In this guide, I will demonstrate the steps to enable "Radius authentication" in an active directory domain controller. And how do I enable the "Web Auth" of WFilter NG Firewall to do authentication against active directory.

1 Setup WFilter

To authenticate from your domain controller, you need to enable "Remote Auth" in "Web Auth" or "PPPoE" or VPN modules. For example:

Set "Radius Server" to domain controller IP, the "Pre-shared Key" shall be same as configured in domain controller.

A web portal will appear when visiting any http web pages, you can input domain user and password to sign in.

2 Setup Domain Controller

2.1 Add Server Roles

Add server role "Network Policy and Access Services", enable "Network Policy Server" and "Remote Access Service" services.

2.2 Network Policy and Access Services

2.3 Radius Clients

New a radius client in "Radius Clients" of "Network Policy and Access Services". Set WFilter IP as the radius client IP, "Shared secret" shall be same as the "Pre-shared Key" in WFilter.

2.3.1 Network Policy

New a network policy, choose "Access Granted", enable "CHAP" authentication( the default authentication protocol of WFilter.)

Add "Domain Users" into "Conditions".

2.4 Routing and Remote Access

You also need to enable "CHAP" authentication in "Routing and Remote Access".

3 Domain Users

By above steps, you've enabled the CHAP authentication of WFilter in domain controller. However, "store password using reversible encryption" of domain user property is also required.

You also can change group policy to enable this option for all domain users.

These are all the steps to intergrate domain controller radius authentication with WFilter. In this example, domain controller is windows 2008 R2.