In this guide we will show you how to deploy a Network Policy Server (RADIUS) in Windows Server 2012.
What is NPS?
NPS allows you to create access policies for connection request authentication/authorization and client health. It also allows you to create RADIUS proxy to forward requests to NPS or any other RADIUS server.
First, install NPS.
In this example we are configuring access from a Netscaler, so we enter AGEE VPX, the NSIP of the Netscaler (the client device IP), select RADIUS Standard, and enter a Shared Secret… Record the Shared Secret, you will need it whenever configuring a RADIUS Client. Click Ok when done to create the client.
Note: If you forget the Shared Secret, you can export the NPS configuration to text file to expose the password.
Under Specify Conditions, click Add. Select Windows Groups and hit Add. Click Add Groups to search and select which domain user groups should be allowed to authenticate to this RADIUS Policy. Click Ok when done.
Optional: In Specify Conditions, Click Add, scroll down to NAS Identifier, click Add, and enter a NAS Identifier; this is whatever string of text you desire. When done adding conditions, click Next to continue.
Under Configure Settings window, select RADIUS Attributes->Standard. Click Add. Select “Class” from the list. Enter a String value to restrict authentication to members of, in this example, a group named CAG on a Netscaler. This can be omitted if you prefer. I made it match the name of my allowed Windows Security Group once too. Click Ok when done entering the string.
This RADIUS server is now ready for usage.