How to setup RADIUS Server Authentication in Active Directory Domain Controller?

From Wiki of WFilter NG Firewall
Revision as of 11:22, 6 December 2016 by WFilter (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


In this guide, I will demonstrate the steps to enable "Radius authentication" in an active directory domain controller. And how do I enable the "Web Auth" of WFilter NG Firewall to do authentication against active directory.


Contents

1 Setup WFilter

To authenticate from your domain controller, you need to enable "Remote Auth" in "Web Auth" or "PPPoE" or VPN modules. For example:

Ngf radius01.png

Set "Radius Server" to domain controller IP, the "Pre-shared Key" shall be same as configured in domain controller.

A web portal will appear when visiting any http web pages, you can input domain user and password to sign in.

Ngf radius02.png

2 Setup Domain Controller

2.1 Add Server Roles

Add server role "Network Policy and Access Services", enable "Network Policy Server" and "Remote Access Service" services.

Ngf radius03.png

Ngf radius04.png

2.2 Network Policy and Access Services

2.3 Radius Clients

New a radius client in "Radius Clients" of "Network Policy and Access Services". Set WFilter IP as the radius client IP, "Shared secret" shall be same as the "Pre-shared Key" in WFilter.

Ngf radius05.png

Ngf radius06.png

2.3.1 Network Policy

New a network policy, choose "Access Granted", enable "CHAP" authentication( the default authentication protocol of WFilter.)

Ngf radius07.png

Ngf radius08.png

Ngf radius09.png

Ngf radius10.png

Add "Domain Users" into "Conditions".

Ngf radius11.png

Ngf radius12.png

Ngf radius13.png

2.4 Routing and Remote Access

You also need to enable "CHAP" authentication in "Routing and Remote Access".

Ngf radius14.png

Ngf radius15.png

Ngf radius16.png

3 Domain Users

By above steps, you've enabled the CHAP authentication of WFilter in domain controller. However, "store password using reversible encryption" of domain user property is also required.

Ngf radius17.png

You also can change group policy to enable this option for all domain users.

Ngf radius18.png

These are all the steps to intergrate domain controller radius authentication with WFilter. In this example, domain controller is windows 2008 R2.

Personal tools
Namespaces

Variants
Actions
Navigation
Tools