网络策略服务器 (NPS)Network Policy Server (NPS)

适用于: Windows Server (半年通道) ,Windows Server 2016,Windows Server 2019Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2019

你可以使用本主题来概述 Windows Server 2016 和 Windows Server 2019 中的网络策略服务器。You can use this topic for an overview of Network Policy Server in Windows Server 2016 and Windows Server 2019. 安装网络策略和访问服务时,将安装 NPS (NPAS) 2019 2016 功能。NPS is installed when you install the Network Policy and Access Services (NPAS) feature in Windows Server 2016 and Server 2019.

备注

除本主题外,还提供以下 NPS 文档。In addition to this topic, the following NPS documentation is available.

通过网络策略服务器 (NPS),你可以针对连接请求身份验证和授权创建并实施组织级网络访问策略。Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for connection request authentication and authorization.

你还可以将 NPS 配置为远程身份验证拨入用户服务 (RADIUS) proxy 将连接请求转发到远程 NPS 或其他 RADIUS 服务器,以便可以对连接请求进行负载平衡,并将其转发到正确的域进行身份验证和授权。You can also configure NPS as a Remote Authentication Dial-In User Service (RADIUS) proxy to forward connection requests to a remote NPS or other RADIUS server so that you can load balance connection requests and forward them to the correct domain for authentication and authorization.

NPS 允许使用以下功能集中配置和管理网络访问身份验证、授权和记帐:NPS allows you to centrally configure and manage network access authentication, authorization, and accounting with the following features:

  • RADIUS 服务器RADIUS server. NPS 为无线、身份验证交换机、远程访问拨号和虚拟专用网络 (VPN) 连接执行集中式身份验证、授权和记帐。NPS performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VPN) connections. 将 NPS 用作 RADIUS 服务器时,可以将无线访问点和 VPN 服务器等网络访问服务器配置为 NPS 中的 RADIUS 客户端。When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. 也可以配置有关使用 NPS 对连接请求进行授权的网络策略,并且可以配置 RADIUS 记帐,以便 NPS 将记帐信息记录到本地硬盘上或 Microsoft SQL Server 数据库中的日志文件。You also configure network policies that NPS uses to authorize connection requests, and you can configure RADIUS accounting so that NPS logs accounting information to log files on the local hard disk or in a Microsoft SQL Server database. 有关详细信息,请参阅RADIUS 服务器For more information, see RADIUS server.
  • RADIUS 代理RADIUS proxy. 将 NPS 用作 RADIUS 代理时,可以配置连接请求策略,通知 NPS 要将哪些连接请求转发到其他 RADIUS 服务器,以及要将连接请求转发到哪些 RADIUS 服务器。When you use NPS as a RADIUS proxy, you configure connection request policies that tell the NPS which connection requests to forward to other RADIUS servers and to which RADIUS servers you want to forward connection requests. 也可以配置 NPS,以转发将由远程 RADIUS 服务器组中的一台或多台计算机记录的记帐数据。You can also configure NPS to forward accounting data to be logged by one or more computers in a remote RADIUS server group. 若要将 NPS 配置为 RADIUS 代理服务器,请参阅以下主题。To configure NPS as a RADIUS proxy server, see the following topics. 有关详细信息,请参阅RADIUS 代理For more information, see RADIUS proxy.
  • RADIUS 记帐RADIUS accounting. 你可以配置 NPS,以将事件记录到本地日志文件或 Microsoft SQL Server 的本地或远程实例。You can configure NPS to log events to a local log file or to a local or remote instance of Microsoft SQL Server. 有关详细信息,请参阅NPS 日志记录For more information, see NPS logging.

重要

( ) Windows Server 2012 R2 中已弃用网络访问保护 NAP、健康注册机构 ( HRA ) 和主机凭据授权协议 ( HCAP ) ,但在 windows server 2016 中不可用。Network Access Protection (NAP), Health Registration Authority (HRA), and Host Credential Authorization Protocol (HCAP) were deprecated in Windows Server 2012 R2, and are not available in Windows Server 2016. 如果使用早于 Windows Server 2016 的操作系统进行 NAP 部署,则不能将 NAP 部署迁移到 Windows Server 2016。If you have a NAP deployment using operating systems earlier than Windows Server 2016, you cannot migrate your NAP deployment to Windows Server 2016.

