Applicable Version: 10.00 onwards
Overview
This article describes how you can configure Windows Server 2008 as a RADIUS Server and integrate it with Cyberoam.
Scenario
Configure Windows Server 2008 as RADIUS Server with MS-CHAP v2 authentication and integrate Cyberoam as a RADIUS Client.
Configuration
You can configure Windows Server 2008 by following the steps given below. Configuration is to be done from Windows Server Manager.
Note:
Prior to configuration, make sure that:
You have setup Active Directory Services, and Network Policies and Access Services (NPS) Roles.
The NPS Roles are integrated with the Active Directory.
Step 1: Add Cyberoam as RADIUS Client
Login to Windows Server 2008 using Administrator profile.
Go to Start Administrative Tools Server Manager .
On the left panel, expand Roles Network Policy and Access Services NPS (Local)
RADIUS Clients and Servers and right click on RADIUS Clients. Click New RADIUS Client to
create a new client according to parameters given below.
Parameter Description
Parameter Value Description
Friendly name Cyberoam Name to identify the RADIUS Client
Address (IP or DNS) 172.16.16.1
Address of the RADIUS Client. Here, we have specified Cyberoam LAN IP Address.
Vendor name RADIUS Standard Specify the RADIUS Client Vendor
name from the list
Shared secret Manual Select whether shared secret is to be
manually set or auto-generated.
Step 2: Configure Network Policies
On the left panel, expand Roles Network Policy and Access Services NPS (Local)
Policies and right-click Network Policies. Click New to open the New Network Policy Wizard.
Click Add under Specify Conditions to add conditions that determine whether this network policy is evaluated for a connection request. Here, we have added 2 conditions:
User Group as Marketing
NAS IP address as Cyberoam LAN IP address
The Select Condition Window opens. Select the first type of condition as User Groups and click
The User Groups Window opens. Click Add Groups... to add user groups.
The Select Group Window opens. Mention the Group Marketing under Enter the object name
Under Gateway section, select NAS IPv4 Address to specify the IP address of the Network Access Server (NAS) and click Add.
Mention Cyberoam’s LAN IP address as NAS address.
Click OK to save settings. The following screen is displayed showing configured conditions. Click
The Configure Authentication Methods screen appears. Select the authentication as Microsoft
Encrypted Authentication version 2 (MS-CHAP v2) and Unencrypted authentication (PAP, SPAP). Click Next.
Note:
The Configure Settings screen appears. Retain default settings. Click Next.
The Completing New Network Policy appears which displays the summary of the policy you have configured. Click Finish to create the policy.
Step 3: Allow Network Access to Users
Once Network Policies are configured, ensure that users, belonging to the User Group defined in the Policy, are allowed network access. Here, we have enabled network access of a user named John
Smith who belongs to the CYBEROAM\Marketing User Group. You can enable network access by
following instructions given below.
On the left panel, expand through Roles Active Directory Domain Services Active Directory
Users and Computers cyberoam.local and click Users to display a list of existing users. Right
In the Properties window, switch to Dial-in tab, under Network Access Permission select Allow
access to allow network access to user John Smith.
Click OK to save settings.
Step 4: Integrate Cyberoam with RADIUS Server
Integrate Cyberoam with the RADIUS Server configured above such that it uses the Server for user authentication. To know how you can configure Cyberoam to use RADIUS Server, refer to the article Configure Cyberoam to use RADIUS Server for Authentication.
The above configuration configures the Windows Server 2008 as a RADIUS Server with Cyberoam as the Client. Cyberoam uses this RADIUS Server for user authentication.
