After changing the configuration file restart application pool IdP in IIS Manager.

Go to C:\inetpub\wwwroot\pam\idp and edit file appsettings.json:

Section IdentitySettings 

  • DirectoryMechanism — Mechanism of authentication.

  • Authentication —  Authentication provider.

    "IdentitySettings": {
...
"DirectoryMechanism": "Radius",
"Authentication": "Local",
...
}

Section Radius

  • AuthenticationScheme — authentication scheme in radius. Possible parameters: PAP, CHAP, MSCHAPV2. The PAP scheme is insecure.

    Using CHAP authentication in windows, it is necessary to enable "Store passwords using reversible encryption" in the user account settings and update the user's password.

  • AuthenticationUserName name format for authentication.
    • Possible parameters:
      • NameWithoutDomain — name without domain (for authentication in FreeRadius)
      • SamCompatibleName — name in the format INDEED\\user
      • PrincipalName — name in the format user@indeed.domain
  • Secret — secret for the additional authentication of the component.
  • Timeout timeout waiting for a radius server response.
  • RemoteEndpoint: 
    • Address — radius server address for connection.

    • Port — radius server port for connection (default port: 1812).

      "Radius": {
    "AuthenticationScheme": "MSCHAPV2",
    "AuthenticationUserName": "PrincipalName",
    "Secret":"ENCRYPTED_CfDJ8MPJ7V58kgpLvtoHgdiuk5VKMK_hf3r437uZdHjdZAfve5wtVvgDZPjjDm7bgjCXKM5XM",
    "Timeout": 10,
    "RemoteEndpoint": {
      "Address": "PAM_RADIUS_SERVER",
      "Port": 1812
    }

  • No labels