網路原則伺服器 (NPS)Network Policy Server (NPS)

適用於:Windows Server (半年通道),Windows Server 2016 中,Windows Server 2019Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2019

如需在 Windows Server 2016 和 Windows Server 2019 的網路原則伺服器的概觀,您可以使用本主題。You can use this topic for an overview of Network Policy Server in Windows Server 2016 and Windows Server 2019. 當您在 Windows Server 2016 和 Server 2019 安裝網路原則與存取服務 (NPAS) 功能時,會安裝 NPS。NPS is installed when you install the Network Policy and Access Services (NPAS) feature in Windows Server 2016 and Server 2019.

網路原則伺服器 (NPS) 可讓您建立並執行全組織網路存取原則,以用於連線要求驗證與授權。Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for connection request authentication and authorization.

您也可以設定 NPS 做為遠端驗證撥號使用者服務 (RADIUS) proxy,將連線要求轉送到遠端 NPS 或是其他 RADIUS 伺服器,以便您可以連接的要求負載平衡,並將它們轉送至正確的網域進行驗證和授權。You can also configure NPS as a Remote Authentication Dial-In User Service (RADIUS) proxy to forward connection requests to a remote NPS or other RADIUS server so that you can load balance connection requests and forward them to the correct domain for authentication and authorization.

NPS 可讓您集中設定和管理網路存取驗證、 授權和帳戶處理下列功能:NPS allows you to centrally configure and manage network access authentication, authorization, and accounting with the following features:

  • RADIUS 伺服器RADIUS server. NPS 會執行集中化的驗證、 授權和帳戶處理為無線、 驗證交換器、 遠端存取撥號和虛擬私人網路 (VPN) 連線。NPS performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VPN) connections. 當您使用 NPS 做為 RADIUS 伺服器時,可以設定網路存取伺服器 (例如無線存取點與 VPN 伺服器) 做為 NPS 中的 RADIUS 用戶端。When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. 您也可以設定 NPS 用來授權連線要求的網路原則,並且可以設定 RADIUS 帳戶處理,讓 NPS 將計量資訊記錄到本機硬碟上或 Microsoft SQL Server 資料庫中的記錄檔。You also configure network policies that NPS uses to authorize connection requests, and you can configure RADIUS accounting so that NPS logs accounting information to log files on the local hard disk or in a Microsoft SQL Server database. 如需詳細資訊,請參閱 < RADIUS 伺服器For more information, see RADIUS server.
  • RADIUS proxyRADIUS proxy. 當您使用 NPS 做為 RADIUS proxy 時,您會設定連線要求原則,告訴哪些連線要求轉送到其他 RADIUS 伺服器,以及哪些 RADIUS 伺服器,您想要將連線要求轉送到 NPS。When you use NPS as a RADIUS proxy, you configure connection request policies that tell the NPS which connection requests to forward to other RADIUS servers and to which RADIUS servers you want to forward connection requests. 您也可以設定 NPS 轉送要由遠端 RADIUS 伺服器群組中一或多部電腦記錄的計量資料。You can also configure NPS to forward accounting data to be logged by one or more computers in a remote RADIUS server group. 若要設定 NPS 做為 RADIUS proxy 伺服器,請參閱下列主題。To configure NPS as a RADIUS proxy server, see the following topics. 如需詳細資訊,請參閱 < RADIUS proxyFor more information, see RADIUS proxy.
  • RADIUS 帳戶處理RADIUS accounting. 您可以設定 NPS 事件記錄到本機記錄檔或 Microsoft SQL Server 的本機或遠端執行個體。You can configure NPS to log events to a local log file or to a local or remote instance of Microsoft SQL Server. 如需詳細資訊,請參閱 < NPS 記錄For more information, see NPS logging.

重要

網路存取保護(NAP),健康情況登錄授權單位(HRA),以及主機認證授權通訊協定(HCAP) Windows Server 2012 R2 中已被取代和 Windows Server 2016 中無法使用。Network Access Protection (NAP), Health Registration Authority (HRA), and Host Credential Authorization Protocol (HCAP) were deprecated in Windows Server 2012 R2, and are not available in Windows Server 2016. 如果您有稍早於 Windows Server 2016 使用作業系統的 NAP 部署,您無法移轉至 Windows Server 2016 的 NAP 部署。If you have a NAP deployment using operating systems earlier than Windows Server 2016, you cannot migrate your NAP deployment to Windows Server 2016.

