Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Indeed AM NPS RADIUS Extension (RADIUS Extension) is an extension for Microsoft Network Policy Server (NPS, is a part of Windows Server). It allows for implementation of two-factor authentication for RADIUS-compatible services and applications.
Info |
---|
Files of Indeed NPS Radius Extension reside in: indeed AM\Indeed RADIUS Extension\<Version number>\
|
Installation of Network Policy Server
Info |
---|
Besides the role itself, Web-Server (IIS) and internal Windows database are installed. |
- Run Add Roles and Features Wizard.
- Select Network Policy and Access Services role from the role list and confirm installation of additional components.Image Modified
- Select Network Policy Server from the Role services list.Image Modified
- Click “Install” in the “Confirm installation of components” window.
Configuration of NPS server.
- Run Network Policy Server.
Add your VPN server to RADIUS clients. (Right-click RADIUS - Clients → New document).
Info If using CHAP authentication, it is necessary to activate the “Store the password using reversible encryption” in the user account parameters and update user password.
- Configure the new client.
- Add the name for your VPN server (1).
- Specify the IP address of your VPN server (2).
Define the private key to connect to server (3).
Info The common private key is defined at the server and at the client upon connection.
Image Modified
- Add a network policy for Radius client connection.Image Modified
Installation of Indeed NPS RADIUS Extension
- Install NPS RADIUS by running Indeed.AM.RADIUS.Extension-x64.msi installer.
- Modify the following parameters in HKEY_LOCAL_MACHINE\SOFTWARE\Indeed-ID\AuthProxy section:
- ServerUrlBase parameter. This parameter defines the URL of your Indeed server.
IsIgnoreCertErrors parameter. Specify the value of 0 or 1.
Info This parameter is intended to verify the Indeed server certificate. Value of 1 means that certificate errors are ignored.
- AppId parameter with the value of NPS RADIUS Extension.Image Modified
Policy configuration
Info |
---|
It is necessary to add the Indeed AM policy templates into the administration template list before starting to configure group policies. Policy template files are included into the installation package and can be found in the Misc folder. |
Challenge\Response: message to user
The policy makes it possible to define the message that is displayed to user upon the second factor prompt.
Configuration of customized login methods for specified user groups.
- Open the “Configure login methods for user groups” for editing.
- Enable (1) the parameter and edit the contents (2).
- Add the "distinguishedName" attribute value of your user group to the “Value name” parameter.
Paste the key of the provider used to “Value” parameter.
Info {EBB6F3FA-A400-45F4-853A-D517D89AC2A3} - SMS OTP
{093F612B-727E-44E7-9C95-095F07CBB94B} - EMAIL OTP
{0FA7FDB4-3652-4B55-B0C0-469A1E9D31F0} - Software OTP
{AD3FBA95-AE99-4773-93A3-6530A29C7556} - HOTP Provider
{CEB3FEAF-86ED-4A5A-BD3F-6A7B6E60CA05} - TOTP TOTP Provider
{DEEF0CB8-AD2F-4B89-964A-B6C7ECA80C68} - AirKeyProvider
Image Modified
Image Modified
User group caching
The policy enables user group caching for RADIUS authentication and makes it possible to define the cache update rate.
User name configuration
The policy allows you to configure usage of domain NetBIOS name in case the username is specified without the domain. To enable the policy, activate the following parameter: “Use domain NetBIOS name if username is specified without it”.
Backtotop