Versions Compared

Old Version 2

changes.mady.by.user Technical Service Specialist

Saved on

compared with

New Version 3

changes.mady.by.user Admin1

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

From the Server Manager right-click and choose "Add Role and Features". Choose "Role-based or feature-based installation". Select "Network Policy and Access Services" and add features, and click next followed by "Install".

Once the installation is completed, open the Network Policy Server (NPS) console. First, you need to register the NPS with your domain. Right-click NPS and choose "Register server in Active Directory".

Add a new RADIUS client

Next The next step is to add your monitoring unit as a RADIUS client. Expand "Radius Clients and Servers" and right-click "RADIUS Clients" followed by "New". Set a friendly name for your monitoring unit, IP address, and shared secret key. This shared secret needs to be identical on your unit, see Access via a Radius server.

...

Open the "Active Directory Users and Computers". Select your domain, right-click followed by "New" and choose choose "Group". This group will be further used to allow users access to the monitoring unit.

...

Add a new user, "user_rad_100", in the same way, right-click followed by "New" and choose choose "User". In the "Dial-in" tab set "Network Access Permission" to "Control access through NPS Network Policy". Add this user to a previously created group.

...

Using access policies, we will connect previously created RADIUS client records and domain security groups to access monitoring units. Open the Network Policy Server Console. Expand "Policies", right-click "Network Policies" and click "New". Set policy name and select access permission as "Grant access".

...

At the configuration settings step "Configure Settings", in the settings section of the standard RADIUS attributes, delete the attributes that are available by default. Select the "Vendor Specific" attributes section. Specify Specify vendor as "Custom", select the "Vendor-Specific" attribute and click "Add...".

...

Each attribute has a name and an identifier number. Because the server does not have a dictionary for monitoring units, then attributes must be specified through an a number as indicated in the table below.

...

Each user profile in the system can have access to system resources in a "read-only" or "read-write" modes.

...

  • accesskeys — management of iButton access keys and other compatible;
  • cameras — management of video cameras;
  • canbus — management of CAN bus;
  • devvirt — management of virtual devices (timers, PINGs, triggers);
  • elements — management of elements;
  • groups — group management;
  • gsm — management of GSM-modem;
  • languges languages — management of installed localization files;
  • log — management of system log;
  • logics — management of logic schemes;
  • modules — management of modules;
  • notify — management of notifications (mail, trap, sms);
  • relays — Relay management (global functions);
  • sdcard — SD card management;
  • system — runtime management (OC Linux);
  • users — user management;
  • view — control the appearance of web interface.

...

  • all — full access to all identifiers implies full administrative access;

  • none — access is completely forbidden.

By default, there are no group groups in the system, elements and modules are not in groups, and access to them is possible only with the rights of "all".

...

After specifying all the attributes you will get this result. In this example, all users in the "RADIUS group" have full administrator rights on the monitoring unit.