您可以使用這些功能的任何組合來設定 NPS。You can configure NPS with any combination of these features. 例如,您可以設定一個 NPS 作為 RADIUS 伺服器進行 VPN 連線,也為 RADIUS proxy 來轉送一些連線要求進行驗證和授權,另一個網域中的遠端 RADIUS 伺服器群組的成員。For example, you can configure one NPS as a RADIUS server for VPN connections and also as a RADIUS proxy to forward some connection requests to members of a remote RADIUS server group for authentication and authorization in another domain.

Windows Server 版本與 NPSWindows Server Editions and NPS

NPS 提供不同的功能,視您安裝的 Windows Server 版本而定。NPS provides different functionality depending on the edition of Windows Server that you install.

Windows Server 2016 或 Windows Server 2019 Standard/Datacenter EditionWindows Server 2016 or Windows Server 2019 Standard/Datacenter Edition

在 Windows Server 2016 Standard 或 Datacenter 中的 nps,您可以設定無限的數量的 RADIUS 用戶端和遠端 RADIUS 伺服器群組。With NPS in Windows Server 2016 Standard or Datacenter, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. 此外,您可以藉由指定一個 IP 位址範圍來設定 RADIUS 用戶端。In addition, you can configure RADIUS clients by specifying an IP address range.

注意

無法使用 Server Core 安裝選項安裝的系統上使用 WIndows 網路原則與存取服務的功能。The WIndows Network Policy and Access Services feature is not available on systems installed with a Server Core installation option.

下列各節提供有關 NPS 為 RADIUS 伺服器和 proxy 的詳細的資訊。The following sections provide more detailed information about NPS as a RADIUS server and proxy.

RADIUS 伺服器和 proxyRADIUS server and proxy

您可以使用 NPS 做為 RADIUS 伺服器、 RADIUS proxy,或兩者。You can use NPS as a RADIUS server, a RADIUS proxy, or both.

RADIUS 伺服器RADIUS server

NPS 是 Microsoft 實作的 RADIUS 標準指定網際網路工程任務推動小組所(IETF) Rfc 2865 與 2866年中。NPS is the Microsoft implementation of the RADIUS standard specified by the Internet Engineering Task Force (IETF) in RFCs 2865 and 2866. 為 RADIUS 伺服器,NPS 會執行集中化的連線驗證、 授權和帳戶處理的許多類型的網路存取權,包括無線、 驗證交換器、 撥號和虛擬私人網路(VPN)遠端存取,以及路由器對路由器連線。As a RADIUS server, NPS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless, authenticating switch, dial-up and virtual private network (VPN) remote access, and router-to-router connections.

注意

如需部署 NPS 做為 RADIUS 伺服器的資訊,請參閱部署的網路原則伺服器For information on deploying NPS as a RADIUS server, see Deploy Network Policy Server.

NPS 可讓您使用異質組的無線、 交換器、 遠端存取或 VPN 設備。NPS enables the use of a heterogeneous set of wireless, switch, remote access, or VPN equipment. 您可以使用 NPS 與遠端存取服務,也就是 Windows Server 2016 中,您可以使用。You can use NPS with the Remote Access service, which is available in Windows Server 2016.

NPS 使用 Active Directory 網域服務(AD DS)網域或本機安全性帳戶管理員 (SAM) 使用者帳戶資料庫來驗證使用者認證,連接嘗試。NPS uses an Active Directory Domain Services (AD DS) domain or the local Security Accounts Manager (SAM) user accounts database to authenticate user credentials for connection attempts. AD DS 網域的成員執行 NPS 的伺服器時,NPS 目錄服務做為其使用者帳戶資料庫,而且是單一登入解決方案的一部分。When a server running NPS is a member of an AD DS domain, NPS uses the directory service as its user account database and is part of a single sign-on solution. 同一組認證用於網路存取控制(驗證和授權存取網路)並登入 AD DS 網域。The same set of credentials is used for network access control (authenticating and authorizing access to a network) and to log on to an AD DS domain.

注意

NPS 使用的撥入內容的使用者帳戶和網路原則來授權連線。NPS uses the dial-in properties of the user account and network policies to authorize a connection.

