Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module Overview Installing and Configuring a Network Policy Server

Published byRhoda Roberts Modified over 6 years ago

Similar presentations

Presentation on theme: "Module Overview Installing and Configuring a Network Policy Server"— Presentation transcript:

1 Installing, Configuring, and Troubleshooting the Network Policy Server Role Service

2 Module Overview Installing and Configuring a Network Policy Server
Configuring RADIUS Clients and Servers NPS Authentication Methods Monitoring and Troubleshooting a Network Policy Server 2

3 Installing and Configuring a Network Policy Server
What Is a Network Policy Server? Tools Used for Managing a Network Policy Server

4 What Is a Network Policy Server?
Windows Server 2008 Network Policy Server (NPS): RADIUS server RADIUS proxy NAP policy server

5 Tools Used for Managing a Network Policy Server
Tools used to manage NPS include: NPS MMC Console Netsh command line to configure all aspects of NPS, such as: NPS Server Commands RADIUS Client Commands Connection Request Policy Commands Remote RADIUS Server Group Commands Network Policy Commands Network Access Protection Commands Accounting Commands

6 Configuring RADIUS Clients and Servers
What Is a RADIUS Client? What Is a RADIUS Proxy? What Is a Connection Request Policy? Configuring Connection Request Processing

7 What Is a RADIUS Client? NPS is a RADIUS server
RADIUS clients are network access servers, such as: Wireless access points 802.1x authenticating switches VPN servers Dial-up servers RADIUS clients send connection requests and accounting messages to RADIUS servers for authentication, authorization, and accounting

8 What Is a RADIUS Proxy? A RADIUS proxy receives connection attempts from RADIUS clients and forwards them to the appropriate RADIUS server or another RADIUS proxy for further routing A RADIUS proxy is required for: Service providers offering outsourced dial-up, VPN, or wireless network access services Providing authentication and authorization for user accounts that are not Active Directory members Performing authentication and authorization using a database that is not a Windows account database Load-balancing connection requests among multiple RADIUS servers Providing RADIUS for outsourced service providers and limiting traffic types through the firewall

9 What Is a Connection Request Policy?
Connection Request policies are sets of conditions and settings that designate which RADIUS servers perform the authentication and authorization of connection requests that NPS receives from RADIUS clients Connection Request policies include: Conditions, such as: Framed Protocol Service Type Tunnel Type Day and Time restrictions Settings, such as: Authentication Accounting Attribute Manipulation Advanced settings Custom Connection Request policies are required to forward the request to another proxy or RADIUS server or server group for authorization and authentication, or to specify a different server for accounting information

10 Configuring Connection Request Processing
Configuration Description Local vs. RADIUS authentication Local authentication takes place against the local security account database or Active Directory. Connection policies exist on that server. RADIUS authentication forwards the connection request to a RADIUS server for authentication against a security database. RADIUS maintains a central store of all the connection policies. RADIUS server groups Used where one or more RADIUS servers are capable of handling connection requests. The connection requests are load-balanced on criteria specified during the creation of the RADIUS server group if there is more than one RADIUS server in the group. Default ports for accounting and authentication using RADIUS The ports required for accounting and authentication requests being forwarded to a RADIUS server are UDP 1812/1645 and UDP 1813/1646.

11 NPS Authentication Methods
Password-Based Authentication Methods Using Certificates for Authentication Required Certificates for NPS Authentication Methods Deploying Certificates for PEAP and EAP

12 Password-Based Authentication Methods
Authentication methods for an NPS server include: MS-CHAPv2 MS-CHAP CHAP PAP Unauthenticated access

13 Using Certificates for Authentication
With NPS, you use certificates for network access authentication because: Provide for stronger security Eliminate need for less secure, password-based authentication

14 Required Certificates for NPS Authentication Methods
You require the following certificates to deploy certificate-based authentication in NPS: CA certificate in the Trusted Root Certification Authorities certificate store for the Local Computer and Current User Client computer certificate in the certificate store of the client Server certificate in the certificate store of the NPS server User certificate on a smart card

15 Deploying Certificates for PEAP and EAP
For Domain Computer and User accounts, use the auto-enrollment feature in Group Policy Nondomain member enrollment requires an administrator to request a user or computer certificate using the CA Web Enrollment tool The administrator must save the computer or user certificate to a floppy disk or other removable media, and manually install the certificate on the nondomain member computer The administrator can distribute user certificates on a smart card

16 Monitoring and Troubleshooting a Network Policy Server
Methods Used to Monitor NPS Logging NPS Accounting Configuring SQL Server Logging Configuring NPS Events to Record in the Event Viewer

17 Methods Used to Monitor NPS
NPS monitoring methods include: Event logging The process of logging NPS events in the System Event log Useful for auditing and troubleshooting connection attempts Logging user authentication and accounting requests Useful for connection analysis and billing purposes Can be in a text format Can be in a database format within a SQL instance

18 Logging NPS Accounting
Use the NPS console to configure logging: Open NPS from the Administrative Tools menu 1 In the console tree, click Accounting 2 In the details pane, click Configure Local File Logging 3 On the Settings tab, select the information to be logged 4 On the Log File tab, select the log type and the frequency or size attributes of the log files to be generated 5 Log files should be stored on a separate partition from the system partition: If RADIUS accounting fails due to a full hard disk, NPS stops processing connection requests

19 Configuring SQL Server Logging
You can use SQL to log RADIUS accounting data: Requires SQL to have a stored procedure named report_event NPS formats accounting data as an XML document Can be a local or remote SQL Server database

20 Configuring NPS Events to Record in the Event Viewer
How do I configure NPS events to be recorded in Event Viewer? NPS is configured by default to record failed connections and successful connections in the event log You can change this behavior on the General tab of the Properties sheet for the network policy Common request failure events What information does the failure event record? What information does the success event record? What is Schannel logging, and how do I configure it? Schannel is a security support provider that supports a set of Internet security protocols You can configure Schannel logging in the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ SecurityProviders\SCHANNEL\EventLogging

21 Summary Installing and Configuring a Network Policy Server
Configuring RADIUS Clients and Servers NPS Authentication Methods Monitoring and Troubleshooting a Network Policy Server 21

Download ppt "Module Overview Installing and Configuring a Network Policy Server"

Similar presentations

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.

1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.

Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Windows Server 2008 Chapter 6 Last Update 2012.05.23 1.0.0.

Windows Server 2008 Chapter 6 Last Update
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Similar presentations

Ads by Google