可以将 NPS 配置为具有这些功能的任意组合。You can configure NPS with any combination of these features. 例如,你可以将一个 NPS 配置为用于 VPN 连接的 RADIUS 服务器,并将另一个 NPS 配置为 RADIUS 代理,以便将某些连接请求转发到远程 RADIUS 服务器组的成员,以便在另一个域中进行身份验证和授权。For example, you can configure one NPS as a RADIUS server for VPN connections and also as a RADIUS proxy to forward some connection requests to members of a remote RADIUS server group for authentication and authorization in another domain.

Windows Server 版本和 NPSWindows Server Editions and NPS

NPS 提供不同的功能,具体取决于你安装的 Windows Server 的版本。NPS provides different functionality depending on the edition of Windows Server that you install.

Windows Server 2016 或 Windows Server 2019 Standard/Datacenter EditionWindows Server 2016 or Windows Server 2019 Standard/Datacenter Edition

使用 Windows Server 2016 Standard 或 Datacenter 中的 NPS,可以配置无限数量的 RADIUS 客户端和远程 RADIUS 服务器组。With NPS in Windows Server 2016 Standard or Datacenter, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. 此外,你还可通过指定一个 IP 地址范围来配置 RADIUS 客户端。In addition, you can configure RADIUS clients by specifying an IP address range.

备注

使用服务器核心安装选项安装的系统上的 "WIndows 网络策略和访问服务" 功能不可用。The WIndows Network Policy and Access Services feature is not available on systems installed with a Server Core installation option.

以下各节提供有关 NPS 的更详细信息,如 RADIUS 服务器和代理。The following sections provide more detailed information about NPS as a RADIUS server and proxy.

RADIUS 服务器和代理RADIUS server and proxy

可以将 NPS 用作 RADIUS 服务器、RADIUS 代理或同时使用这两者。You can use NPS as a RADIUS server, a RADIUS proxy, or both.

RADIUS 服务器RADIUS server

NPS 是由 Internet 工程任务强制 ( IETF ) 在 rfc 2865 和2866中指定的 RADIUS 标准的 Microsoft 实现。NPS is the Microsoft implementation of the RADIUS standard specified by the Internet Engineering Task Force (IETF) in RFCs 2865 and 2866. 作为 RADIUS 服务器,NPS 对许多类型的网络访问执行集中式连接身份验证、授权和记帐,包括无线、身份验证交换机、拨号和虚拟专用网络 ( VPN ) 远程访问以及路由器到路由器的连接。As a RADIUS server, NPS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless, authenticating switch, dial-up and virtual private network (VPN) remote access, and router-to-router connections.

备注

有关将 NPS 部署为 RADIUS 服务器的信息,请参阅部署网络策略服务器For information on deploying NPS as a RADIUS server, see Deploy Network Policy Server.

NPS 支持使用一组异类无线、交换机、远程访问或 VPN 设备。NPS enables the use of a heterogeneous set of wireless, switch, remote access, or VPN equipment. 可以将 NPS 用于远程访问服务,该服务在 Windows Server 2016 中提供。You can use NPS with the Remote Access service, which is available in Windows Server 2016.

NPS 使用 Active Directory 域服务 ( AD DS ) 域或本地安全帐户管理器 (SAM) 用户帐户数据库对用户凭据进行连接尝试身份验证。NPS uses an Active Directory Domain Services (AD DS) domain or the local Security Accounts Manager (SAM) user accounts database to authenticate user credentials for connection attempts. 当运行 NPS 的服务器是 AD DS 域的成员时,NPS 将目录服务用作其用户帐户数据库,并且是单一登录解决方案的一部分。When a server running NPS is a member of an AD DS domain, NPS uses the directory service as its user account database and is part of a single sign-on solution. 同一组凭据用于网络访问控制 ( 身份验证和授权对网络的访问 ) 并登录到 AD DS 域。The same set of credentials is used for network access control (authenticating and authorizing access to a network) and to log on to an AD DS domain.

备注

NPS 使用用户帐户的拨入属性和网络策略对连接授权。NPS uses the dial-in properties of the user account and network policies to authorize a connection.

