Scribd Logo
Cargar

¡Te damos la bienvenida a Scribd!

  • Configure AAA with Active Directory

    Cargado por

    Luiz Carlos
    1K vistas10 páginas
    The document provides instructions for configuring AAA (authentication, authorization, and accounting) with Active Directory on MikroTik routers. It describes setting up a RADIUS server on the Active Directory domain controller and configuring the MikroTik router as a RADIUS client. User authentication is handled through the RADIUS server using PAP. The instructions are divided into multiple parts that cover the MikroTik configuration, Windows RADIUS server setup, testing the connection, enabling domain users, and a requirement for Windows 2012 passwords.

    Descripción original:

    arerw

    Título original

    AAA With Active Directory - MikroTik Wiki

    Derechos de autor

    © © All Rights Reserved

    Formatos disponibles

    PDF, TXT o lea en línea desde Scribd

    ¿Le pareció útil este documento?

    ¿Este contenido es inapropiado?

    Denunciar este documento
    The document provides instructions for configuring AAA (authentication, authorization, and accounting) with Active Directory on MikroTik routers. It describes setting up a RADIUS server on the Active Directory domain controller and configuring the MikroTik router as a RADIUS client. User authentication is handled through the RADIUS server using PAP. The instructions are divided into multiple parts that cover the MikroTik configuration, Windows RADIUS server setup, testing the connection, enabling domain users, and a requirement for Windows 2012 passwords.

    Copyright:

    © All Rights Reserved
    Descargue como PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    1K vistas10 páginas

    Configure AAA with Active Directory

    Cargado por

    Luiz Carlos
    The document provides instructions for configuring AAA (authentication, authorization, and accounting) with Active Directory on MikroTik routers. It describes setting up a RADIUS server on the Active Directory domain controller and configuring the MikroTik router as a RADIUS client. User authentication is handled through the RADIUS server using PAP. The instructions are divided into multiple parts that cover the MikroTik configuration, Windows RADIUS server setup, testing the connection, enabling domain users, and a requirement for Windows 2012 passwords.

    Copyright:

    © All Rights Reserved
    Descargue como PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    de 10

    03/03/2016

    AAA with Active Directory - MikroTik Wiki

    AAAwithActiveDirectory
    FromMikroTikWiki
    Alsorefertothisforumpost:
    HowtosetupHotspotAAAMicrosoftIASRADIUSforusewithMikroTikByRodneyYeo:[1](http://forum.mikrotik.com/viewtopic.php?f=7&t=12180)

    ExampleOne
    MTsetup
    /radiusadd
    service=ppp,wireless
    address=<ipaddressofADserver>
    secret=<passwordforRADIUSserviceonADserver>
    authentication_port=1812
    accounting_port=1813

    /ippppAAA
    use_radius=yes
    accounting=yes

    /ipppppptpserver
    enabled=yes
    authentication=mschap1,mschap2

    WindowsSetup
    Start>ControlPanelAdministrativeTools>InternetAuthenticationService
    RightclickonRADIUSClients>New
    FriendlyName:MikroTik
    Address:<ipaddressofMT>
    ClientVendor:RADIUSStandard
    Sharedsecret:<passwordusedtoaccesstheRADIUSservice>

    ExampleTwo
    PartASetupIASRADIUSonActiveDirectoryServices
    SetupIASonaserveractingasActiveDirectoryServicesDomainControllerandregisteritsservices.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    1/10

    03/03/2016

    AAA with Active Directory - MikroTik Wiki


    Giveameaningfuldescriptionandenableloggingforauthenticationstatus.

    Userrespective1812forAuthenticationand1813forAccountingportonly.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    2/10

    03/03/2016

    AAA with Active Directory - MikroTik Wiki


    CreateaRealmsprofile,findUserNamereplaceitwithDOMAIN\UserNamevariablesintoIAS.

