No Fancy Pictures this time.<\/p>\n\n\n\n
<\/p>\n\n\n\n
So something I wanted to try for a long while, and I think I even tried last year during\/after the Linux AD Lab was setting up a Windows NPS server to run as a Radius front-end to AD and get one of my Access points to auth to that as opposed to FreeRadius which I have been using for years.<\/p>\n\n\n\n
Now there is nothing wrong with FreeRadius, I started with it back in my Pi2 testing days, and ran it off one of them for years until I migrated my main router to PF then OPNsense where it had the ability without a second device along with a nice gui, self contained Letsencrypt for certs..<\/p>\n\n\n\n
I digress.<\/p>\n\n\n\n
After figuring out NPS I got radtest authenticating to it from my Linux pc, Neat but not secure, FreeRadius was atleast using certs and such.<\/p>\n\n\n\n
Certs… Wasnt there an AD component for Certs? Yup installed AD CA, generated up a cert for the computer and it was now able to authenticate via eapol_test.<\/p>\n\n\n\n
<\/p>\n\n\n\n
Could I take this a step further though? currently it verified the server and used AD User name and Password for Authentication…<\/p>\n\n\n\n
User certs! Yeah… In its current configuration I am setup for Cert\/Smartcard login with user certs. No password. Neat and something I have never seen Freeradius do.<\/p>\n\n\n\n
Next steps, I have multiple networks I want to provide separate logins for and I can see how to do this in NPS, something I dont see in Freeradius, atleast the one in Opnsense. so I will slowly migrate them over.<\/p>\n\n\n\n
I think my only complaint is that either NPS or AD CA required the gui version of Windows server, I would have much preferred it to run from server core.<\/p>\n","protected":false},"excerpt":{"rendered":"
No Fancy Pictures this time. So something I wanted to try for a long while, and I think I even tried last year during\/after the Linux AD Lab was setting up a Windows NPS server to run as a Radius front-end to AD and get one of my Access points to auth to that as … Continue reading “AD….Again”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[3,4],"class_list":["post-108","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-ad","tag-nps"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/firezen.com\/index.php?rest_route=\/wp\/v2\/posts\/108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/firezen.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/firezen.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/firezen.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/firezen.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=108"}],"version-history":[{"count":2,"href":"https:\/\/firezen.com\/index.php?rest_route=\/wp\/v2\/posts\/108\/revisions"}],"predecessor-version":[{"id":112,"href":"https:\/\/firezen.com\/index.php?rest_route=\/wp\/v2\/posts\/108\/revisions\/112"}],"wp:attachment":[{"href":"https:\/\/firezen.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/firezen.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/firezen.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}