Integration of NPS with Authnull RADIUS Bridge

Introduction

NPS (Network Policy Server) is a Microsoft server role that acts as a RADIUS server, responsible for authenticating and authorizing network connections. It can also forward requests to other RADIUS servers if required, adding flexibility and scalability to network management.

Configuring NPS (Network Policy Server)

Below is a step-by-step guide to installing and configuring NPS: —

Step 1: Install and Configure NPS Role

1. Add the NPS Role:

  • Open Server Manager on your Windows Server.
  • In the Add Roles and Features Wizard, choose Network Policy and Access Services and install the Network Policy Server (NPS) role.
  • Once the role is installed, NPS will appear under Tools in Server Manager.

Step 2: Add RADIUS Clients

  • In Network Policy Server, expand RADIUS Clients and Servers.
  • Right-click RADIUS Clients, then select New to add a new client.
  • Fill in the following details:
    • Friendly Name: Enter a descriptive name for the client.
    • IP address (or DNS): Provide the IP address or DNS name of the RADIUS client (e.g., access points, switches, etc.).
    • Shared Secret: Enter a shared secret that will be used for secure communication between the client and the server.

Step 3: Add Remote RADIUS Server

  • Expand RADIUS Clients and Servers, then navigate to Remote RADIUS Server Groups.
  • Right-click and choose New to add a Remote RADIUS Server Group.
  • Provide a name for the group (e.g., “Authnull Radius Bridge”) and click Add to specify the IP address of the RADIUS server and its Shared Secret.

Step 4: Configure NPS Timeout Settings

  • Go to RADIUS Clients and Servers > Remote RADIUS Server Groups, then select the desired group.
  • Under the Load Balancing tab, configure the following settings:
    • Number of seconds without response before a request is considered dropped: Increase the default value (e.g., set it to 10-20 seconds) to allow additional time for communication, especially if 2FA or slow networks are involved.
    • Maximum number of dropped requests before marking a server as unavailable: Adjust this value based on your tolerance for failed requests. A common setting is 5 to 10.

Step 5: Configure Connection Request Policies

  • Navigate to Policies > Connection Request Policies.
  • Click New to create a new connection request policy.
    • Policy Name: Enter a meaningful name.
    • Type of Network Access Server: Select Unspecified.
    • Conditions: Add a condition by specifying the IPv4 address of your RADIUS client.
    • Authentication: Choose Forward requests to the following RADIUS server group for authentication and select the appropriate Remote RADIUS Server Group.
    • Leave Accounting settings as default.
  • Review the configuration and click Finish to complete the setup.

Step 6: Configure Network Policies

  • Navigate to Policies > Network Policies and click New.
    • Policy Name: Enter a descriptive name for the policy (e.g., “Allow Domain Users or Domain Admins”).
    • Type of Network Access Server: Select Unspecified.
    • Conditions: Add a condition by selecting Windows Groups and then adding the Domain Admins and Domain Users groups.
    • Access Permission: Select Access Granted.
    • Authentication Methods: Leave as default.
    • Leave Constraints and Settings as default unless specific constraints (e.g., idle timeout) are required.
  • Click Finish to complete the configuration.

Table of contents