Windows Server 2008 Network Policy Server (nps) Operations Guide icon

Windows Server 2008 Network Policy Server (nps) Operations Guide




Скачати 326.71 Kb.
НазваWindows Server 2008 Network Policy Server (nps) Operations Guide
Сторінка9/16
Дата конвертації17.02.2014
Розмір326.71 Kb.
ТипДокументи
1   ...   5   6   7   8   9   10   11   12   ...   16
^

Configure NPS UDP Port Information


Use this procedure to configure User Datagram Protocol (UDP) ports for RADIUS traffic.

You can use the following procedure to configure the ports that Network Policy Server (NPS) uses for RADIUS authentication and accounting traffic.

By default, NPS listens for RADIUS traffic on ports 1812, 1813, 1645, and 1646 for both Internet Protocol version 6 (IPv6) and IPv4 for all installed network adapters.

Note

If you uninstall either IPv4 or IPv6 on a network adapter, NPS does not monitor RADIUS traffic for the uninstalled protocol.

The values of 1812 for authentication and 1813 for accounting are RADIUS standard ports defined in RFCs 2865 and 2866. However, by default, many access servers use ports 1645 for authentication requests and 1646 for accounting requests. No matter which ports you decide to use, make sure that NPS and your access server are configured to use the same ones.

Important

If you do not use the default RADIUS ports, you must configure exceptions on the firewall for the local computer to allow RADIUS traffic on the new ports.

^ Administrative credentials

To complete this procedure, you must be a member of the Administrators group.

To configure NPS UDP port information

    1. Click Start, click Administrative Tools, and then click Network Policy Server. The NPS console opens.

    2. In the NPS console, right-click Network Policy Server, and then click Properties.

    3. Click the Ports tab, and then prepend the IP address for the network adapter you want to use for RADIUS traffic to the existing port numbers. For example, if you want to use the IP address 192.168.1.2 and RADIUS ports 1812 and 1645 for authentication requests, change the port setting from 1812,1645 to 192.168.1.2:1812,1645.

If your RADIUS authentication and RADIUS accounting UDP ports are different from the default values, change the port settings accordingly.

    4. To use multiple port settings for authentication or accounting requests, separate the port numbers with commas.


^

Disable NAS Notification Forwarding


You can use this procedure to disable the forwarding of start and stop messages from network access servers (NASs) to members of a remote RADIUS server group configured in NPS.

When you have remote RADIUS server groups configured and, in NPS ^ Connection Request Policies, you clear the Forward accounting requests to this remote RADIUS server group check box, these groups are still sent NAS start and stop notification messages.

This creates unnecessary network traffic. To eliminate this traffic, disable NAS notification forwarding for individual servers in each remote RADIUS server group.

^ Administrative credentials

To complete this procedure, you must be a member of the Administrators group.

To disable NAS notification forwarding

    1. Click ^ Start, click Administrative Tools, and then click Network Policy Server. The NPS console opens.

    2. In the NPS console, double-click RADIUS Clients and Servers, click Remote RADIUS Server Groups, and then double-click the remote RADIUS server group that you want to configure. The remote RADIUS server group Properties dialog box opens.

    3. Double-click the group member that you want to configure, and then click the Authentication/Accounting tab.

    4. In Accounting, clear the Forward network access server start and stop notifications to this server check box, and then click OK.

    5. Repeat steps 3 and 4 for all group members that you want to configure.


^

Export an NPS Server Configuration for Import on Another Server


This procedure allows you to export the entire NPS configuration — including RADIUS clients and servers, network policy, connection request policy, registry, and logging configuration — from one NPS server for import on another NPS server.

Important

Do not use this procedure if the source NPS database has a higher version number than the version number of the destination NPS database. You can view the version number of the NPS database from the display of the netsh nps show config command.

When the netsh import command is run, NPS is automatically refreshed with the updated configuration settings. You do not need to stop NPS on the destination computer to run the netsh import command, however if the NPS console or NPS MMC snap-in is open during the configuration import, changes to the server configuration are not visible until you refresh the view.

^ Note

When you use the netsh nps export command, you are required to provide the command parameter exportPSK with the value YES. This parameter and value explicitly state that you understand that you are exporting the NPS server configuration, and that the exported XML file contains unencrypted shared secrets for RADIUS clients and members of remote RADIUS server groups.

Because NPS server configurations are not encrypted in the exported XML file, sending it over a network might pose a security risk, so take precautions when moving the XML file from the source server to the destination servers. For example, add the file to an encrypted, password protected archive file before moving the file. In addition, store the file in a secure location to prevent malicious users from accessing it.

Note

If SQL Server logging is configured on the source NPS server, SQL Server logging settings are not exported to the XML file. After you import the file on another NPS server, you must manually configure SQL Server logging.

^ Administrative credentials

To complete this procedure, you must be a member of the Administrators group.

To copy an NPS server configuration to another NPS server using Netsh commands

    1. On the source NPS server, open Command Prompt, type netsh, and then press ENTER.

    2. At the netsh prompt, type nps, and then press ENTER.

    3. At the netsh nps prompt, type export filename="path\file.xml" exportPSK=YES, where path is the folder location where you want to save the NPS server configuration file, and file is the name of the XML file that you want to save. Press ENTER.

This stores configuration settings (including registry settings) in an XML file. The path can be relative or absolute, or it can be a Universal Naming Convention (UNC) path. After you press ENTER, a message appears indicating whether the export to file was successful.

    4. Copy the file you created to the destination NPS server.

    5. At a command prompt on the destination NPS server, type netsh nps import filename="path\file.xml", and then press ENTER. A message appears indicating whether the import from the XML file was successful.


1   ...   5   6   7   8   9   10   11   12   ...   16



Схожі:

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for Configuring Network Load Balancing with Terminal Services: Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for Configuring a Two-Node File Server Failover Cluster in Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for Configuring a Two-Node Print Server Failover Cluster in Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconServer Core Installation Option of Windows Server 2008 Step-By-Step Guide

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for File Server Resource Manager in Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for Windows Deployment Services in Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconStep-by-Step Guide for Storage Manager for sans in Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconServices for nfs step-by-Step Guide for Windows Server 2008

Windows Server 2008 Network Policy Server (nps) Operations Guide iconWindows Server 2008 Active Directory Certificate Services Step-By-Step Guide

Windows Server 2008 Network Policy Server (nps) Operations Guide iconWindows Server 2008 ts licensing Step-By-Step Guide

Додайте кнопку на своєму сайті:
Документи


База даних захищена авторським правом ©te.zavantag.com 2000-2017
При копіюванні матеріалу обов'язкове зазначення активного посилання відкритою для індексації.
звернутися до адміністрації
Документи