How to Authenticate PPTP Clients and Web Admin Login Using Windows 2008 Radius Server

Peplink Balance supports authenticating PPTP and Web Admin clients by an external RADIUS server. This document explains how to configure Microsoft Windows Server 2008′s RADIUS Server to work with Peplink Balance.

Configuration

Add “Peplink Balance” as a RADIUS Client

  1. Go to Start > Administrative Tools > Network Policy Server > RADIUS Clients and Servers > RADIUS Clients. Right click RADIUS Clients and select New to add a RADIUS Client.

    radius-faq-step-01

  2. Enter Friendly Name, Address (Peplink Balance IP address) and Secret (as entered in Peplink Balance Web Admin Interface). Click OK to add the RADIUS Client.

    radius-faq-step-02

  3. “Peplink Balance” is now added as a new RADIUS client.

    radius-faq-step-03

Create a new Network Policy for RADIUS

  1. Click Policies on the left. Right click Network Policies and select New to add a network policy for RADIUS connection.

    radius-faq-step-04


  2. Enter policy name. Then select the Type of Network Access Server as Unspecified. Click Next to continue.

    radius-faq-step-05


  3. Click the Add button to add specify conditions for the RADIUS connection.

    radius-faq-step-06


  4. Select RADIUS connection condition. We recommend Client IPv4 Address (Peplink Balance IP address).

    radius-faq-step-07


  5. Enter your Peplink Balance IP address and click OK.

    radius-faq-step-08


  6. The specified condition is added. Click Next to move on.

    radius-faq-step-09


  7. Specify access permission of the Peplink Balance. If Access granted is selected, the user dial-in properties will be overridden. If you do not want to do so, check the box Access is determined by User Dial-in properties.

    radius-faq-step-10


  8. Continue to click Next until reaching this page, you can edit the settings on the way if you want. Click Next to move on.

    radius-faq-step-11


  9. Click next again to continue.

    radius-faq-step-12


  10. For authentication with PPTP clients, select Strongest encryption (MPPE 128-bit) only by clicking Encryption under Routing and Remote Access

    10


  11. Peplink devices support full access and read-only web admin users. If you only need full access users you can skip to step 15. By default RADIUS authenticated web admin users will have full access. To configure a specific access type for this policy click Vendor Specific under Radius Attributes and then click Add to create the attribute.

    radius-faq-step-13


  12. Select Custom as Vendor then click Add.

    radius-faq-step-14


  13. Click Add to enter the attribute.

    radius-faq-step-15


  14. Select the Enter Vendor Code option and enter 23695 then click on Configure Attribute.

    radius-faq-step-16


  15. Under Vendor-assigned attribute number: enter 1 and select Decimal for Attribute Format. The Attribute value determines if user will be full access or read-only. Click OK when complete.

    User Type Attribute Value
    Read-only 1
    Read-write 2

    radius-faq-step-17


  16. The attributes are now set. Click OK and then Next to continue
    :

    radius-faq-step-18


  17. Verify the policy settings and click Finish if you are happy with the settings.

    radius-faq-step-20


  18. This policy is now added to the Network Policies.Prioritize the existing policies by ranking the newly added policy high enough to ensure it functions.

    radius-faq-step-21


  19. Peplink Balance is now configured in Windows Server 2008.
1 Like