How to setup RADIUS in MikroTik (HapLite) and Windows Server
Summary
TLDRThis tutorial video guides viewers through setting up RADIUS on MikroTik and Windows Server for admins and clients. It covers the installation of Windows Server 2008 R2, initial server configuration, networking setup, and adding roles like DHCP and NPS. The video also demonstrates configuring MikroTik's hotspot, integrating it with RADIUS, and testing user authentication. It concludes with configuring network policies and client tutorials for both wired and wireless connections.
Takeaways
- đ» **Windows Server 2008 R2 Setup**: Begin with language, time, and keyboard settings, then proceed with the installation by selecting the Enterprise operating system and custom partition allocation.
- đ **Administrator Account Security**: Set a strong password for the administrator account to enhance server security.
- đ **Networking Configuration**: Configure the server with a static IP address, subnet mask, gateway, and DNS settings to ensure proper network communication.
- đ„ïž **Computer Name Customization**: Change the computer name to 'WinServer' for identification purposes and restart the system to apply changes.
- đĄ **Role Addition**: Add necessary roles like Active Directory Domain Services (ADDS) and DHCP to manage network services effectively.
- đ **DNS and DHCP Setup**: Install and configure DNS for domain resolution and DHCP for automatic IP address assignment.
- đ ïž **NPS (Network Policy Server) Configuration**: Install and configure NPS to manage network access policies and integrate with RADIUS for authentication.
- đ€ **User Management**: Create users and groups in Active Directory, set passwords, and manage group memberships to control access.
- đ **RADIUS Integration**: Configure the MikroTik router to use RADIUS for authentication by setting up the MikroTik hotspot with the Windows Server as the RADIUS server.
- đ **Policy Customization**: Tailor account policies, such as password and account lockout policies, to meet specific security requirements.
- đ± **Client Connection Testing**: Test the setup by connecting clients to the hotspot and verifying that they can authenticate successfully against the Windows Server.
Q & A
What is the first step in setting up Windows Server 2008 R2 as described in the video?
-The first step is to follow the onscreen instructions for language, time, and keyboard input, then click 'Next', 'Install Now', and select the Enterprise operating system.
How many times does Windows Server 2008 R2 restart during the installation process?
-The video mentions that Windows Server 2008 R2 restarts a couple of times after the initial setup.
What is the initial configuration task for setting up the administrator account on Windows Server 2008 R2?
-The initial configuration task includes setting a password for the administrator account, which is done by clicking 'OK' and entering a password such as 'admin1223'.
What IP address is used for the static IP configuration in the video?
-The static IP configuration uses the IP address 192.168.10.2, with a subnet mask of 255.255.255.0, a gateway of 192.168.10.1, and the same IP address for DNS.
What is the computer name changed to in the video?
-The computer name is changed to 'WinServer' during the initial configuration tasks.
Which roles are added to the Windows Server during the setup process?
-The roles added include Active Directory Domain Services (ADDS), DNS, DHCP, and Network Policy Server (NPS).
What is the purpose of adding a DHCP scope in the video?
-The DHCP scope is added to specify the range of IP addresses that can be assigned to devices connecting to the network, starting from 192.168.10.2 and ending at 192.168.10.254, allowing for 60 devices.
What is the shared secret used for the RADIUS client in the video?
-The shared secret used for the RADIUS client is 'adminSS'.
How is the connection between the MikroTik router and the Windows Server tested in the video?
-The connection is tested by pinging the IP address of the server from the MikroTik router and vice versa.
What is the default username for accessing the MikroTik router as mentioned in the video?
-The default username for accessing the MikroTik router is 'admin', and no password is required.
What is the final step to ensure the RADIUS connection works between the MikroTik router and the Windows Server?
-The final step is to test the user login on the hotspot of the MikroTik router using the credentials created in the Windows Server.
Outlines
đ» Setting Up Windows Server 2008 R2
The video begins with a tutorial on setting up RADIUS in MikroTik and Windows Server for both admin and client. It details the installation process of Windows Server 2008 R2, including selecting language, time, and keyboard input, accepting terms, and custom partitioning. After installation, the video guides through initial configurations such as setting a password for the administrator account, configuring networking with static IP, and changing the computer name to 'WinServer'. It also covers adding roles like Active Directory Domain Services (ADDS), installing DNS, and setting up DHCP scope.
