Upload
duyanh213
View
215
Download
0
Embed Size (px)
Citation preview
8/14/2019 Chng thc cho ISA bng RADIUS
1/23
Chng thc cho ISA bng RADIUS
Vn ny chc c l anh em Nht Ngh ni rt nhiu ri, nhng m vn cha c 1 bivit no ni v n, hm nay mnh xin post bi ny ln anh em Nht Ngh mnh cngnhau tham kho nh. Thc cht m ni nu kim ti liu v bi ny, th ch cn ln googlel ra lin thi. Trong qu trnh lm bi lab ny nu c g sai mong anh em Nht Ngh ng
gp kin nha.Bc chun b: lm bi lab trn m hnh ca mnh cn ti 3 my: DC(RADIUS SERVER),ISA(RADIUS CLIENT) v my CLIENT dng test.Vi DC c 1 card mng:IP l 172.16.4.1/16
Default Gateway: b trng Preferred DNS: 172.16.4.1
Vi CLIENT c 1 card mng:IP l 172.16.4.2/16
Default Gateway: b trng Preferred DNS: 172.16.4.1
Vi ISA c 2 card mng: + Card Lan: IP l 172.16.4.10/16
Default Gateway: b trng Preferred DNS: b trng + Card Internet: IP l 192.168.0.6/24Default Gateway: 192.168.0.2(tng t nh my 200 ca Nht Ngh)Preferred DNS: 192.168.0.3(DNS ni b ca mnh) Vy l xong cc bc chun b. Ta tin hnh ci t IAS trn DC.
B1: Vo Control Panel\ add or Remove Programs\ add remove windows components
8/14/2019 Chng thc cho ISA bng RADIUS
2/23
B2: ko thanh cun xung chn mc Networking services\chn details
8/14/2019 Chng thc cho ISA bng RADIUS
3/23
B3: Chn Internet Authentication Service v DNS \OK\NEXT
8/14/2019 Chng thc cho ISA bng RADIUS
4/23
B4: V phn cu hnh DNS mnh s ko ni li na, trn DC bn to 2 user tn l u1 v u2 vnh l cho u1 v u2 l Allow Access(trong tab Dial-in).
B5: Vo Administrative Tolls\chn Internet Authenticat ion Service
8/14/2019 Chng thc cho ISA bng RADIUS
5/23
B6: Right click vo IAS \chn Register Server in Active Directory\chn OK
8/14/2019 Chng thc cho ISA bng RADIUS
6/23
Thit li Policies m bo cc user hay cc group no c xc thc.
B7: Vo Remote Access Policies right click chn New Remote Access Policies \next\chn setup a custom policy. t tn cho policy l RADIUS \next
8/14/2019 Chng thc cho ISA bng RADIUS
7/23
8/14/2019 Chng thc cho ISA bng RADIUS
8/23
B8: chn add
8/14/2019 Chng thc cho ISA bng RADIUS
9/23
B9: ko thanh cun xung chn Windows-Groups\chn add\ri chn tip Add na
B10: chn group domain users\chn ok
8/14/2019 Chng thc cho ISA bng RADIUS
10/23
B11: chn next v chn Grant Remote access permisson\ next
8/14/2019 Chng thc cho ISA bng RADIUS
11/23
B12: chn Edit profile\chn tab Authentication\nh du check vo Unencryptedauthentication(PAP,SPAP)
8/14/2019 Chng thc cho ISA bng RADIUS
12/23
B13: Chn OK v No\ next\ f inish
Cu hnh RADIUS Server to ra RADIUS Client cho my ISA Server 2004
B14: Trong ca s IAS right click vo Radius client \chn new Radius client.
8/14/2019 Chng thc cho ISA bng RADIUS
13/23
B15: Trong khung friendly name: in tn Radius client Trong khung client address in IP ca my ISA(card Lan l 172.16.4.10)
Click next
8/14/2019 Chng thc cho ISA bng RADIUS
14/23
B16: Trong khung client Vendor chn Radius Standard Shared secret g: 123456
Confirm Shared secret: 123456Chn finishVy l xong phn ci t v cu hnh IAS trn DC.
B17: Trn ISA chn mc Networks\right vo Internal chn properties
8/14/2019 Chng thc cho ISA bng RADIUS
15/23
B18: chn tab Web proxy
8/14/2019 Chng thc cho ISA bng RADIUS
16/23
B19: Chn Authentication
8/14/2019 Chng thc cho ISA bng RADIUS
17/23
B20: b du check Integrated ,nh du check vo RADIUS v Require all users toauthenticate
8/14/2019 Chng thc cho ISA bng RADIUS
18/23
B21: Chn RADIUS Servers\add
B22: Trong khung Server name: g IP ca RADIUS SERVER vo 172.16.4.1
8/14/2019 Chng thc cho ISA bng RADIUS
19/23
Nhn nt change v in password 123456 v c chn ok ht
B23: chn apply\ok
8/14/2019 Chng thc cho ISA bng RADIUS
20/23
B24: Ti my client bn vo IE\Tolls\Internet Options\chn Connection\chn Lan settings nh du check vo Automatically detect settings Mc Proxy server in IP card Lan ca ISA l 172.16.4.10 Port: 8080nh du check vo Bypass proxy server.. Sau khi thit lp xong bn trnh duyt IE gwww.nhatnghe.comn s xut hin hp thoiuser name v password, bn g u1/123. Bn s trnhduyt c Web.
B25: Quay tr li my ISA vo Monitoring\chn tab Sessions, bn s thy c u1 ang raInternet bng proxy.
http://www.nhatnghe.com/http://www.nhatnghe.com/http://www.nhatnghe.com/http://www.nhatnghe.com/8/14/2019 Chng thc cho ISA bng RADIUS
21/23
B26: Sau bn vo tab Logging\chn Start Query bn s thy mc clent Username sthy (RADIUS) u1 v ra ang xem trang webwww.nhatnghe.com
http://www.nhatnghe.com/http://www.nhatnghe.com/http://www.nhatnghe.com/http://www.nhatnghe.com/8/14/2019 Chng thc cho ISA bng RADIUS
22/23
8/14/2019 Chng thc cho ISA bng RADIUS
23/23
B27: Kt thc.