Internet 服务提供 ( 商 ) 无论使用哪种类型的网络访问设备,都可以从单一管理点管理所有类型的网络访问,从而增加了管理网络访问权限所面临的挑战。Internet service providers (ISPs) and organizations that maintain network access have the increased challenge of managing all types of network access from a single point of administration, regardless of the type of network access equipment used. RADIUS 标准在同类和异类环境中都支持该功能。The RADIUS standard supports this functionality in both homogeneous and heterogeneous environments. RADIUS 是一种客户端-服务器协议,使得网络访问设备(用作 RADIUS 客户端)可以向 RADIUS 服务器提交身份验证和记帐请求。RADIUS is a client-server protocol that enables network access equipment (used as RADIUS clients) to submit authentication and accounting requests to a RADIUS server.

RADIUS 服务器具有对用户帐户信息的访问权限,并可以检查网络访问身份验证凭据。A RADIUS server has access to user account information and can check network access authentication credentials. 如果对用户凭据进行了身份验证并且连接尝试获得授权,则 RADIUS 服务器会根据指定的条件授权用户访问,然后将网络访问连接记录到一个记帐日志中。If user credentials are authenticated and the connection attempt is authorized, the RADIUS server authorizes user access on the basis of specified conditions, and then logs the network access connection in an accounting log. 使用 RADIUS 允许在一个中心位置(而不是在每台访问服务器上)收集并维护网络访问用户身份验证、授权和记帐数据。The use of RADIUS allows the network access user authentication, authorization, and accounting data to be collected and maintained in a central location, rather than on each access server.

将 NPS 用作 RADIUS 服务器Using NPS as a RADIUS server

在以下情况下,您可以使用 NPS 作为 RADIUS 服务器:You can use NPS as a RADIUS server when:

  • 你使用的是 AD DS 域或本地 SAM 用户帐户数据库作为访问客户端的用户帐户数据库。You are using an AD DS domain or the local SAM user accounts database as your user account database for access clients.
  • 你使用的是多个拨号服务器、VPN 服务器或请求拨号路由器上的远程访问,并且你希望同时集中网络策略的配置以及连接日志记录和记帐。You are using Remote Access on multiple dial-up servers, VPN servers, or demand-dial routers and you want to centralize both the configuration of network policies and connection logging and accounting.
  • 您正在向服务提供商外购拨号、VPN 或无线访问。You are outsourcing your dial-up, VPN, or wireless access to a service provider. 访问服务器使用 RADIUS 对您所在组织的成员建立的连接进行身份验证和授权。The access servers use RADIUS to authenticate and authorize connections that are made by members of your organization.
  • 您要对一组不同种类的访问服务器集中进行身份验证、授权和记帐。You want to centralize authentication, authorization, and accounting for a heterogeneous set of access servers.

下图显示了将 NPS 用作各种访问客户端的 RADIUS 服务器。The following illustration shows NPS as a RADIUS server for a variety of access clients.

作为 RADIUS 服务器的 NPS

RADIUS 代理RADIUS proxy

作为 RADIUS 代理,NPS 将身份验证和记帐消息转发到 NPS 和其他 RADIUS 服务器。As a RADIUS proxy, NPS forwards authentication and accounting messages to NPS and other RADIUS servers. 可以将 NPS 用作 RADIUS 代理,以便在 RADIUS 客户端( ( 也称为网络访问服务器)和 radius 服务器之间路由 radius 消息,以便 ) 为连接尝试执行用户身份验证、授权和记帐。You can use NPS as a RADIUS proxy to provide the routing of RADIUS messages between RADIUS clients (also called network access servers) and RADIUS servers that perform user authentication, authorization, and accounting for the connection attempt.

当用作 RADIUS 代理时,NPS 是一个中央切换点或路由点,其中 RADIUS 访问和记帐消息从中流过。When used as a RADIUS proxy, NPS is a central switching or routing point through which RADIUS access and accounting messages flow. NPS 将被转发的消息的有关信息记录在记帐日志中。NPS records information in an accounting log about the messages that are forwarded.

