Hello,
Thanks for your answer.
I suppose some people here knoww how this feature works and can maybe help me ? I don't know where I can find an answer about microsoft role if it's not on microsoft forum :/
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I have a customer with NPS role installed on DC01 and radius client + radius server configured.
Radius client are wifi controller and radius server is fortigate
On his policy connexion settings I don't understand exactly how it works.
On transfert connexion :
-Authentication : On this server
-Management : On the fortigate.
I understand authentication is done on the domain controller (with active directory I suppose ?) and logs are copied to the fortigate.
Am I right or wrong ? I don't understand really if DC01 is proxy radius or radius server in the environment.
Thank you for your help.
Hello,
Thanks for your answer.
I suppose some people here knoww how this feature works and can maybe help me ? I don't know where I can find an answer about microsoft role if it's not on microsoft forum :/
Hi,
I understand authentication is done on the domain controller (with active directory I suppose ?) and logs are copied to the fortigate. Am I right or wrong ? I don't understand really if DC01 is proxy radius or radius server in the environment.
Yes, you are right. Microsoft NPS server role can be installed on a domain controller or dedicated Microsoft Windows server that is joined to AD domain. NPS uses an Active Directory Domain Services (AD DS) domain or the local Security Accounts Manager (SAM) user accounts database to authenticate user credentials for connection attempts.
So, in domain environment, when NPS server is installed on DC then Authentication should be On this server and Management should be On the fortigate. This is right.
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you for your answer.
I just would like to understand, what is management for ? Only for logging ?
I suppose best practice is to redirect all "security" trafic from connection to the same device ?
In fact, to optimize NPS authentication and authorization response times and minimize network traffic, we can install NPS on a domain controller. I am not familiar with fortigate radius server. In windows, if you install DC and NPS role on same machine, DC is a radius server as well.
For Radius server, it can centrally configure and manage network access authentication, provide authorization for connection requests, and accounting for information logs. Not only for logging.
Since your radius server is fortigate instead of DC, then you should configure Management on your radius server(fortigate).
I'm sorry but I don't understand what I would like.
What's the difference between "authentication" and "management". I mean between both part here :
On my client : Authentication is configured local (DC01)
Accounting : Redirect to fortigate.
I don't understand what accounting do really