Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

How to configure a Radius Server Polices in NPS Windows 2008

Active Directory, Domain, DNS, WINS, DHCP, SBS, New Releases.

How to configure a Radius Server Polices in NPS Windows 2008

Postby blin » Fri Dec 02, 2011 9:43 pm

I am hopping this is a good enough location for my question as it is NPS related....

i am IT person working in college and this is my environment

· A Windows Server 2008 R2 machine running AD DS (Active Directory Domain Services)

· A Windows Server 2008 R2 machine running NPS (Network Protection Services) and AD CS (Active Directory Certificate Services)

· Configure NPS server as a Subordinate CA instead of Root CA (as we used CA in our DC as main root certificate ) and Radius certificate as root certificate under CA)

· Access point HP MSM422 works as a radius client (test environment) then i will use the Controller MSM765 to set up the radius profile

Now in NPS policies, i have one policy for all domain user and all computer machine, so everything working fine, all students and staff can login to wireless using their AD account (Laptop , PC, Macbook and IPAD)

But I want to add more polices in NPS server as shown below:

· 1-1st policy name: trusted user and machine

· 2nd policy name: trusted user(student or staff ) without trusted machine but for ever

· 3rd policy name: trusted user (student or staff) without trusted machine but for specific period (2 days for example) as we have guest always came for days and need internet access



Any help will be appreciated
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3642
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Re: How to configure a Radius Server Polices in NPS Windows 2008

Postby blin » Fri Dec 02, 2011 9:43 pm

Yes, the new requirements that you listed could be done by adding multi policies and defining conditions to meet your needs (domain users or computers).

And according how NPS processes multi policies where described in the article below, we should set most restricted polices higher than the others :



Network Policies

http://technet.microsoft.com/en-us/libr ... 4107(WS.10).aspx



And for guest users , we’d suggest quarantine to an individual VLAN by setting 802.1X authentication and dynamic VLAN redirection , however we should have compatible devices first:



VLAN Attributes Used in Network Policy

http://technet.microsoft.com/en-us/libr ... 4422(WS.10).aspx
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3642
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA


Return to Windows

Your Ad Here

Who is online

Users browsing this forum: Majestic-12 [Bot] and 4 guests