将 NPS 用作 RADIUS 代理Using NPS as a RADIUS proxy

出现以下情况,可以将 NPS 用作 RADIUS 代理:You can use NPS as a RADIUS proxy when:

  • 你是向多个客户提供外包拨号、VPN 或无线网络访问服务的服务提供商。You are a service provider who offers outsourced dial-up, VPN, or wireless network access services to multiple customers. 你的 Nas 将连接请求发送到 NPS RADIUS 代理。Your NASs send connection requests to the NPS RADIUS proxy. NPS RADIUS 代理根据连接请求中的用户名的领域部分,将连接请求转发到客户维持的 RADIUS 服务器,并可以对连接尝试进行身份验证和授权。Based on the realm portion of the user name in the connection request, the NPS RADIUS proxy forwards the connection request to a RADIUS server that is maintained by the customer and can authenticate and authorize the connection attempt.
  • 您希望为用户帐户提供身份验证和授权,这些用户帐户不是 NPS 所属域的成员,也不是与 NPS 所属的域具有双向信任关系的另一个域。You want to provide authentication and authorization for user accounts that are not members of either the domain in which the NPS is a member or another domain that has a two-way trust with the domain in which the NPS is a member. 这包括未受信任域、单向受信任域和其他林中的帐户。This includes accounts in untrusted domains, one-way trusted domains, and other forests. 不是将访问服务器配置为将其连接请求发送到 NPS RADIUS 服务器,而是将它们配置为将其连接请求发送到 NPS RADIUS 代理。Instead of configuring your access servers to send their connection requests to an NPS RADIUS server, you can configure them to send their connection requests to an NPS RADIUS proxy. NPS RADIUS 代理使用用户名的领域名称部分,并将请求转发到正确域或林中的 NPS。The NPS RADIUS proxy uses the realm name portion of the user name and forwards the request to an NPS in the correct domain or forest. 在一个域或林中的用户帐户的连接尝试可以在另一个域或林中为 Nas 进行身份验证。Connection attempts for user accounts in one domain or forest can be authenticated for NASs in another domain or forest.
  • 您希望使用不是 Windows 帐户数据库的数据库执行身份验证和授权。You want to perform authentication and authorization by using a database that is not a Windows account database. 在这种情况下,与指定领域名称匹配的连接请求转发到 RADIUS 服务器,后者拥有对不同用户帐户和授权数据数据库的访问权限。In this case, connection requests that match a specified realm name are forwarded to a RADIUS server, which has access to a different database of user accounts and authorization data. 其他用户数据库示例包括 Novell Directory Services (NDS) 和结构化查询语言 (SQL) 数据库。Examples of other user databases include Novell Directory Services (NDS) and Structured Query Language (SQL) databases.
  • 您希望处理大量连接请求。You want to process a large number of connection requests. 在这种情况下,可以不将 RADIUS 客户端配置为尝试跨多个 RADIUS 服务器平衡其连接和记帐请求,而将它们配置为将其连接和记帐请求发送到 NPS RADIUS 代理。In this case, instead of configuring your RADIUS clients to attempt to balance their connection and accounting requests across multiple RADIUS servers, you can configure them to send their connection and accounting requests to an NPS RADIUS proxy. NPS RADIUS 代理动态地平衡跨多个 RADIUS 服务器的连接和记帐请求负载,并增加每秒处理的大量 RADIUS 客户端和身份验证数。The NPS RADIUS proxy dynamically balances the load of connection and accounting requests across multiple RADIUS servers and increases the processing of large numbers of RADIUS clients and authentications per second.
  • 您希望向外包服务提供商提供 RADIUS 身份验证和授权,并最大限度减少 Intranet 防火墙配置。You want to provide RADIUS authentication and authorization for outsourced service providers and minimize intranet firewall configuration. Intranet 防火墙介于外围网络(Intranet 和 Internet 之间的网络)和 Intranet 之间。An intranet firewall is between your perimeter network (the network between your intranet and the Internet) and intranet. 通过在外围网络中放置 NPS,外围网络和 intranet 之间的防火墙必须允许流量在 NPS 和多个域控制器之间流动。By placing an NPS on your perimeter network, the firewall between your perimeter network and intranet must allow traffic to flow between the NPS and multiple domain controllers. 通过将 NPS 替换为 NPS 代理,防火墙必须仅允许在 NPS 代理和 intranet 中的一个或多个 NPSs 之间流动 RADIUS 流量。By replacing the NPS with an NPS proxy, the firewall must allow only RADIUS traffic to flow between the NPS proxy and one or multiple NPSs within your intranet.

下图显示了 NPS 作为 radius 客户端和 RADIUS 服务器之间的 RADIUS 代理。The following illustration shows NPS as a RADIUS proxy between RADIUS clients and RADIUS servers.

作为 RADIUS 代理的 NPS

使用 NPS,各组织还可以在保留对用户身份验证、授权和记帐活动控制的同时,将远程访问基础结构外包给服务提供商。With NPS, organizations can also outsource remote access infrastructure to a service provider while retaining control over user authentication, authorization, and accounting.

