RADIUS 101 – So Who are you anyway? – NPS

Standard

This series will take us through each of the A’s in AAA through the eyes of a RADIUS server that will service some network devices.

As a quick review: AAA stands for Authentication, Authorization, and Accounting. Each of the components can be summed up as:

Authentication – Who you are

Authorization – What you can do

Accounting – What you did

This particular post is going to focus on Authentication using a Microsoft Network Policy Server. As this series continues I plan on doing the same with FreeRadius and Cisco ACS/ISE down the road.

First lets take a look at our relevant network topology

nps-lab

1. Installing Network Policy Server

To install the NPS role you can either use the Server Manager or use Powershell.

PS C:\> Install-WindowsFeature NPAS-Policy-Server

Success Restart Needed Exit Code      Feature Result
------- -------------- ---------      --------------
True    No             Success        {Network Policy and Access Services, Netwo...

Go ahead and open NPS, once its up the first thing we need to do is register the server in active directory, this allows the radius server to read AD accounts.

Click Action -> Register server in Active Directory
nps-001

In the NPS server we have 5 main sections and several subsections, let’s do a quick overview of them before we dive into the configurations.

RADIUS Clients and Servers
nps-002

  • RADIUS Clients – This is where your radius devices and their shared secrets are defined.
  • Remote RADIUS Server Groups – This is where RADIUS proxy servers are defined.

Policies
nps-003

  • Connection Request Policies – This controls what connections are processed and when.
  • Network Policies – This is where the bulk of the radius configuration happens, it controls the policies of who can connect and what they are allowed to do.
  • Health Policies – This is for NAP configuration which we aren’t to concerned with in this series.

    Network Access Protection
    nps-004

    We won’t necessarily be doing a lot with NAP but this is where you can make sure the client meets certain requirements like firewall enabled before granting them access.

Accounting
This section deals with logging and how things are tracked

Templates Management
nps-005

Like the name says, this allows you to save common items such as shared secrets as templates to help make your configurations more consistent.

2. Configuring NPS

To be continued!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.