網際網路服務提供者(Isp)和維護網路存取權的組織有增加的挑戰,可以從單一的管理點,無論何種類型的網路存取權管理所有類型的網路存取使用的設備。Internet service providers (ISPs) and organizations that maintain network access have the increased challenge of managing all types of network access from a single point of administration, regardless of the type of network access equipment used. RADIUS 標準在同質和異質環境中支援這項功能。The RADIUS standard supports this functionality in both homogeneous and heterogeneous environments. RADIUS 是用戶端-伺服器通訊協定,可讓送出驗證和帳戶處理要求至 RADIUS 伺服器的網路存取設備 (當作 RADIUS 用戶端)。RADIUS is a client-server protocol that enables network access equipment (used as RADIUS clients) to submit authentication and accounting requests to a RADIUS server.

RADIUS 伺服器可以存取使用者帳戶資訊,而且可以檢查網路存取驗證認證。A RADIUS server has access to user account information and can check network access authentication credentials. 如果會驗證使用者認證,而且在授權連線嘗試,RADIUS 伺服器會授權使用者存取,根據指定的條件,並再記錄帳戶處理記錄檔中的 網路存取連線。If user credentials are authenticated and the connection attempt is authorized, the RADIUS server authorizes user access on the basis of specified conditions, and then logs the network access connection in an accounting log. 使用 RADIUS 可讓網路存取的使用者驗證、 授權和計量資料收集與保留在中央位置,而不是在每個存取伺服器上。The use of RADIUS allows the network access user authentication, authorization, and accounting data to be collected and maintained in a central location, rather than on each access server.

使用 NPS 做為 RADIUS 伺服器Using NPS as a RADIUS server

您可以使用 NPS 做為 RADIUS 伺服器時:You can use NPS as a RADIUS server when:

  • 您使用 AD DS 網域或本機 SAM 使用者帳戶的資料庫做為您的使用者帳戶資料庫存取用戶端。You are using an AD DS domain or the local SAM user accounts database as your user account database for access clients.
  • 您會使用 「 遠端存取多個撥號伺服器、 VPN 伺服器上,或指定撥號路由器,而您想要集中設定網路原則,並連接記錄和計量。You are using Remote Access on multiple dial-up servers, VPN servers, or demand-dial routers and you want to centralize both the configuration of network policies and connection logging and accounting.
  • 外包您撥號、 VPN 或無線存取的服務提供者。You are outsourcing your dial-up, VPN, or wireless access to a service provider. 存取伺服器會使用 RADIUS 來驗證和授權您組織的成員所建立的連線。The access servers use RADIUS to authenticate and authorize connections that are made by members of your organization.
  • 您想要集中管理驗證、 授權和帳戶處理的一組異質存取伺服器。You want to centralize authentication, authorization, and accounting for a heterogeneous set of access servers.

下圖會顯示各種不同的存取用戶端做為 RADIUS 伺服器的 NPS。The following illustration shows NPS as a RADIUS server for a variety of access clients.

NPS 做為 RADIUS 伺服器

RADIUS ProxyRADIUS proxy

為 RADIUS proxy,NPS 會轉送驗證和帳戶處理訊息到 NPS 與其他 RADIUS 伺服器。As a RADIUS proxy, NPS forwards authentication and accounting messages to NPS and other RADIUS servers. 因為 RADIUS 用戶端之間的 RADIUS proxy,以提供路由的 RADIUS 訊息,您可以使用 NPS(也稱為網路存取伺服器)和執行使用者驗證、 授權和帳戶處理的 RADIUS 伺服器嘗試連線。You can use NPS as a RADIUS proxy to provide the routing of RADIUS messages between RADIUS clients (also called network access servers) and RADIUS servers that perform user authentication, authorization, and accounting for the connection attempt.

使用做為 RADIUS proxy,NPS 會是中央交換或路由點 RADIUS 存取和帳戶管理訊息流程。When used as a RADIUS proxy, NPS is a central switching or routing point through which RADIUS access and accounting messages flow. NPS 記錄帳戶處理記錄檔中的相關資訊會轉送的訊息。NPS records information in an accounting log about the messages that are forwarded.

使用 NPS 做為 RADIUS proxyUsing NPS as a RADIUS proxy

您可以使用 NPS 做為 RADIUS proxy 時:You can use NPS as a RADIUS proxy when:

  • 您是提供委外的撥號、 VPN 或無線網路存取服務給多個客戶的服務提供者。You are a service provider who offers outsourced dial-up, VPN, or wireless network access services to multiple customers. 您的 Nas 會將連接要求傳送到 NPS RADIUS proxy。Your NASs send connection requests to the NPS RADIUS proxy. 根據連線要求中的使用者名稱的領域部分,NPS RADIUS proxy 會轉送連線要求給 RADIUS 伺服器是由客戶維護和可驗證及授權連線嘗試。Based on the realm portion of the user name in the connection request, the NPS RADIUS proxy forwards the connection request to a RADIUS server that is maintained by the customer and can authenticate and authorize the connection attempt.
  • 您想要提供驗證和授權的使用者帳戶不是 NPS 所屬的網域或具有 NPS 所屬的網域具有雙向信任的另一個網域的成員。You want to provide authentication and authorization for user accounts that are not members of either the domain in which the NPS is a member or another domain that has a two-way trust with the domain in which the NPS is a member. 這包括不受信任的網域、 單向受信任的網域和其他樹系中的帳戶。This includes accounts in untrusted domains, one-way trusted domains, and other forests. 而不需要設定您的存取伺服器,以將其連接要求傳送到 NPS RADIUS 伺服器,您可以將其設定為將其連接要求傳送到 NPS RADIUS proxy。Instead of configuring your access servers to send their connection requests to an NPS RADIUS server, you can configure them to send their connection requests to an NPS RADIUS proxy. NPS RADIUS proxy 使用的使用者名稱的領域名稱部分,並將要求轉送至正確的網域或樹系中的 NPS。The NPS RADIUS proxy uses the realm name portion of the user name and forwards the request to an NPS in the correct domain or forest. 一個網域或樹系中的帳戶可以驗證另一個網域或樹系中的 Nas 的使用者嘗試連線。Connection attempts for user accounts in one domain or forest can be authenticated for NASs in another domain or forest.
  • 您想要使用的資料庫,不是 Windows 帳戶資料庫來執行驗證與授權。You want to perform authentication and authorization by using a database that is not a Windows account database. 在此情況下,符合指定的領域名稱的連接要求會轉送給 RADIUS 伺服器,其具有不同的資料庫的使用者帳戶和授權資料的存取權。In this case, connection requests that match a specified realm name are forwarded to a RADIUS server, which has access to a different database of user accounts and authorization data. 其他使用者資料庫的範例包括 Novell 目錄服務 (NDS) 和結構化查詢語言 (SQL) 資料庫。Examples of other user databases include Novell Directory Services (NDS) and Structured Query Language (SQL) databases.
  • 您想要處理大量的連接要求。You want to process a large number of connection requests. 在此情況下,您不需要設定您的 RADIUS 用戶端嘗試在多部 RADIUS 伺服器之間平衡它們的連線與帳戶處理要求,您可以設定它們傳送到 NPS RADIUS proxy 的連線與帳戶處理要求。In this case, instead of configuring your RADIUS clients to attempt to balance their connection and accounting requests across multiple RADIUS servers, you can configure them to send their connection and accounting requests to an NPS RADIUS proxy. NPS RADIUS proxy 會動態地平衡連線的負載和帳戶處理要求到多部 RADIUS 伺服器,並會增加處理的大量 RADIUS 用戶端和每秒的驗證。The NPS RADIUS proxy dynamically balances the load of connection and accounting requests across multiple RADIUS servers and increases the processing of large numbers of RADIUS clients and authentications per second.
  • 您想要提供 RADIUS 驗證與授權給委外的服務提供者和內部網路防火牆設定降到最低。You want to provide RADIUS authentication and authorization for outsourced service providers and minimize intranet firewall configuration. 內部網路防火牆是您的周邊網路 (您的內部網路與網際網路之間的網路) 與內部網路之間。An intranet firewall is between your perimeter network (the network between your intranet and the Internet) and intranet. 藉由在周邊網路上放置 NPS,您的周邊網路與內部網路之間的防火牆必須允許 NPS 與多個網域控制站之間的流量。By placing an NPS on your perimeter network, the firewall between your perimeter network and intranet must allow traffic to flow between the NPS and multiple domain controllers. 如果以 NPS proxy 取代 NPS,防火牆必須允許只有 RADIUS NPS proxy 與內部網路中的一或多個 NPSs 之間流動的流量。By replacing the NPS with an NPS proxy, the firewall must allow only RADIUS traffic to flow between the NPS proxy and one or multiple NPSs within your intranet.

下圖顯示 NPS 做為 RADIUS 用戶端與 RADIUS 伺服器之間的 RADIUS proxy。The following illustration shows NPS as a RADIUS proxy between RADIUS clients and RADIUS servers.

NPS 做為 RADIUS Proxy

利用 NPS,組織也外包給服務提供者的遠端存取基礎結構同時保有使用者驗證、 授權和帳戶處理的控制。With NPS, organizations can also outsource remote access infrastructure to a service provider while retaining control over user authentication, authorization, and accounting.

