If the connection request does not match either policy, it is discarded. If the connection request does not match the proxy policy but does match the default connection request policy, NPS processes the connection request on the local server. If the connection request matches the proxy policy, the connection request is forwarded to the RADIUS server in the remote RADIUS server group. In this example, the proxy policy appears first in the ordered list of policies. In addition to the default connection request policy, a new connection request policy is created that forwards connection requests to an NPS or other RADIUS server in an untrusted domain. NPS as both RADIUS server and RADIUS proxy Instead, it forwards connection requests to NPS or other RADIUS servers that are configured as members of remote RADIUS server groups. NPS does not process any connection requests on the local server. In this example, NPS is configured as a RADIUS proxy. The default connection request policy is deleted, and two new connection request policies are created to forward requests to two different domains. The NPS can authenticate and authorize users whose accounts are in the domain of the NPS domain and in trusted domains. In this example, NPS is configured as a RADIUS server and all connection requests are processed by the local NPS. The default connection request policy is the only configured policy. The following configuration examples demonstrate how you can use connection request policies. If the settings of an incoming RADIUS Access-Request message do not match at least one of the connection request policies, an Access-Reject message is sent to the RADIUS client and the user or computer attempting to connect to the network is denied access. If the policy settings match and the policy requires that the NPS forwards the message, NPS acts as a RADIUS proxy and forwards the connection request to a remote RADIUS server for processing.
If the policy settings match and the policy requires that the NPS process the message, NPS acts as a RADIUS server, authenticating and authorizing the connection request. RADIUS Access-Request messages are processed or forwarded by NPS only if the settings of the incoming message match at least one of the connection request policies configured on the NPS. The realm name in the connection request.With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following: You can create connection request policies so that some RADIUS request messages sent from RADIUS clients are processed locally (NPS is used as a RADIUS server) and other types of messages are forwarded to another RADIUS server (NPS is used as a RADIUS proxy). Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. In addition to this topic, the following connection request policy documentation is available.Ĭonnection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients.
0 kommentar(er)