đ§ Configuring Network and Adding Roles
This section continues with the setup process, focusing on verifying network configurations and adding necessary roles to the server. It includes checking the local area network for correct IP addresses, renaming the computer to 'WinServer', and adding roles like Server Manager, ADDS, and DHCP. The tutorial also covers installing Network Policy Server (NPS) and setting up a DHCP scope with a range of IP addresses for device connectivity.
đ€ Creating Users and Configuring NPS
The video then moves on to creating users and configuring the Network Policy Server (NPS). It demonstrates how to add users and groups in Active Directory Users and Computers, set user passwords, and add users to groups. The tutorial also includes registering the NPS to the Active Directory, adding a RADIUS client (MikroTik), and configuring network policies with EAP settings.
đ MikroTik Router Configuration
This part of the video script details the process of configuring a MikroTik router. It covers connecting to the router, changing interface names, setting up a wireless LAN, creating a bridge, and configuring DHCP client and server. The tutorial also includes setting up a hotspot, configuring RADIUS for the hotspot, and testing the connection between the MikroTik router and the Windows Server.
đ Finalizing RADIUS Setup and Testing
The final segment of the video script involves finalizing the RADIUS setup and testing the connection. It includes binding MAC addresses, setting up RADIUS on the MikroTik router, and ensuring a connection between the MikroTik and Windows Server. The tutorial concludes with testing the user login on the hotspot and discussing policy configurations for password and account lockout settings.
đ Client Tutorial and Conclusion
The last paragraph wraps up the tutorial with a client tutorial for both wired and wireless connections. It explains how to log in with the created user account on the hotspot page for MikroTik, and how to view active connections and policies on the MikroTik's active tab. The video concludes with a thank you note and a sign-off.
Mindmap
Keywords
đĄRADIUS
đĄWindows Server 2008 R2
đĄActive Directory Domain Services (ADDS)
đĄMikroTik
đĄDHCP
đĄNetwork Policy Server (NPS)
đĄIP Address
đĄHotspot
đĄShared Secret
đĄGroup Policy
Highlights
Setting up RADIUS in MikroTik and Windows Server for admin and client tutorial.
Installation of Windows Server 2008 R2 with language, time, and keyboard input setup.
Custom partition allocation during Windows Server installation.
Initial server setup includes installing updates and setting administrator password.
Configuring static IP address for the server's local area connection.
Changing the computer name to 'Win-Server' for clarity and identification.
Adding roles such as Active Directory Domain Services (ADDS) to the server.
Installation of DNS as part of the server's role configuration.
Setting up DHCP role to manage IP address assignment on the network.
Configuring Network Policy Server (NPS) for managing network access policies.
Creating organizational units, groups, and users in Active Directory.
Assigning users to groups and adding them to the domain for centralized management.
Registering NPS to Active Directory and configuring RADIUS client in MikroTik.
Setting up network policy in NPS for EAP authentication and access restrictions.
Connecting to MikroTik router using WinBox and configuring interfaces.
Configuring DHCP client and server on MikroTik for IP address management.
Setting up hotspot functionality on MikroTik with RADIUS authentication.
Binding MAC address and applying settings for secure hotspot access.
Testing user authentication on the MikroTik hotspot using created Active Directory accounts.
Configuring account policies and restrictions for security and management purposes.
Client tutorial for connecting to the hotspot and logging in with user credentials.
