Active Directory (AD) is a service that is owned by the windows
operating system for networks such as Windows 2000 Server, Windows Server 2003,
Windows Server 2008, and Windows Server 2012. Active Directory consists of
databases and directory services. The database is owned by Active Directory to
store all the resources available in the network, such as computers that have
been joined to a domain, a list of user accounts and user groups, shared
folders, and others.As already known, AAA Mikrotik not only be done on the device
itself, but can also use an external database of the RADIUS Server. This time,
we will experiment with combining MikroTik with Active Directory on Windows
2003.
Service that can be used to be able to create a centralized AAA
server is a component in Windows Internet Authentication Service (IAS). In
addition, this service will act as a liaison between MikroTik Router with
existing user database in Active Directory using standard RADIUS protocol.
Settings in Windows Server
Usually the IAS service is not yet active component in Windows
Server, so it needs to be added and activated first. Click Start -> Control
Panel -> Add / Remove Programs -> Networking services
Register components / IAS service in Active Directory so user-friendly
in it can later be inserted and
used by IAS
Add Radius Client, that other devices that will use the IAS
service.
Follow the steps to complete by entering data Mikrotik Router will
use the IAS service.
Settings in Windows Active Directory
The next step is setting on the Active Directory component.
Typically, there are already some users in a Windows Active Directory domain.
The choices can use existing user or create a new username and password for
authentication on Mikrotik hotspot. In this experiment, the steps taken is to
add a new user. How to click Start -> Administrative tools -> Active
Directory Users and Computer
Follow the steps to finish up the new user object has appeared on
the list to the right. So that the user can be used by the IAS, the necessary
adjustments to the user group setting user properties made earlier.
Setting Mikrotik
Setting done on Mikrotik Hotspot is setting the standard as has
previously been discussed. The difference lies only in Hotspot settings and
RADIUS server profile with adjustment with Windows Active Directory.
First, the login method on the hotspot server profile.
At the time of the experiment is done, simply log-by = HTTP-PAP
can be used. If you use another type, the username of AD can not be used. Do
not forget to enable the use of RADIUS.
The next set RADIUS menu by entering service, IP Windows AD and
share secret
Mikrotik settings until this step is complete. If done hotspot
login attempts, it will look at the menu Hotspot Active users who are connected
with the flag "R" or Radius.
Unfortunately in AD are not too many parameters that can be custom
configured, for example, to limitations uptime, speed data transfer and quotas.
But the army would make it easier if the network implement a system windows
domain / workgroup so that with a single username, Client can log in to various
services, including hotspot Mikrotik.
and windoes server 2016?
ReplyDelete