    Createahotspot.comclientprofileandsetIPaddresspointingtoMikroTikhotspotserver172.19.1.253.SetClientVendortoRADIUSStandardandentera
    uniquepasswordforIAS.DonotenableAttributesSignaturecheckbox.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    3/10

    03/03/2016

    AAA with Active Directory - MikroTik Wiki


    EnableRemoteAccessLoggingcheckboxforallproperties.

    SelectIASFormatandsetLogTimePeriodtoDaily.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    4/10

    03/03/2016

    AAA with Active Directory - MikroTik Wiki


    CreateRemoteAccessPoliciesprofiletohotspot.com.AddWindowsGroupsmatchesDOMAIN\Usernameprofile.EnableGrantremoteaccesspermission.

    AtAuthenticationtabEnablecheckboxforMSCHAPv2,MSCHAP,CHAPandPAPmethod.NoteHotSpotonlyusesPAPmethod.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    5/10

    03/03/2016

    AAA with Active Directory - MikroTik Wiki


    AtEncryptiontabEnableallthecheckboxallowedbythisprofile.

    AtAdvancetabdonotaddanyadditionalconnectionattributes.

    PartBSetupIASRADIUSwithMikroTik

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    6/10

    03/03/2016

    AAA with Active Directory - MikroTik Wiki


    AddaRADIUSserverprofileandenableserviceforhotspot.EnterIPAddressofIASRADIUSserver.EnterthesamepasswordcreatedearlierforRADIUSsecret.
    Useport1812forAuthenticationand1813forAccountingwithTimeoutat300ms.

    AtHotspotServerProfilesLoginBycheckHTTPPAPonly.

    AtHotspotServerProfilescheckUseRADIUSandAccounting.NASPortTypeleaveitas(19wireless802.11)orchangeto15(Ethernet)mode.

    PartCTestingIASRADIUSwithPC
    1.UseNTRadPingTestUtilitytoverifythecommunicationlinkwithatestPC.http://www.dialways.com/download/
    2.RemembertoaddinthetestPCIPAddressintendedfortestingintotheIASClientProfilebeforeinitiatingtest.
    3.EntertheIASRADIUSserverIPAddressandport1812forRequestTypeAuthenticationRequestmodefollowedbytheRADIUSSecretKey.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    7/10

    03/03/2016

    AAA with Active Directory - MikroTik Wiki

    4.AlsoentertheUserNamefoundintheActiveDirectoryServiceUserDomainLists.IfsuccessfulresponsereplywillbeAccessAccepted.
    5.Nextchangeportto1813forRequestTypeAccountingStartclicksendandreplyshouldbeAccountingResponseiftheRADIUSserverisworking.

    PartDActivatingDomainUsersforIASRADIUS

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    8/10

    03/03/2016

    AAA with Active Directory - MikroTik Wiki


    CheckforrespectiveUserpropertiesiftheyarememberofRASandIASServergroups,ifnotaddthemasgroupmembers.

    NextchecktheDialintabandenableAllowaccessforRemoteAccessPermission.

    PartEWindowsServer2012
    OnWindows2012ServerActiveDirectorypasswordsneedtobestoredusingreversibleencryption.OpenGlobalPolicyManagerandunderComputer
    configurationPoliciesWindowsSettingsSecuritySettingsAccountPoliciesPasswordPolicySet"StorePasswordsusingreversibleencryption"toenabled.
    IMPORTANT:InaPowerShell(CMD)Windowsrun"gpudate"toenablethechanges.Pleasenoteexistingpasswordsmaynotworkuntiltheyhavebeenresetas
    theymaystillbestoredinaformatthatisnotMikrotikfriendly.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    9/10

    03/03/2016

    AAA with Active Directory - MikroTik Wiki


    Retrievedfrom"http://wiki.mikrotik.com/index.php?title=AAA_with_Active_Directory&oldid=26936"

    Thispagewaslastmodifiedon2February2015,at12:11.
    Thispagehasbeenaccessed81,527times.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    10/10

    También podría gustarte