Transcripts
hi guys so for today's video is how to
set up radius in microtic and Windows
server for the admin and client tutorial
the Windows Server 2008 R2 setup should
start follow the onscreen instructions
choose language time and keyboard input
then click next install now and the
setup is now
starting select the Enterprise operating
system
next is read the terms then accept the
terms and
next choose custom install allocate your
desired partition then next and that's
all for the installation of Windows
Server 20082 then that will restart a
couple of
times after the restart let's check
first our guide in setting up the
server I'm going to put a check check
mark on the number one guide which is to
install and for the second adding a
password for the administrator
account let's set up the initial
configurations click Oak then enter a
password admin
[Music]
1223
for the administrator account confirm
then proceed the password has been
changed click okay next let's check the
guide and put a check mark on number
[Music]
two now we proceed to configure the
networking after the creation of
password for the administrator there is
initial configuration task every start
and on the initial configuration task
there's a guide or a shortcut to
configure the networking click that then
rightclick the local area connection
then go to the properties choose the IP
V4 and properties for the IP we'll use a
static IP address so we manually
configure the IP addressing for the IP
address is
192.168 10.2 then press tab for auto
subnet mask the Gateway is 100
92168 10.1 and for the DN is
192.168 10.2 same as the IP address then
click
[Music]
okay next up is let's provide or let's
change the computer name but before that
let us put a check mark for the number
three for configuring the network for
the number four let's change the name of
the computer to wind server on the same
initial configuration
task click on the provide computer name
and domain click on change change the
computer name to Wi server thin click
okay after that it will prompt you to
restart to apply the changes in the
computer then click restart
[Music]
now now that we have configured the
network and the computer name we may now
proceed to adding some roles needed in
our setup let's put a check mark on the
number four while
waiting
[Music]
after configuring the network and the
name of the computer let's check if our
configurations is really working we need
to check the local area network if it
has the IP addresses we inputed click
that then details as we can see it works
and for the name we have the wind server
the computer
[Music]
name and now let's proceed in the adding
of roles in the adding of roles we can
have the server
[Music]
manager and here is the interface of it
we can add roles here and also in the
initial configuration
[Music]
task
[Music]
so let's add active directory domain
services or adds check then add features
as needed then click next next and next
then
[Music]
install
after the installation of adds we check
again our server manager click on the
add then run the DC
[Music]
promo.for us named CS U.C cab.com
[Music]
then next for the ver we choose it is
2008 R2
[Music]
then now we have the options to install
the DNS and before that let's put a
check mark on the adds then proceed to
the installation of
[Music]
DNS
let's just click NE and next then add
the dsrm password which is admin ER rest
for confirm password then next and
[Music]
review and next to install and check the
reboot after the completion so that it
apply after the configuration and while
waiting let's put a check mark on the
DNS after the restart we may now proceed
to adding the DHCP roll as usual every
after opening the Windows Server it will
pop up the initial configuration tasks
but then again we can also add rolles in
the server manager and now let's click
add roles next find the DHC CP put a
check mark then next as you can see we
already have the ipv4 address which is 1
1921
68102 we may now proceed to click next
and we can change the preferred DNS to
what we have which is the same IP
address of the server as our DNS
invalidate then next and next for this
we need to add a DHCP scope let's add
CICS com laab is our opening and the our
starting IP is 1 1921
68102 and our ending IP is 1
192.168.10.0 so we can have 60 devices
they can connect to and please remember
this is our only preferences you can add
more as you
[Music]
want
[Music]
and click then next let's disable since
we're not using
V6 then next and now double check of
what we inputed in our DHCP and
[Music]
install and after the successful
installation let's put a check mark on
DHCP on our
guide next up is The NPS or our Network
policy server let's then again add roles
click next and find the network policy
and
next proceed to the next and check the
network policy server then
install
and that's it for the adding of roles in
the Windows
Server now let's put a check mark on
NPS now that we're done with the setup
and installation for the wind server we
may now add its user so first go to the
server
manager expand the roles and expand
adds then go to active directory users
and computer expand the forest you have
created which is CS .c lab.com
rightclick then new organizational unit
named students
and under the students Out Create a new
group named
[Music]
bsit then after that create a user also
with a logon named bsit tore the last
name
[Music]
and click next and for the password we
have
bitor pass then put a check mark for
user cannot change password and password
never expires for testing purposes and
click next
[Music]
then
[Music]
then after that we now add the user to
the group right click add user to a
group and type bsit then check names and
also add the user to The Domain
[Music]
users
then press okay and to check if our user
is member of the bsit group just
doubleclick the group and got to members
and we will see the user we just add and
now let's put a check mark on number
[Music]
six
and proceed now to The NPS we just need
to expand that also and right click on
The NPS local then register it to the
active
[Music]
directory
[Music]
click okay and add your radius client
which is your micro tick click new and
named micro tick and the IP or DNS is
the one from your micro tick IP address
since we didn't configure fist our micro
tick and our scope is from 1
192.168 10.20 to 80 we may now use
temporarily the20 and verify and resolve
it for the shared secret is admin SS so
it's easy to remember then click
[Music]
okay and next let's add a network policy
just expand the policies under
NPS then go to network policy and new
for the policy name is
bsit then next add Windows group then
add Group which is the bsit group then
next
[Music]
next and add an EAP specifically
protected EAP then okay and check the
encrypted and unencrypted authentication
then next next and finish and that's it
for the adding of user and configuring
The
NPS now that we're done configuring the
users and NPS we may now proceed to the
micro tick halflight configurations so
first let's connect to the micro tick
router through
[Music]
windbox
open windbox and connect to the router
using the IP address or Mac address of
your router the default username name
there is admin without password then
Connect Now That We're connected to the
router we may now change the interface's
name to what we desired to be and enable
our way
[Music]
one
and after that go to the wireless and
setup W lan1 to AP bridge and default
Sid is micro TI then to the general tab
renamed W lan1 and add AP to the
[Music]
[Music]
name next is Let's Make a bridge named
Comm laab hs- bridge and for the ports
we may add The Ether 3 four in the W
land 1ap to the bridge we've just
[Music]
created
[Music]
next up is the DHCP client under the IP
add a client which is for The Ether 2
lay click apply then okay and after that
we may now have an IP address of 1
192.168.1.2
and as we can see we have the 20 on our
addresses now let's add an IP address
for the bridge let's have a 172
2016.11
[Music]
sl24
since we have the IP address for our
ports let's add a DHCP server click dcct
setup and choose either to land click
next next and for the addresses to give
out let's have a 80
[Music]
1:41 for the DNS server we may add also
the 8.8.8.8 or
8.4.4 for Google's DNS and after that
let's set up also our Bridge with the
same
[Music]
procedure after the DHCP client and
server let's proceed now in setting up
our hotspot under the IP click on the
hotspot then Hotspot Setup for either
toand click next and make sure to check
the Masquerade Network then next and for
the dn's name is CSS u.
