Information Technology Reference
In-Depth Information
NOTE
LONG SHARED SECRETS
The shared secret generated by the wizard is longer than some RADIUS clients can support.
You can shorten it by deleting a portion and still retain the preferred randomness of the
shared secret. However, if your RADIUS client is Windows Server 2012 R2 with the Remote
Access role installed, the full length of the generated secret can be used.
Click the Advanced tab to configure the RADIUS Vendor and additional options.
Choose RADIUS Standard for the Vendor Name unless your RADIUS client specifically
requires a vendor-specific setting.
6.
NOTE
RADIUS PROXY
The value of the Vendor Name is hidden from any downstream RADIUS server when oper-
ating as a RADIUS proxy, creating problems for network policy conditions if they're based
on vendor-specific recognition. There probably won't be a vendor-specific question on the
exam, but it's good to be aware that running as a proxy will hide the vendor.
If your RADIUS client supports the Message-Authenticator attribute, select
Access-Request Messages Must Contain The Message-Authentication Attribute
to improve security when using MS-CHAPv2.
7.
8.
Click OK to create the new RADIUS client.
You can create a new RADIUS client with the New-NpsRadiusClient cmdlet, as shown here:
New-NpsRadiusClient `
-Name trey-edge-01 `
-Address 192.168.10.1 `
-SharedSecret "qboTFf^&JK#kHq17ffHXwIK2WcVLzNcABv"
You can create templates that simplify setting and configuring NPS across multiple servers
and clients, as follows:
■
Shared secrets
■
RADIUS clients
■
Remote RADIUS servers
■
IP filters
■
Health policies
■
Remediation server groups
Each template contains the settings for that type of configuration, and can be saved and
used to simplify configuring additional items. In addition, the templates can be exported and
used on other NPS RADIUS servers.