可以为下列方案创建 NPS 配置:NPS configurations can be created for the following scenarios:

  • 无线访问Wireless access
  • 组织拨号或虚拟专用网络 (VPN) 远程访问Organization dial-up or virtual private network (VPN) remote access
  • 外包拨号或无线访问Outsourced dial-up or wireless access
  • Internet 访问权限Internet access
  • 对业务合作伙伴 Extranet 资源的经过身份验证的访问Authenticated access to extranet resources for business partners

RADIUS 服务器和 RADIUS 代理配置示例RADIUS server and RADIUS proxy configuration examples

以下配置示例演示如何将 NPS 配置成 RADIUS 服务器和 RADIUS 代理。The following configuration examples demonstrate how you can configure NPS as a RADIUS server and a RADIUS proxy.

作为 RADIUS 服务器的 NPSNPS as a RADIUS server. 在此示例中,NPS 配置为 RADIUS 服务器,默认连接请求策略是唯一配置的策略,所有连接请求均由本地 NPS 处理。In this example, NPS is configured as a RADIUS server, the default connection request policy is the only configured policy, and all connection requests are processed by the local NPS. NPS 可以对其帐户位于 NPS 域和受信任域中的用户进行身份验证和授权。The NPS can authenticate and authorize users whose accounts are in the domain of the NPS and in trusted domains.

作为 RADIUS 代理的 NPSNPS as a RADIUS proxy. 在此示例中,NPS 配置为 RADIUS 代理,用于将连接请求转发到两个不受信任的域中的远程 RADIUS 服务器组。In this example, the NPS is configured as a RADIUS proxy that forwards connection requests to remote RADIUS server groups in two untrusted domains. 将删除默认连接请求策略,并创建两个新的连接请求策略,以将请求转发到两个不受信任的域中的每个域。The default connection request policy is deleted, and two new connection request policies are created to forward requests to each of the two untrusted domains. 在此示例中,NPS 不处理本地服务器上的任何连接请求。In this example, NPS does not process any connection requests on the local server.

NPS 同时作为 radius 服务器和 radius 代理NPS as both RADIUS server and RADIUS proxy. 除了可以指定在本地处理连接请求的默认连接请求策略之外,还创建了一个新的连接请求策略,以将连接请求转发到未受信任域中的 NPS 或其他 RADIUS 服务器。In addition to the default connection request policy, which designates that connection requests are processed locally, a new connection request policy is created that forwards connection requests to an NPS or other RADIUS server in an untrusted domain. 此处的第二个策略命名为代理策略。This second policy is named the Proxy policy. 在此示例中,代理策略首先出现在策略的有序列表中。In this example, the Proxy policy appears first in the ordered list of policies. 如果连接请求与代理策略相匹配,则会将连接请求转发到远程 RADIUS 服务器组中的 RADIUS 服务器。If the connection request matches the Proxy policy, the connection request is forwarded to the RADIUS server in the remote RADIUS server group. 如果连接请求与代理策略不匹配,但与默认连接请求策略相匹配,则 NPS 会处理本地服务器上的连接请求。If the connection request does not match the Proxy policy but does match the default connection request policy, NPS processes the connection request on the local server. 如果连接请求与任一策略不匹配,则丢弃该连接请求。If the connection request does not match either policy, it is discarded.

使用远程记帐服务器作为 RADIUS 服务器的 NPSNPS as a RADIUS server with remote accounting servers. 在此示例中,未将本地 NPS 配置为执行记帐,并修改了默认连接请求策略,以便将 RADIUS 记帐消息转发到远程 RADIUS 服务器组中的 NPS 或其他 RADIUS 服务器。In this example, the local NPS is not configured to perform accounting and the default connection request policy is revised so that RADIUS accounting messages are forwarded to an NPS or other RADIUS server in a remote RADIUS server group. 尽管转发记帐消息,但不会转发身份验证和授权消息,并且本地 NPS 将为本地域和所有受信任域执行这些功能。Although accounting messages are forwarded, authentication and authorization messages are not forwarded, and the local NPS performs these functions for the local domain and all trusted domains.

