windows 2008和2012内嵌了NPS,其可以作为radius服务器,

参数什么的和Freeradius差不多,指南很少,文档很少

接下来主要记录的是

  1. NPS为cisco&h3c 提供telnet认证服务

  2. ipsec用户认证(测试中,逐渐补完)

The Network Policy and Access Services include the following role services:
Network Policy Server (NPS)
Health Registration Authority (HRA)
Host Credential Authorization Protocol (HCAP)
RADIUS server and proxy




  1. Windows 2012 NPS for CISCO telnet authentication


具体参照这个帖子

Cisco IOS Radius Authentication with Windows Server 2012 NPS 

关键是这一段:

Next you will need to add a Vendor Specific Attribute by clicking on “Vendor Specific” under the left side settings and clicking the Add… button

Scroll down the list and select “Cisco-AV-Pair” and click add. You will be prompted to add the Attribute Information, here you will click Add… and set the attribute value as shell:priv-lvl=15

This specifies which privilege level is returned to the authenticating user/device after successful authentication. For Network Engineers this would be shell:priv-lvl=15 and the Network Support Technicians would use shell:priv-lvl=1


2. Work with Comware 5 & Comware 7

A. Freeradius for H3C/HP Comware 7 telnet authentication

具体参考这篇文档

Freeradius AAA Comware 7

参数基本是一样的,唯一不同的是shell的写法,

e.g.

shell:roles=\"nework-operator\"


B. Windows NPS for Comware 5

配置参见附件


3. Using Windows Server 2008 as a RADIUS Server for a Cisco ASA

windows 2008下的NPS和windows 2012差不多,可以参考下

http://fixingitpro.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/


4. Windows NPS for cisco L2TP IPSEC ×××

具体配置参考如下链接

http://adminboard.mcsm.eu/index.php/guides/other/43-cisco--ipsec-tunnel

http://adminboard.mcsm.eu/index.php/guides/windows/45-windows-nps-kerberos-for-cisco-***--ipsec


还有一个freeradius下的

http://safesrv.net/setup--over-ipsec-to-authenticate-off-freeradius-on-ubuntu-11-10/



5. EZ×××

windows 2008 NPS已经有人写了,我贴一下

http://xuchenhui.blog.51cto.com/769149/1386652


freeradius下的:

Cisco ez××× with FreeRADIUS

http://stevehaskew.blogspot.com/2014/09/cisco-ez***-with-freeradius.html