設定 RADIUS 戶端Configure RADIUS Clients

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

您可以將網路存取伺服器設定為在 NPS RADIUS 戶端使用本主題。You can use this topic to configure network access servers as RADIUS Clients in NPS.

當您新增新的網路存取伺服器 \(VPN 伺服器,wireless 存取點,驗證切換或撥號 server\)到您的網路,您必須為中 NPS RADIUS client 新增伺服器,然後設定 RADIUS client 具有 NPS 伺服器通訊。When you add a new network access server (VPN server, wireless access point, authenticating switch, or dial-up server) to your network, you must add the server as a RADIUS client in NPS, and then configure the RADIUS client to communicate with the NPS server.

重要

Client 電腦和裝置,例如膝上型電腦、平板電腦、手機與其他執行 client 作業系統的電腦不是 RADIUS 戶端。Client computers and devices, such as laptop computers, tablets, phones, and other computers running client operating systems, are not RADIUS clients. RADIUS 戶端的網路存取伺服器-wireless 存取點,例如 802.1 X 能力切換、virtual 私人網路 (VPN) 伺服器、和撥號伺服器-因為它們可以使用 RADIUS 通訊協定進行通訊 RADIUS 伺服器,例如網路原則伺服器 (NPS) 伺服器。RADIUS clients are network access servers - such as wireless access points, 802.1X-capable switches, virtual private network (VPN) servers, and dial-up servers - because they use the RADIUS protocol to communicate with RADIUS servers, such as Network Policy Server (NPS) servers.

這個步驟也是必要時 NPS 伺服器 NPS proxy 設定遠端 RADIUS 伺服器群組成員。This step is also necessary when your NPS server is a member of a remote RADIUS server group that is configured on an NPS proxy. 您必須在這個情況,除了執行這項工作 NPS proxy 中的步驟執行下列動作:In this circumstance, in addition to performing the steps in this task on the NPS proxy, you must do the following:

  • NPS proxy,設定,其中包含伺服器 NPS RADIUS 遠端伺服器群組。On the NPS proxy, configure a remote RADIUS server group that contains the NPS server.
  • NPS 遠端伺服器,將設定為 RADIUS client 的 NPS proxy。On the remote NPS server, configure the NPS proxy as a RADIUS client.

若要執行此主題中的程序,您必須至少網路存取伺服器 \(VPN 伺服器,wireless 存取點,驗證切換或撥號 server\)或 NPS proxy 實際安裝在您的網路。To perform the procedures in this topic, you must have at least one network access server (VPN server, wireless access point, authenticating switch, or dial-up server) or NPS proxy physically installed on your network.

設定網路的存取伺服器Configure the Network Access Server

若要使用的網路存取伺服器設定具有 NPS 使用此程序。Use this procedure to configure network access servers for use with NPS. 當部署 RADIUS 戶端為網路存取伺服器 (Nas) 時,您必須設定戶端與 Nas 位置設定為戶端 NPS 伺服器通訊。When you deploy network access servers (NASs) as RADIUS clients, you must configure the clients to communicate with the NPS servers where the NASs are configured as clients.

此程序提供相關的設定,您應該使用它們來設定您 Nas; 一般指導方針適用於特定如何設定您的部署您網路的裝置上的指示,請查看您 NAS product 文件。This procedure provides general guidelines about the settings you should use to configure your NASs; for specific instructions on how to configure the device you are deploying on your network, see your NAS product documentation.

若要設定的網路存取伺服器To configure the network access server

  1. 在 NAS,在RADIUS 設定,請選取RADIUS 驗證使用者資料流通訊協定 (UDP) 連接埠1812 年RADIUS 計量UDP 連接埠1813 年On the NAS, in RADIUS settings, select RADIUS authentication on User Datagram Protocol (UDP) port 1812 and RADIUS accounting on UDP port 1813.
  2. 驗證伺服器RADIUS 伺服器,指定 IP 位址或視需求 NAS 的完整的網域名稱 (FQDN),您 NPS 伺服器。In Authentication server or RADIUS server, specify your NPS server by IP address or fully qualified domain name (FQDN), depending on the requirements of the NAS.
  3. 密碼共用密碼,輸入穩固密碼。In Secret or Shared secret, type a strong password. 當您 NAS 設定為在 NPS RADIUS client 時,您將會使用相同的密碼,所以不要忘記。When you configure the NAS as a RADIUS client in NPS, you will use the same password, so do not forget it.
  4. 如果您使用 PEAP 或 EAP 的驗證方法、設定使用 EAP 驗證 NAS。If you are using PEAP or EAP as an authentication method, configure the NAS to use EAP authentication.
  5. 如果您設定一個 wireless 存取點,在SSID,指定服務設定識別碼 (SSID),也就是英數字串做為的網路名稱。If you are configuring a wireless access point, in SSID, specify a Service Set Identifier (SSID), which is an alphanumeric string that serves as the network name. 此名稱存取點來廣播 wireless 用戶端,而且會顯示在您 wireless 精確度 (Wi-Fi) 熱點的使用者。This name is broadcast by access points to wireless clients and is visible to users at your wireless fidelity (Wi-Fi) hotspots.
  6. 如果您設定一個 wireless 存取點,在802.1 X WPA 和,讓IEEE 802.1 X 驗證如果您想要部署 PEAP MS-CHAP v2、PEAP-TLS 或 EAP-TLS。If you are configuring a wireless access point, in 802.1X and WPA, enable IEEE 802.1X authentication if you want to deploy PEAP-MS-CHAP v2, PEAP-TLS, or EAP-TLS.

