RADIUS+Server+and+Configuration+Guide

=**TartRADIUS Homepage Remote Authentication Dial In User Service**=

RADIUS stands for **R**emote **A**uthentication **D**ial **I**n **U**ser **S**ervice and it is a networking protocol that dictates who is allowed to into a network. RADIUS uses what is known the triple A (AAA) concept, which are Authentication, Authorization and Accounting. Once a user is meets the triple A requirements, a remote user can access network resources on the Tart Network Conglomerate’s provided that the user meets the MS-CHAP version 2 authentication requirements.


 * I. Installing Network Policy and Access Services **

1. **Click** **Start** -> **Server Manager** -> **Right-Click** on **Roles** -> **Click** on **Add Roles**

2. **Click** on the **Next** button to proceed to the **Server Roles** window.

3. **Check** the box next to Network Policy and Access Services and click on the **Next** button.



Figure 5-1: The window above shows the list of roles available in the Add Roles Wizard, installing RADIUS requires that the Network Policy and Access Services to be installed first.

4. Review the description for Network Policy and Access Services and **click** on the **Next** button to proceed to **Role Services**.



Figure 5-2: The description window that explains what Network Policy and Access Services are and what features it can provide.

5. Check the Network Policy Server box and click on the Next button to proceed to the Confirmation window.



 Figure 5-3: Checking the Network Policy Server box will install RADIUS.

6. At the **Confirmation** window **click** on the **Install** button to begin the installation of **Network Policy and Access Services.**



Figure 5-4: Review the settings of Network Policy and Access Services and click on the install button. 

7. Confirm that the installation was successful and **click** on the **Close** button to finish the installation of Network Policy and Access Services.

Figure 5-5: A successful installation should look similar to the window above.

**II. Configuring RADIUS Authentication** Once Network Policy and Access Services has finished installing, the next step is to configure the **N**etwork **P**olicy **S**erver (NPS) in order for remote users to access the Tart Network Conglomerate’s network resources. 1. **Click** **Start** -> **Administrative Tools** -> and **click** on **Server Manager**

2. **Click** on the **Expand** button next to Network Policy and Access Services to view its contents and **click** on the **NPS (Local)** option.

Figure 5-6: If the last two steps were done correctly, your computer screen should match the one as shown above

3. In the center-window **click** on the **drop-down arrow** and select **RADIUS server for Dial-up or VPN Connections** and then **click** on **Register server in Active Directory**.



Figure 5-7 – This screenshot as shown above will indicate that you want to configure RADIUS.

4. **Click** on the **OK button** when the **Network Policy Server** window appears, this will register your machine as the RADIUS server in Active Directory.



Figure 5-8: The Network Policy Server window will verify that you want to register your machine in Active Directory, click on the OK button to register it.

5.When the machine finishes registering, **click** on the **Configure VPN or Dial-Up** link, a new window will appear. 6. **Click** on the **Virtual Private Network (VPN) Connections** radio button and enter **Tart.Corp VPN Policy** in the name text box and **click** on the **Next** button.

= = Figure 5-9 – Verify that the options that you selected match the ones in the screenshot above and click on the Next button. 

7. In the RADIUS Clients windows **click** on the **Add…** button to open up the **New RADIUS Client** window.

8. **Enter** the following as stated below:

a. **Friendly name:** TARTVPN b. **Address (IP or DNS):** 172.28.0.1 c. **Click** on the **Manual** radio button d. **Type** tart (all lowercase) in the **Shared Secret** and **Confirm shared secret textboxes** e. **Click** on the **OK button** to close the **New RADIUS Client** window.

 Figure 5-10: The following textboxes should match the ones as shown above.

9. **Click** on TARTVPN under the **RADIUS clients** list and **click** on the **Next** button.



Figure 5-11 – By adding TARTVPN on the list of RADIUS clients, you have specified that it is the VPN server for the Tart.Corp network.

10. **Check** the **Microsoft Encrypted Authentication version 2 (MS-CHAPv2) box** and **click** on the **Next button.**



Figure 5-12 – The only box that needs to be checked here is the MS-CHAP version 2 option.

11. **Click** on the **Add… button** in the **Specify User Groups** window.

12. **Type** Domain Admins in the object name text box and **click** on the **OK button** to close the **Select Groups** window.



Figure 5-13 – Entering Domain Admins will allow all users in the Domain Admins group to connect to the Tart.Corp network through VPN.

13. The Domain Admins user group will appear in the **Specify User Group** window, verify that it is there and **click** on the **Next button**.



Figure 5-14 – Domain Admins on the Tart.Corp network will now be allowed to connect via VPN.

14. **Click** on the **Next button** at the **Specify IP Filters** window.

15. At the **Specify Encryption Settings** window, **check** the **Strong Encryption (MPPE 56-bit)** and the **Strongest Encryption (MPPE 128-bit) boxes** and **click** on the **Next button.**



Figure 5-15 – Selecting these encryption settings will make it harder for a hacker to obtain a password.

16. At the Realm Name window, **click** on the **Next button.**

17. **Verify** your settings and **click** on the **Finish button** to close the **VPN Configuration Wizard.**



Figure 5-16 – The summary window will display the options that you selected throughout the configuration process.

media type="custom" key="3488140"

