Documentos de Académico
Documentos de Profesional
Documentos de Cultura
AAAwithActiveDirectory
FromMikroTikWiki
Alsorefertothisforumpost:
HowtosetupHotspotAAAMicrosoftIASRADIUSforusewithMikroTikByRodneyYeo:[1](http://forum.mikrotik.com/viewtopic.php?f=7&t=12180)
ExampleOne
MTsetup
/radiusadd
service=ppp,wireless
address=<ipaddressofADserver>
secret=<passwordforRADIUSserviceonADserver>
authentication_port=1812
accounting_port=1813
/ippppAAA
use_radius=yes
accounting=yes
/ipppppptpserver
enabled=yes
authentication=mschap1,mschap2
WindowsSetup
Start>ControlPanelAdministrativeTools>InternetAuthenticationService
RightclickonRADIUSClients>New
FriendlyName:MikroTik
Address:<ipaddressofMT>
ClientVendor:RADIUSStandard
Sharedsecret:<passwordusedtoaccesstheRADIUSservice>
ExampleTwo
PartASetupIASRADIUSonActiveDirectoryServices
SetupIASonaserveractingasActiveDirectoryServicesDomainControllerandregisteritsservices.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
1/10
03/03/2016
Userrespective1812forAuthenticationand1813forAccountingportonly.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
2/10
03/03/2016
Createahotspot.comclientprofileandsetIPaddresspointingtoMikroTikhotspotserver172.19.1.253.SetClientVendortoRADIUSStandardandentera
uniquepasswordforIAS.DonotenableAttributesSignaturecheckbox.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
3/10
03/03/2016
SelectIASFormatandsetLogTimePeriodtoDaily.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
4/10
03/03/2016
AtAuthenticationtabEnablecheckboxforMSCHAPv2,MSCHAP,CHAPandPAPmethod.NoteHotSpotonlyusesPAPmethod.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
5/10
03/03/2016
AtAdvancetabdonotaddanyadditionalconnectionattributes.
PartBSetupIASRADIUSwithMikroTik
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
6/10
03/03/2016
AtHotspotServerProfilesLoginBycheckHTTPPAPonly.
AtHotspotServerProfilescheckUseRADIUSandAccounting.NASPortTypeleaveitas(19wireless802.11)orchangeto15(Ethernet)mode.
PartCTestingIASRADIUSwithPC
1.UseNTRadPingTestUtilitytoverifythecommunicationlinkwithatestPC.http://www.dialways.com/download/
2.RemembertoaddinthetestPCIPAddressintendedfortestingintotheIASClientProfilebeforeinitiatingtest.
3.EntertheIASRADIUSserverIPAddressandport1812forRequestTypeAuthenticationRequestmodefollowedbytheRADIUSSecretKey.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
7/10
03/03/2016
4.AlsoentertheUserNamefoundintheActiveDirectoryServiceUserDomainLists.IfsuccessfulresponsereplywillbeAccessAccepted.
5.Nextchangeportto1813forRequestTypeAccountingStartclicksendandreplyshouldbeAccountingResponseiftheRADIUSserverisworking.
PartDActivatingDomainUsersforIASRADIUS
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
8/10
03/03/2016
NextchecktheDialintabandenableAllowaccessforRemoteAccessPermission.
PartEWindowsServer2012
OnWindows2012ServerActiveDirectorypasswordsneedtobestoredusingreversibleencryption.OpenGlobalPolicyManagerandunderComputer
configurationPoliciesWindowsSettingsSecuritySettingsAccountPoliciesPasswordPolicySet"StorePasswordsusingreversibleencryption"toenabled.
IMPORTANT:InaPowerShell(CMD)Windowsrun"gpudate"toenablethechanges.Pleasenoteexistingpasswordsmaynotworkuntiltheyhavebeenresetas
theymaystillbestoredinaformatthatisnotMikrotikfriendly.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
9/10
03/03/2016
Thispagewaslastmodifiedon2February2015,at12:11.
Thispagehasbeenaccessed81,527times.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
10/10