新增為中 NPS RADIUS Client 的網路存取伺服器Add the Network Access Server as a RADIUS Client in NPS

您可以使用此程序,以在 NPS RADIUS client 新增網路存取伺服器。Use this procedure to add a network access server as a RADIUS client in NPS. 您可以使用此程序使用主機 NPS RADIUS client 為設定 NAS。You can use this procedure to configure a NAS as a RADIUS client by using the NPS console.

若要完成此程序,您必須成員的系統管理員群組。To complete this procedure, you must be a member of the Administrators group.

新增為中 NPS RADIUS client 的網路存取伺服器To add a network access server as a RADIUS client in NPS

  1. NPS 伺服器,在伺服器管理員中,按一下 [工具,然後按一下 [的網路原則伺服器On the NPS server, in Server Manager, click Tools, and then click Network Policy Server. NPS 主控台開啟。The NPS console opens.
  2. 在 [NPS 主控台中,按兩下 [ RADIUS 戶端與伺服器]In the NPS console, double-click RADIUS Clients and Servers. 以滑鼠右鍵按一下RADIUS 戶端,然後按新 RADIUS ClientRight-click RADIUS Clients, and then click New RADIUS Client.
  3. 新 RADIUS Client,確認可讓這個 RADIUS client核取方塊。In New RADIUS Client, verify that the Enable this RADIUS client check box is selected.
  4. 新 RADIUS Client,請在的易記名稱,輸入 NAS 顯示的名稱。In New RADIUS Client, in Friendly name, type a display name for the NAS. (IP 或 DNS)的位址,輸入 NAS IP 位址或完整的網域名稱 (FQDN)。In Address (IP or DNS), type the NAS IP address or fully qualified domain name (FQDN). 如果您輸入 FQDN,請按一下確認如果您想要確認名稱正確對應至有效的 IP 位址。If you enter the FQDN, click Verify if you want to verify that the name is correct and maps to a valid IP address.
  5. 新 RADIUS Client,請在廠商,指定 NAS 製造商名稱。In New RADIUS Client, in Vendor, specify the NAS manufacturer name. 如果您不確定 NAS 製造商名稱,請選取RADIUS 標準If you are not sure of the NAS manufacturer name, select RADIUS standard.
  6. 新 RADIUS Client,請在共用密碼,執行下列其中一個動作:In New RADIUS Client, in Shared secret, do one of the following:
    • 確認手動已選取,然後在共用密碼,輸入長,這也 NAS 上輸入密碼。Ensure that Manual is selected, and then in Shared secret, type the strong password that is also entered on the NAS. 共用的密碼中重新輸入確認共用的密碼Retype the shared secret in Confirm shared secret.
    • 選取 [產生,然後按一下 [產生來自動產生共用的密碼。Select Generate, and then click Generate to automatically generate a shared secret. 儲存 NAS 上產生共用設定密碼,它可以具有 NPS 伺服器通訊。Save the generated shared secret for configuration on the NAS so that it can communicate with the NPS server.
  7. 新 RADIUS Client,請在的其他選項,如果您正在使用 EAP 和 PEAP,以外的任何驗證方法,如果您 NAS 支援使用訊息 authenticator 屬性,選取存取要求郵件必須包含訊息 Authenticator 屬性In New RADIUS Client, in Additional Options, if you are using any authentication methods other than EAP and PEAP, and if your NAS supports use of the message authenticator attribute, select Access Request messages must contain the Message Authenticator attribute.
  8. 按一下[確定]Click OK. 您 NAS 會出現在清單中的設定伺服器 NPS RADIUS 用。Your NAS appears in the list of RADIUS clients configured on the NPS server.

