Skip to content

Step by Step : Installing and Configuring a Network Policy Server in Windows Server 2012 R2

July 15, 2014

Network Policy Server, what is NPS all about?

NPS enables you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization.

You also can use NPS as a RADIUS proxy to forward connection requests to NPS or other RADIUS servers that you configure in remote RADIUS server groups.

You can use NPS to implement network-access authentication, authorization, and client health policies with any combination of the following 3 functions:

• RADIUS server

• RADIUS proxy

• NAP policy server

More information please log in to : http://msdn.microsoft.com/en-us/library/cc732912.aspx

This will be a very long step to go through, so please take your time and make sure you have a working domain lab for you to install & configure NPS…

What you will find in my post today will be straight forward process to deploy & configure NPS, there was many things you can do with NPS.. so please spend some time browsing to Microsoft technet for more details information…

Lets get started by installing NPS role and this NPS role later will be use to support RADIUS…

1 – On the Domain server (OSI-ADDS01), open Server Manager, click Add roles and features

1

2 – Next, on the Select installation type interface, click Role-based or feature based installation, and then click Next to proceed…

2

3 – On the Select destination server interface, click Next…

3

4 – On the Select server roles interface, select the Network Policy and Access Services check box and then click Next…

4

5 – On the Select features interface, just click Next to proceed…

5

6 – Next, on the Network Policy and Access Services page, click Next…

6

7 – Next, on the Select role services interface, click Network Policy Server check box, and then click Next…

7

8 – On the Confirm installation selections interface, click Install…

8

9 – Next, verify that our installation was successful, and then click Close…

9

10 – Next, on the Server Manager, click Tools and then click Network Policy Server…

10

11 – In Network Policy Manager interface, in the navigation pane, right-click NPS (Local), and then click Register server in Active Directory

11

12 – In the Network Policy Server message box, just click OK to proceed…

12

13 – In the subsequent Network Policy Server interface, click OK

13

14 – Next, lets continue with configuring NPS Templates… In the Network Policy Server console, right-click Shared Secrets, and then click New

14

15 – Next, in the New RADIUS Shared Secret Template interface, in the Template name box, type OSI Security (you can fill in any name you prefer), then in the Shared secret and Confirm shared secret boxes, type your preferred password and then click OK…

15

16 – Next, right-click RADIUS Clients, and then click New…

16

17 – Next, in the New RADIUS Client interface, in the Friendly name box, type OSI-NPS, then you need to key in the IP Address of the NPS Server, which in my case 172.16.0.106, click Verify to confirm the IP Address, then click Resolve so that it will identify the correct IP Address, click OK to proceed…

17

18 – Next, in the New RADIUS Client interface, under Shared Secret, in the Select an existing Shared Secrets template area, click OSI Security, and then click OK.

18

19 – Next, lets configure RADIUS accounting for logging purposes…

19

20 – In the Accounting Configuration introduction Wizard, click Next…

20

21 – On the Select Accounting Options interface, click Log to a text file on the local computer, and then click Next…

21

22 – On the Configure Local File Logging interface, click Next…

22

23 – On the Summary interface, click Next…

23

24 – On the Conclusion interface, click Close…

24

25 – Next, we need to configure and test our RADIUS Client.. In the Network Policy Server console, expand RADIUS Clients and Servers, then right-click RADIUS Clients, and then click New

25

26 – In the New RADIUS Client interface, please clear the Enable this RADIUS client check box, then you can click Select an existing template check box.. verify that your existing template listed in the list then click OK…

26

We have done installing & configuring NPS in our domain server which OSI-ADDS01 server, now it’s time for us to configure Routing and Remote Access in RADIUS Client (OSI-NPS server)…

27 – On the OSI-NPS Server, open Server Manager, click Add Roles and features…

27

28 – On the Before you begin interface, click Next…

28

29 – On the Select installation type interface, click Next…

29

30 – On the Select destination server, click Next to proceed…

30

31 – On the Select server roles interface, click Remote Access box and click Next…

31

32 – On the Select features interface, click Next…

32

33 – Next, on the Remote Access interface, click Next…

33

34 – On the Select role services, make sure you click DirectAccess and VPN (RAS) check box, and then click Next…

