none
Radius and nps

    Pregunta

  • When reading about nps, radius always comes around, I do know Radius is something completely different, but i never found a tutorial that explains the difference.

    Anyway who knows the answer? When should i use nps, when radius and when both?

    Also, should i install nps/radius on the vpn server or on  a clean memberserver?

    Thanks in advance.

    lunes, 28 de mayo de 2018 19:52

Respuestas

  • Hi,

    Have a nice day! Thanks for your question.

    Network Policy Server (NPS) allows you to centrally configure and manage network policies with the following three features: RADIUS server, RADIUS proxy, and Network Access Protection (NAP) policy server.

    NPS is where the Policies are configured and the RADIUS act's as the central authentication server if configured that way (it doesn't have to be configured as a central authentication server).

    With NPS in Windows Server 2016 Standard, you can configure a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. You can define a RADIUS client by using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range.

    For more information about NPS, you may refer to the following article,

    Network Policy Server Overview

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771347(v=ws.10)

    Furthermore, you can have different RADIUS devices (Cisco for example), and as you point out, NPS is MS's version of the product. And Radius is an RFC standard.

    You may refer to the following RFC 2865 link for Radius definition.

    Remote Authentication Dial In User Service (RADIUS)

    https://tools.ietf.org/html/rfc2865

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    You could certainly combine them. But it is recommended that the NPS and RRAS roles are split out for additional security. So we best deploy NPS/Radius on a separate server.

    Hope above information can help you.

    Highly appreciate your successive effort and time. If you have any questions and concerns, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    martes, 29 de mayo de 2018 5:58

Todas las respuestas

  • Hi,

    Have a nice day! Thanks for your question.

    Network Policy Server (NPS) allows you to centrally configure and manage network policies with the following three features: RADIUS server, RADIUS proxy, and Network Access Protection (NAP) policy server.

    NPS is where the Policies are configured and the RADIUS act's as the central authentication server if configured that way (it doesn't have to be configured as a central authentication server).

    With NPS in Windows Server 2016 Standard, you can configure a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. You can define a RADIUS client by using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range.

    For more information about NPS, you may refer to the following article,

    Network Policy Server Overview

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771347(v=ws.10)

    Furthermore, you can have different RADIUS devices (Cisco for example), and as you point out, NPS is MS's version of the product. And Radius is an RFC standard.

    You may refer to the following RFC 2865 link for Radius definition.

    Remote Authentication Dial In User Service (RADIUS)

    https://tools.ietf.org/html/rfc2865

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    You could certainly combine them. But it is recommended that the NPS and RRAS roles are split out for additional security. So we best deploy NPS/Radius on a separate server.

    Hope above information can help you.

    Highly appreciate your successive effort and time. If you have any questions and concerns, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    martes, 29 de mayo de 2018 5:58
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    sábado, 02 de junio de 2018 13:52
  • Hi,
    Could the above reply be of help? If yes, you may mark it as answer, if not, feel free to feed back
    Best Regards,
    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    lunes, 04 de junio de 2018 13:47
  • thanks for the help and the info.
    jueves, 07 de junio de 2018 7:50