在 Windows Server 2016 Datacenter 設定 RADIUS 戶端的 IP 位址Configure RADIUS Clients by IP Address Range in Windows Server 2016 Datacenter

如果您執行 Windows Server 2016 Datacenter,您可以設定中 NPS RADIUS 戶端的 ip。If you are running Windows Server 2016 Datacenter, you can configure RADIUS clients in NPS by IP address range. 這可讓您加入大量的 RADIUS 用(例如 wireless 存取點)NPS 主控台一次,而不是將每個 RADIUS client 排列。This allows you to add a large number of RADIUS clients (such as wireless access points) to the NPS console at one time, rather than adding each RADIUS client individually.

如果您在 Windows Server 2016 標準執行 NPS,您無法透過 IP 位址設定 RADIUS 戶端。You cannot configure RADIUS clients by IP address range if you are running NPS on Windows Server 2016 Standard.

使用此程序群組的網路存取伺服器 (Nas) 新增為 RADIUS 戶端設定具有相同的 IP 位址範圍的 IP 位址。Use this procedure to add a group of network access servers (NASs) as RADIUS clients that are all configured with IP addresses from the same IP address range.

所有的範圍中 RADIUS 用必須使用相同的設定和共用的密碼。All of the RADIUS clients in the range must use the same configuration and shared secret.

若要完成此程序,您必須成員的系統管理員群組。To complete this procedure, you must be a member of the Administrators group.

透過 ip RADIUS 戶端設定To set up RADIUS clients by IP address range

  1. NPS 伺服器,在伺服器管理員中,按一下 [工具,然後按一下 [的網路原則伺服器On the NPS server, in Server Manager, click Tools, and then click Network Policy Server. NPS 主控台開啟。The NPS console opens.
  2. 在 [NPS 主控台中,按兩下 [ RADIUS 戶端與伺服器]In the NPS console, double-click RADIUS Clients and Servers. 以滑鼠右鍵按一下RADIUS 戶端,然後按新 RADIUS ClientRight-click RADIUS Clients, and then click New RADIUS Client.
  3. 新 RADIUS Client,請在的易記名稱,輸入顯示名稱的 Nas 的收藏。In New RADIUS Client, in Friendly name, type a display name for the collection of NASs.
  4. 位址 (IP or DNS),輸入 IP 位址範圍 RADIUS 戶端使用無類別間網域路由 (CIDR) 記號。In Address (IP or DNS), type the IP address range for the RADIUS clients by using Classless Inter-Domain Routing (CIDR) notation. 例如,如果 10.10.0.0 Nas 的 IP 位址範圍,輸入10.10.0.0/16For example, if the IP address range for the NASs is 10.10.0.0, type 10.10.0.0/16.
  5. 新 RADIUS Client,請在廠商,指定 NAS 製造商名稱。In New RADIUS Client, in Vendor, specify the NAS manufacturer name. 如果您不確定 NAS 製造商名稱,請選取RADIUS 標準If you are not sure of the NAS manufacturer name, select RADIUS standard.
  6. 新 RADIUS Client,請在共用密碼,執行下列其中一個動作:In New RADIUS Client, in Shared secret, do one of the following:
    • 確認手動已選取,然後在共用密碼,輸入長,這也 NAS 上輸入密碼。Ensure that Manual is selected, and then in Shared secret, type the strong password that is also entered on the NAS. 共用的密碼中重新輸入確認共用的密碼Retype the shared secret in Confirm shared secret.
    • 選取 [產生,然後按一下 [產生來自動產生共用的密碼。Select Generate, and then click Generate to automatically generate a shared secret. 儲存 NAS 上產生共用設定密碼,它可以具有 NPS 伺服器通訊。Save the generated shared secret for configuration on the NAS so that it can communicate with the NPS server.
  7. 新 RADIUS Client,請在的其他選項,如果您使用任何 EAP 和 PEAP,以外的驗證方法,如果您 Nas 的所有支援使用訊息 authenticator 屬性,選取 [存取要求郵件必須包含訊息 Authenticator 屬性In New RADIUS Client, in Additional Options, if you are using any authentication methods other than EAP and PEAP, and if all of your NASs support use of the message authenticator attribute, select Access Request messages must contain the Message Authenticator attribute.
  8. 按一下[確定]Click OK. 您 Nas 會出現在清單中的設定伺服器 NPS RADIUS 用。Your NASs appear in the list of RADIUS clients configured on the NPS server.

如需詳細資訊,請查看RADIUS 戶端For more information, see RADIUS Clients.

如需 NPS 的詳細資訊,請查看的網路原則 Server (NPS)For more information about NPS, see Network Policy Server (NPS).