在下列情況下,可以建立 NPS 設定:NPS configurations can be created for the following scenarios:

  • 無線存取Wireless access
  • 組織撥號或虛擬私人網路 (VPN) 遠端存取Organization dial-up or virtual private network (VPN) remote access
  • 委外的撥號或無線存取Outsourced dial-up or wireless access
  • 網路與網際網路存取Internet access
  • 已驗證的存取協力廠商的外部網路資源Authenticated access to extranet resources for business partners

RADIUS 伺服器與 RADIUS proxy 設定範例RADIUS server and RADIUS proxy configuration examples

下列組態範例示範如何設定 NPS 做為 RADIUS 伺服器與 RADIUS proxy。The following configuration examples demonstrate how you can configure NPS as a RADIUS server and a RADIUS proxy.

NPS 做為 RADIUS 伺服器NPS as a RADIUS server. 在此範例中,NPS 被設定為 RADIUS 伺服器、 預設連線要求原則是唯一的設定的原則,,然後由本機 NPS 處理所有連線要求。In this example, NPS is configured as a RADIUS server, the default connection request policy is the only configured policy, and all connection requests are processed by the local NPS. NPS 可以驗證和授權其帳戶是網域中的 NPS 和受信任網域中的使用者。The NPS can authenticate and authorize users whose accounts are in the domain of the NPS and in trusted domains.

NPS 做為 RADIUS proxyNPS as a RADIUS proxy. 在此範例中,NPS 被設定為 RADIUS proxy,將連線要求轉送到兩個不受信任網域中的遠端 RADIUS 伺服器群組。In this example, the NPS is configured as a RADIUS proxy that forwards connection requests to remote RADIUS server groups in two untrusted domains. 刪除預設連線要求原則,並將要求轉送至每個兩個不受信任的網域建立兩個新的連線要求原則。The default connection request policy is deleted, and two new connection request policies are created to forward requests to each of the two untrusted domains. 在此範例中,NPS 不會處理在本機伺服器上的任何連線要求。In this example, NPS does not process any connection requests on the local server.

NPS 做為 RADIUS 伺服器與 RADIUS proxyNPS as both RADIUS server and RADIUS proxy. 除了預設連線要求原則,指定在本機處理連線要求,被建立新的連線要求原則,將連線要求轉送到 NPS 或其他 RADIUS 伺服器不信任的網域中。In addition to the default connection request policy, which designates that connection requests are processed locally, a new connection request policy is created that forwards connection requests to an NPS or other RADIUS server in an untrusted domain. 此第二個原則稱為 Proxy 原則。This second policy is named the Proxy policy. 在此範例中,Proxy 原則會顯示原則的已排序清單中的第一個。In this example, the Proxy policy appears first in the ordered list of policies. 如果連線要求符合 Proxy 原則,連接要求被轉送到遠端 RADIUS 伺服器群組中的 RADIUS 伺服器。If the connection request matches the Proxy policy, the connection request is forwarded to the RADIUS server in the remote RADIUS server group. 如果連線要求不符合 Proxy 原則,但符合預設連線要求原則,NPS 會處理連線要求,在本機伺服器上。If the connection request does not match the Proxy policy but does match the default connection request policy, NPS processes the connection request on the local server. 如果連線要求不符合任一原則,它會將它捨棄。If the connection request does not match either policy, it is discarded.

NPS 作為 RADIUS 伺服器的遠端帳戶處理伺服器NPS as a RADIUS server with remote accounting servers. 在此範例中,本機 NPS 未執行帳戶處理設定,預設連線要求原則會修訂案例使 RADIUS 帳戶處理訊息轉送到 NPS 或其他 RADIUS 伺服器的遠端 RADIUS 伺服器群組中。In this example, the local NPS is not configured to perform accounting and the default connection request policy is revised so that RADIUS accounting messages are forwarded to an NPS or other RADIUS server in a remote RADIUS server group. 雖然會轉送帳戶處理訊息,但不會轉送驗證和授權的訊息,本機 NPS 的本機網域中執行這些函式和所有信任的網域。Although accounting messages are forwarded, authentication and authorization messages are not forwarded, and the local NPS performs these functions for the local domain and all trusted domains.