csab
[Music]
Doh and for the addresses to Mac let's
limit that to one peric addresses
[Music]
only
and again for the bridge it is the same
setup but remove the second Hots spot to
make it only one hot spot for all then
change the bridge profile and click
apply then
[Music]
okay
[Music]
[Music]
now for the hspr One enable or use
radius for that hot
[Music]
spot
[Music]
and go to the host tab as we can see we
have one IP address there that is our
win server find the MAC address make
binding then bypassed and click apply
then
okay
[Music]
we can see now in the IP bindings tab
the make address we
bind we may now proceed to the last step
which is setting up the radius and under
radius check the hot spot and for the
address is the wind server IP address
which is 1
192.168.1.2 and the shared secret is
[Music]
admin
[Music]
now that we're done let's see first if
there is a connection between the micro
tick and wind server in the micro tick
part go to the terminal and ping the IP
address of the server and for the wind
server open the command prompt and ping
the IP address of the micro tick then if
it is all good we may now test the user
we have created in the wind server from
the hotspot of micro
tick
[Music]
now that is all good and we have a
connection on both we may now log in the
user we have created in the wind server
specifically in the adds part but first
let's go to the micro tick and from the
hotspot server profile let's uncheck
first the HTP chap since our password is
only using the htpp pap type of password
and go to our client computer and
connect to the hotspot and now that we
in the hotspot page let's input the
username and password of our user and as
we can see it works that's all for the
radius connection here's now our policy
and please note the policy may vary and
this is our only preferences you can add
many policies as you want for the
password and account lockout policy go
to the group policy management then
expand and rightclick default domain
policy then choose edit and after that
go to the window settings next is the
security settings then go to the account
policies under account policy We There
is the account and password policy
configure that to your desired policy
the same with the account lockout
[Music]
[Music]
policy
[Music]
and for the idle session and daytime
restriction timeout policy just go to
The NPS in the winds server roles
doubleclick your network policy named
bsit then go to the constraints and we
will see there the idle timeout session
timeout and day and time restriction
configure to your desired timeout or
just note that for every Network policy
you will create they are not on the same
constraints or conditions every policy
means different configurations or to be
tailored to that
policy and that's all for the admin
tutorial in configuring the radius in
micro tick and Windows server to finish
all up
here's the client tutorial for the wired
connection just go to the the hotspot
page when you're already connected then
just log in the user we created then
after that you can see on the Hotpot in
the micro tick in the active tab that
the user that is connected can be seen
including some of the policy we created
and for the wireless connection same
procedure but Wireless connect to the
hotspot via Wi-Fi of the router then go
to the hotspot page then log in the user
and that's it for the client tutorial
thank you and have a good
[Music]
day
Voir Plus de Vidéos Connexes
Windows Server 2012 r2 Tutorial Tagalog!
CSS NC II COC 3: SET UP COMPUTER SERVER. #computersystem #computernetwork #computerrepair #css
Install and Configure DHCP Server in Windows Server 2019 Step By Step Guide
Konfigurasi DHCP Server dan DHCP Client pada Router Mikrotik RB 951Ui-2HnD
2 | How to Install a Local Server for PHP | 2023 | Learn PHP Full Course for Beginners
Cara setting Router Mikrotik agar komputer Client bisa terkoneksi internet dengan DHCP SERVER
5.0 / 5 (0 votes)