Difference between revisions of "AAA with Active Directory"
|Line 1:||Line 1:|
== Example One ==
== Example One ==
Revision as of 00:58, 3 July 2011
Also refer to this forum post:
/ip radius add service=ppp,wireless address=<ip address of AD server> secret=<password for RADIUS service on AD server> authentication_port=1812 accounting_port=1813
/ip ppp AAA use_radius=yes accounting=yes
/ip ppp pptp-server enabled=yes authentication=mschap1,mschap2
Start->Control Panel-Administrative Tools->Internet Authentication Service Right-click on RADIUS Clients->New Friendly Name: MikroTik Address: <ip address of MT> Client-Vendor: RADIUS Standard Shared secret: <password used to access the RADIUS service>
Part A - Setup IAS RADIUS on Active Directory Services
Create a “hotspot.com” client profile and set IP address pointing to MikroTik hotspot server 172.19.1.253. Set Client Vendor to RADIUS Standard and enter a unique password for IAS. Do not enable Attributes Signature check box.
Part B - Setup IAS RADIUS with MikroTik
Add a RADIUS server profile and enable service for “hotspot”. Enter IP Address of IAS RADIUS server. Enter the same password created earlier for RADIUS secret. Use port 1812 for Authentication and 1813 for Accounting with Timeout at 300ms.
Part C – Testing IAS RADIUS with PC
- Use NTRadPing Test Utility to verify the communication link with a test PC. http://www.dialways.com/download/
- Remember to add in the test PC IP Address intended for testing into the IAS Client Profile before initiating test.
- Enter the IAS RADIUS server IP Address and port “1812” for Request Type “Authentication Request” mode followed by the RADIUS Secret Key.
- Also enter the User-Name found in the Active Directory Service User Domain Lists. If successful response reply will be “Access-Accepted”.
- Next change port to “1813” for Request Type “Accounting Start” click send and reply should be “Accounting-Response” if the RADIUS server is working.
Part D – Activating Domain Users for IAS RADIUS