具有远程 RADIUS 到 Windows 用户映射的 NPSNPS with remote RADIUS to Windows user mapping. 在此示例中,通过将身份验证请求转发到远程 RADIUS 服务器,并同时使用本地 Windows 用户帐户进行授权,NPS 同时充当了每个单个连接请求的 RADIUS 服务器和 RADIUS 代理。In this example, NPS acts as both a RADIUS server and as a RADIUS proxy for each individual connection request by forwarding the authentication request to a remote RADIUS server while using a local Windows user account for authorization. 通过将“远程 RADIUS 到 Windows 用户映射”属性配置为连接请求策略的条件,从而实现此配置。This configuration is implemented by configuring the Remote RADIUS to Windows User Mapping attribute as a condition of the connection request policy. (此外,必须在 RADIUS 服务器上以本地方式创建一个用户帐户,该服务器与远程用户帐户具有相同的名称,远程 RADIUS 服务器针对该帐户执行身份验证。)(In addition, a user account must be created locally on the RADIUS server that has the same name as the remote user account against which authentication is performed by the remote RADIUS server.)

配置Configuration

若要将 NPS 配置为 RADIUS 服务器,你可以在 NPS 控制台或服务器管理器中使用标准配置或高级配置。To configure NPS as a RADIUS server, you can use either standard configuration or advanced configuration in the NPS console or in Server Manager. 若要将 NPS 配置为 RADIUS 代理,则必须使用高级配置。To configure NPS as a RADIUS proxy, you must use advanced configuration.

标准配置Standard configuration

使用标准配置将提供向导,有助于针对以下方案配置 NPS:With standard configuration, wizards are provided to help you configure NPS for the following scenarios:

  • 用于拨号或 VPN 连接的 RADIUS 服务器RADIUS server for dial-up or VPN connections
  • 用于 802.1X 无线或有线连接的 RADIUS 服务器RADIUS server for 802.1X wireless or wired connections

若要使用向导配置 NPS,请打开 NPS 控制台,选择上述方案之一,然后单击打开向导的链接。To configure NPS using a wizard, open the NPS console, select one of the preceding scenarios, and then click the link that opens the wizard.

高级配置Advanced configuration

使用高级配置时,将 NPS 手动配置为 RADIUS 服务器或 RADIUS 代理。When you use advanced configuration, you manually configure NPS as a RADIUS server or RADIUS proxy.

若要使用高级配置来配置 NPS,请打开 NPS 控制台,然后单击 "高级配置" 旁边的箭头以展开此部分。To configure NPS by using advanced configuration, open the NPS console, and then click the arrow next to Advanced Configuration to expand this section.

将提供以下高级配置项。The following advanced configuration items are provided.

配置 RADIUS 服务器Configure RADIUS server

若要将 NPS 配置为 RADIUS 服务器,您必须配置 RADIUS 客户端、网络策略和 RADIUS 记帐。To configure NPS as a RADIUS server, you must configure RADIUS clients, network policy, and RADIUS accounting.

有关进行这些配置的说明,请参阅以下主题。For instructions on making these configurations, see the following topics.

配置 RADIUS 代理Configure RADIUS proxy

若要将 NPS 配置为 RADIUS 代理,您必须配置 RADIUS 客户端、远程 RADIUS 服务器组和连接请求策略。To configure NPS as a RADIUS proxy, you must configure RADIUS clients, remote RADIUS server groups, and connection request policies.

有关进行这些配置的说明,请参阅以下主题。For instructions on making these configurations, see the following topics.

NPS 日志记录NPS logging

NPS 日志记录也称为 "RADIUS 记帐"。NPS logging is also called RADIUS accounting. 根据你的需求配置 NPS 日志记录是否将 NPS 用作 RADIUS 服务器、代理或这些配置的任意组合。Configure NPS logging to your requirements whether NPS is used as a RADIUS server, proxy, or any combination of these configurations.

若要配置 NPS 日志记录,必须配置要用事件查看器记录和查看的事件,然后确定要记录的其他信息。To configure NPS logging, you must configure which events you want logged and viewed with Event Viewer, and then determine which other information you want to log. 另外,还必须决定是将用户身份验证和记帐信息记录到本地计算机上存储的文本日志文件中,还是记录到本地计算机或远程计算机的 SQL Server 数据库中。In addition, you must decide whether you want to log user authentication and accounting information to text log files stored on the local computer or to a SQL Server database on either the local computer or a remote computer.

有关详细信息,请参阅配置网络策略服务器记帐For more information, see Configure Network Policy Server Accounting.