34

35 – On the Web Server Role (IIS) interface, proceed with Next…

35

36 – On the Select role services interface, proceed with Next…

36

37 – On the Confirm installation selections interface, click Install…

37

38 – On the Installation progress interface, click close…

38

39 – Next, open Server Manager click Tools and click Routing ans Remote Access

39

40 – Next, in the Routing and Remote Access console, right-click NPS (Local), and then click Configure and Enable Routing and Remote Access

40

41 – On the Routing and Remote Access Server Wizard interface, click Next

41

42 – On the Configuration interface, make sure you click Remote access (dial up or VPN)

42

43 – ON the Remote Access interface, click VPN check box…

43

44 – Next, in the VPN Connection interface, click the network interface named Ethernet 3, but make sure you clear the Enable security on the selected interface by setting up static packet filters check box, and then click Next…

44

45 – On the IP Address Assignment interface, select From a specified range of addresses, and then click Next…

45

46 – On the Address Range Assignment interface, click New…

46

47 – On the New IPv4 Address Range interface, in the Start IP address, type 172.16.0.201, then in the End IP address, type 172.16.0.220, verify that 20 IP addresses were assigned for remote clients, and then click Next…

47

48 – On the Address Range Assignment interface, click Next…

48

49 – On the Managing Multiple Remote Access Servers interface, click Yes, set up this server to work with a RADIUS server, and then click Next…

49

50 – On the RADIUS Server Selection interface, in the Primary RADIUS server box, type ADDS01… In the Shared secret box, type your password and then click Next…

50

51 – In the Routing and Remote Access Server Setup Wizard, click Finish

51

52 – In the Routing and Remote Access dialog box, click OK…

52

53 – Next, switch to the OSI-ADDS01 domain server so that we can configure a Network Policy for RADIUS… in the Network Policy Server console, expand Policies, and then click Network Policies, in the details pane, right-click the policy at the top and bottom of the list, and then click Disable

53

54 – Next, right click Network Policies, and then click New

54

55 – In the New Network Policy Wizard, in the Policy name box, type OSI VPN Policy, and then in the Type of network access server list, click Remote Access Server(VPN-Dial up), and then click Next…

55

56 – Next, on the Specify Conditions page, click Add, then in the Select condition dialog box, click NAS Port Type, and then click Add

56

57 – In the NAS Port Type dialog box, select the Virtual (VPN) check box, and then click OK…

57

58 – Next, on the Specify Conditions interface, click Next…

58

59 – Next on the Specify Access Permission interface, click Access granted, and then click Next…

59

60 – On the Configure Authentication Methods interface, click Next…

60

61 – On the Configure Constraints interface, click Next…

61

62 – On the Configure Settings interface, click Next…

62

63 – On the Completing New Network Policy interface, click Finish

63

64 – Next, on the  Network Policy Server console, verify your setting…

64

65 – Now lets test our RADIUS configuration with Windows 8.1 client, switch to Windows 8.1 client and log in as Administrator, then open Network and Sharing Center control panel, in the Network and Sharing Center, click Set up a new connection on network…

65

66 – On the Choose a connection option interface, click Connect to a workplace, and then click Next…

66

67 – On the How do you want to connect interface, click Use my Internet connection (VPN)

67

68 – Click I’ll set up an Internet connection later

68

69 – On the Type the Internet address to connect to interface, in the Internet address box, type 172.16.0.109, in the Destination name box, type OSI VPN, then select the Allow other people to use this connection check box, and then click Create…

69

70 – In the Network And Sharing Center window, right-click the OSI VPN connection, and then click Properties

70

71 – On the OSI VPN Properties, click the Security tab and then in the Type of VPN list, click Point to Point Tunneling Protocol (PPTP), then under Authentication, click Allow these protocols, and then click OK

71

72 – Next, right-click the OSI VPN connection, and then click Connect/Disconnect

72

73 – Next, in Network sign-in, in the User name box, type osi\administrator and password and then click OK…

73

74 – Lastly, wait few second for the VPN connection to be established. Ensure that your connection is successful

74

 

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: