 as a RADIUS Server for a Cisco ASA
windows 2008下的NPS和windows 2012差不多,可以參考下
http://fixingitpro.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/
4. Windows NPS for cisco L2TP IPSEC ***
具體配置參考如下鏈接
http://adminboard.mcsm.eu/index.php/guides/other/43-cisco-l2tp-ipsec-tunnel
http://adminboard.mcsm.eu/index.php/guides/windows/45-windows-nps-kerberos-for-cisco-***-l2tp-ipsec
還有一個freeradius下的
http://safesrv.net/setup-l2tp-over-ipsec-to-authenticate-off-freeradius-on-ubuntu-11-10/
5. EZ***
windows 2008 NPS已經有人寫了,我貼一下
http://xuchenhui.blog.51cto.com/769149/1386652
freeradius下的:
Cisco ez*** with FreeRADIUS
http://stevehaskew.blogspot.com/2014/09/cisco-ez***-with-freeradius.html