我的办公室已将其 Windows 2003 域和域控制器替换为 Windows 2008。
我有一个 Cisco ASA 5510,它为我们的远程用户处理 VPN 连接,仍然与运行 RADIUS 的旧 Windows 2003 DC 之一集成。
我需要将 ASA 从 2003 域迁移到 2008 域。如何在 Windows 2008 下配置 NPS?
ASA 配置:
aaa-server NEWDC protocol radius
aaa-server NEWDC host x.x.x.x
key ********
ASA 配置测试命令:
test aaa-server authentication NEWDC host x.x.x.x
对于任何用户名,这总是会立即返回错误的用户/密码错误。AD中存在用户,启用,密码正确。Windows 和 ASA 中的密钥相同。
Windows 2008 NPS Radius 客户端配置:
Enabled
Vendor name: RADIUS Standard or Cisco (neither works)
Manual shared secret: ********
(unchecked) Access-Request messages must contain the Message-Authenticator attribute
(unchecked) RADIUS client is NAP-capable
Windows 2008 NPS 连接请求策略:
Enabled
Processing Order 2 (following Use Windows auth for all users)
Source unspecified
Auth Provider: Local Computer
Auth Method: MS-CHAP v1 or MS-CHAP v2 or Allow unauthenticated
Override Auth: Enabled
Class: OU=Admin;
Framed-Protocol: PPP
Service-Type: Framed
Windows 2008 网络策略:
Enabled
Processing Order 3 (highest)
Condition Windows Group = DOMAIN\VPN
Ignore User Dial-In Properties: False
Access Permission: Grant Access
Auth method: MS-CHAP v1 or MS-CHAP v2
NAP Enforcement: Allow full network access
Update Noncompliant clients: True
Framed Protocol: PPP
Service-Type: Framed