After you install an NPS role on Windows 2008, you can configure RADIUS.
1. Go to RADIUS Clients and create a new client. (This RADIUS client will be the proxyAV).
-Set the RADIUS client to the IP or hostname of the ProxyAV.
-Vendor name could just use RADIUS standard.
-Set the Shared Secret.
2. Go to Network Policies, right click > New and create a new policy (this is where you define authentication conditions).
-Set the Policy Name and click Next.
-On the Condition, set the conditions that are allowed to authenticate.
(NAS Port type is ethernet for wired connections)
(Groups based on AD)
(NAS client IP would be ProxyAV's IP)
(Date and Time restriction) - Click Next when done
3. Set to Access Granted and click Next.
4. On the Authentication Method set to Unencrypted authentication (PAP, SPAP) and click Next.
5. Configure the constraints - This is where you set the READ, READ/WRITE permission for ProxyAV.
-Under Vendor Specific, click on ADD then ADD again.
- Set the Vendor Code to 14501.
- Click on Configure Attribute and set it to 020600000002 for READ/WRITE access, 020600000001 for READ only.
- Click OK.
6. After completing the Network Policy, configure the ProxyAV to use the RADIUS under Authentication.
-Check the box that says ProxyAV RADIUS authentication.
- Set the RADIUS server IP and shared secret.
- Save changes.
Note: If authentication fails, check the security logs on the event viewer to see what is causing authentication to fail.