NPS 以搭配 Windows 使用者對應的遠端 RADIUSNPS with remote RADIUS to Windows user mapping. 在此範例中,NPS 會扮演做為 RADIUS 伺服器,並為每個個別的連線要求的 RADIUS proxy 藉由將驗證要求轉送到遠端 RADIUS 伺服器時使用本機 Windows 使用者帳戶進行授權。In this example, NPS acts as both a RADIUS server and as a RADIUS proxy for each individual connection request by forwarding the authentication request to a remote RADIUS server while using a local Windows user account for authorization. 此設定被藉由設定 Windows 使用者對應屬性的遠端 RADIUS 連線要求原則的條件。This configuration is implemented by configuring the Remote RADIUS to Windows User Mapping attribute as a condition of the connection request policy. (此外,必須在本機建立的使用者帳戶上的 RADIUS 伺服器的遠端 RADIUS 伺服器對其執行驗證的遠端使用者帳戶名稱相同。)(In addition, a user account must be created locally on the RADIUS server that has the same name as the remote user account against which authentication is performed by the remote RADIUS server.)

組態Configuration

若要設定 NPS 做為 RADIUS 伺服器,您可以使用標準的設定] 或 [進階的設定在 NPS 主控台中或在 [伺服器管理員] 中。To configure NPS as a RADIUS server, you can use either standard configuration or advanced configuration in the NPS console or in Server Manager. 若要設定 NPS 做為 RADIUS proxy,您必須使用進階的組態。To configure NPS as a RADIUS proxy, you must use advanced configuration.

標準組態Standard configuration

使用標準設定時,會提供精靈協助您設定 NPS 在下列案例:With standard configuration, wizards are provided to help you configure NPS for the following scenarios:

  • 撥號或 VPN 連線的 RADIUS 伺服器RADIUS server for dial-up or VPN connections
  • 802.1X 無線或有線連線的 RADIUS 伺服器RADIUS server for 802.1X wireless or wired connections

若要設定 NPS 使用精靈,請開啟 NPS 主控台,選取其中一個先前案例中,,然後按一下連結來開啟精靈。To configure NPS using a wizard, open the NPS console, select one of the preceding scenarios, and then click the link that opens the wizard.

進階的組態Advanced configuration

當您使用進階的組態時,您以手動方式設定 NPS 做為 RADIUS 伺服器或 RADIUS proxy。When you use advanced configuration, you manually configure NPS as a RADIUS server or RADIUS proxy.

要設定 NPS 使用進階的組態,請開啟 NPS 主控台中,,然後按一下箭號旁進階組態以展開此區段。To configure NPS by using advanced configuration, open the NPS console, and then click the arrow next to Advanced Configuration to expand this section.

提供下列進階的組態項目。The following advanced configuration items are provided.

設定 RADIUS 伺服器Configure RADIUS server

若要設定 NPS 做為 RADIUS 伺服器,您必須設定 RADIUS 用戶端、 網路原則以及 RADIUS 帳戶處理。To configure NPS as a RADIUS server, you must configure RADIUS clients, network policy, and RADIUS accounting.

如需進行這些設定的指示,請參閱下列主題。For instructions on making these configurations, see the following topics.

設定 RADIUS proxyConfigure RADIUS proxy

若要設定 NPS 做為 RADIUS proxy,您必須設定 RADIUS 用戶端、 遠端 RADIUS 伺服器群組和連線要求原則。To configure NPS as a RADIUS proxy, you must configure RADIUS clients, remote RADIUS server groups, and connection request policies.

如需進行這些設定的指示,請參閱下列主題。For instructions on making these configurations, see the following topics.

NPS 記錄NPS logging

NPS 記錄也稱為 RADIUS 帳戶處理。NPS logging is also called RADIUS accounting. 設定 NPS 記錄您的需求,是否使用 NPS 做為 RADIUS 伺服器、 proxy 或任何組合,這些設定。Configure NPS logging to your requirements whether NPS is used as a RADIUS server, proxy, or any combination of these configurations.

若要設定 NPS 記錄,您必須設定您想要記錄哪些事件,您想要記錄和使用事件檢視器 檢視,,然後判斷哪些其他資訊。To configure NPS logging, you must configure which events you want logged and viewed with Event Viewer, and then determine which other information you want to log. 此外,您必須決定是否要記錄使用者驗證與帳戶處理資訊儲存在本機電腦上的文字記錄檔或在本機電腦或遠端電腦上的 SQL Server 資料庫。In addition, you must decide whether you want to log user authentication and accounting information to text log files stored on the local computer or to a SQL Server database on either the local computer or a remote computer.

如需詳細資訊,請參閱 < 設定網路原則伺服器 AccountingFor more information, see Configure Network Policy Server Accounting.