Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Pgina 1 de 18
Windows Setup
Example Two
Part A - Setup IAS RADIUS on Active Directory Services
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 2 de 18
Setup IAS on a server acting as Active Directory Services Domain Controller and register its services.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 3 de 18
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 4 de 18
User respective 1812 for Authentication and 1813 for Accounting port only.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 5 de 18
Create a Realms profile, find User-Name replace it with DOMAIN\User-Name variables into IAS.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 6 de 18
Create a hotspot.com client profile and set IP address pointing to MikroTik hotspot server 172.19.1.253. Set Client Ve RADIUS Standard and enter a unique password for IAS. Do not enable Attributes Signature check box.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 7 de 18
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 8 de 18
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 9 de 18
Create Remote Access Policies profile to hotspot.com. Add Windows-Groups matches DOMAIN\Username
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 10 de 18
At Authentication tab Enable check box for MS-CHAP v2, MS-CHAP, CHAP and PAP method. Note HotSpot only uses PA
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 11 de 18
At Encryption tab Enable all the check box allowed by this profile.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 12 de 18
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 13 de 18
Add a RADIUS server profile and enable service for hotspot. Enter IP Address of IAS RADIUS server. Enter the same p created earlier for RADIUS secret. Use port 1812 for Authentication and 1813 for Accounting with Timeout at 300ms.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 14 de 18
At Hotspot Server Profiles check Use RADIUS and Accounting. NAS Port Type leave it as (19 wireless-802.11) or (Ethernet) mode.
1. Use NTRadPing Test Utility to verify the communication link with a test PC. http://www.dialways.com/download/ 2. Remember to add in the test PC IP Address intended for testing into the IAS Client Profile before initiating test.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 15 de 18
3. Enter the IAS RADIUS server IP Address and port 1812 for Request Type Authentication Request RADIUS Secret Key.
4. Also enter the User-Name found in the Active Directory Service User Domain Lists. If successful response reply w Accepted.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 16 de 18
5. Next change port to 1813 for Request Type Accounting Start click send and reply should be Accounting RADIUS server is working.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 17 de 18
Check for respective User properties if they are member of RAS and IAS Server groups, if not add them as group mem
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011
Pgina 18 de 18
Next check the Dial-in tab and enable Allow access for Remote Access Permission.
http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory
07/04/2011