WIndows Radius Server

Similar Messages

• Cisco AAA authentication with windows radius server

  Cisco - Windows Radius problems
  I need to created a limited access group through radius that I can have new network analysts log into
  and not be able to commit changes or get into global config.
  Here are my current radius settings
  aaa new-model
  aaa group server radius IAS
   server name something.corp
  aaa authentication login USERS local group IAS
  aaa authorization exec USERS local group IAS
  radius server something.corp
   address ipv4 1.1.1.1 auth-port 1812 acct-port 1813
   key mypassword
  line vty 0 4
   access-class 1 in
   exec-timeout 0 0
   authorization exec USERS
   logging synchronous
   login authentication USERS
   transport input ssh
  When I log in to the switch, the radius server is passing the corrrect attriubute
  ***Jan 21 13:59:51.897: RADIUS:   Cisco AVpair       [1]   18  "shell:priv-lvl=7"
  The switch is accepting it and putting you in the correct priv level.
  ***Radius-Test#sh priv
     Current privilege level is 7
  I am not sure why it logs you in with the prompt for  privileged EXEC mode when
  you are in priv level 7. This shows that even though it looks like your in priv exec
  mode, you are not.
  ***Radius-Test#sh run
                  ^
     % Invalid input detected at '^' marker.
     Radius-Test#
  Now this is where I am very lost.
  I am in priv level 7, but as soon as I use the enable command It moves me up to 15, and that gives me access to
  global config mode.
  ***Radius-Test#enable
     Radius-Test#
  Debug log -
  Jan 21 14:06:28.689: AAA/MEMORY: free_user (0x2B46E268) user='reynni10'
  ruser='NULL' port='tty390' rem_addr='10.100.158.83' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
  Now it doesnt matter that I was given priv level 7 by radius because 'enable' put me into priv 15
  ***Radius-Test#sh priv
     Current privilege level is 15
     Radius-Test#
  I have tried to set
  ***privilege exec level 15 enable
  It works and I am no longer able to use 'enable' when I am at prv level 7, but I also cannot get the commands they will need to work.
  Even if I try to do
  ***privilege exec level 7 show running-config (or other variations)
  It will allow you to type sh run without errors, but it doest actually run the command.
  What am I doing wrong?
  I also want to get PKI working with radius.

  I can run a test on my radius system, will report back accordingly, as it's a different server than where I am currently located.
  Troubleshooting, have you deleted the certificate/network profile on the devices and started from scratch?

• How to set two radius servers one is window NPS another is cisco radius server

  how to set two radius servers one is window NPS another is cisco radius server
  when i try the following command, once window priority is first , i type cisco radius user name, it authenticated fail
  i can not use both at the same time
  radius-server host 192.168.1.3  is window NPS
  radius-server host 192.168.1.1 is cisco radius
  http://blog.skufel.net/2012/06/how-to-integrating-cisco-devices-access-with-microsoft-npsradius/
  conf t
  no aaa authentication login default line
  no aaa authentication login local group radius
  no aaa authorization exec default group radius if-authenticated
  no aaa authorization network default group radius
  no aaa accounting connection default start-stop group radius
  aaa new-model
  aaa group server radius IAS
   server 192.168.1.1 auth-port 1812 acct-port 1813
   server 192.168.1.3 auth-port 1812 acct-port 1813
  aaa authentication login userAuthentication local group IAS
  aaa authorization exec userAuthorization local group IAS if-authenticated
  aaa authorization network userAuthorization local group IAS
  aaa accounting exec default start-stop group IAS
  aaa accounting system default start-stop group IAS
  aaa session-id common
  radius-server host 192.168.1.1 auth-port 1812 acct-port 1813
  radius-server host 192.168.1.2 auth-port 1812 acct-port 1813
  radius-server host 192.168.1.3 auth-port 1645 acct-port 1646
  radius-server host 192.168.1.3 auth-port 1812 acct-port 1813
  privilege exec level 1 show config
  ip radius source-interface Gi0/1
  line vty 0 4
   authorization exec userAuthorization
   login authentication userAuthentication
   transport input telnet
  line vty 5 15
   authorization exec userAuthorization
   login authentication userAuthentication
   transport input telnet
  end
  conf t
  aaa group server radius IAS
   server 192.168.1.3 auth-port 1812 acct-port 1813
   server 192.168.1.1 auth-port 1812 acct-port 1813
  end

  The first AAA server listed in your config will always be used unless/until it becomes unavailable. At that point the NAD would move down to the next AAA server defined on the list and use that one until it becomes unavailable and then move to third one, and so on. 
  If you want to use two AAA servers at the same time then you will need to put a load balancer in front of them. Then the virtual IP (vip) will be listed in the NADs vs the individual AAA servers' IPs. 
  I hope this helps!
  Thank you for rating helpful posts!

• Windows 2k8 Radius Server with Cisco Wireless Controllers

  We currently are using a Cisco 4400 wireless controller with an older Cisco Secure ACS appliance that is going EOL.  My hope was to just connect our 4400 Wireless Controller to a Windows Server 2008 Radius Server (Just using Microsoft's Network Policy Server) but have not had any luck in getting this to work.  Does anyone have an easy to follow set of instructions on configuration of Microsoft Windows Server 2008 NPS for use with Cisco Wireless Controllers?  Any advise would be greatly appreciated.
  Thank You,
  Jim

  Hi NPT,
  Here is the post which may help you!!
  https://supportforums.cisco.com/message/3073519
  Regards
  Surendra

• Cisco aironet 2600 series AP configuration with windows 2008 R2 Radius server.

  I want to know the configuration of Cisco aironet 2600 series AP with windows 2008 R2 Radius server.  
  I have
  1. AD & DHCP Server
  2. Cisco Aironet 2600 Access Point.
  I want to connect wifi devices through this AP. Authentication should be through Radius server and AD.

  Hi , 
  Below link should support your requirement 
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116584-configure-wirelesslan-00.html
  Minimal command : -
  AP(config)# aaa new-model
   AP(config)# radius-server host 172.20.0.1 auth-port 1645 acct-port 1645 key XXXXXX
   AP(config)# radius-server deadtime 10
  HTH
  Sandy

• MAC Authentication + Windows Server 2008 R2 Radius server

  Hello there,
  I have been trying to configure the MAC Authentication on Windows Server Network Policy Server but no success. Details on my configuration can be find below.
  I have firstly enabled the Mac Authentication on 3com switch 4400 model.
  enabling  -> Mac-authentication
  enabling authentication mode -> UsernameAsMacAddress
  configuring a domain - mac-authentication domain abc.local.
  I left the default Vlan (Vlan1)
  While on my DC, I created a user
  username: 00-00-00-00-00-00
  password: 00-00-00-00-00-00
  Lastly on the NPS Server, I configured the 802.1x Wired configuration, I configured the NAS (Radius Client) whici is the 3com Switch.
  After completing the configurations, I turned on my computer with and logged on to the domain abc\00-00-00-00-00-00 with the password. But there was no success when the computer tried to connect to the network looking for DHCP services to obtain IP address.
  On the NPS event service, I got:
  User:
  Security ID:
  NULL SID
  Account Name:
  [email protected]
  Account Domain:
  abc
  Fully Qualified Account Name:
  abc\00-00-00-00-00-00
  Client Machine:
  Security ID:
  NULL SID
  Account Name:
  Fully Qualified Account Name:
  OS-Version:
  Called Station Identifier:
  Calling Station Identifier:
  0000-0000-0000
  NAS:
  NAS IPv4 Address:
  xxx.xxx.xx.xx
  NAS IPv6 Address:
  NAS Identifier:
  00aa00aa00aa
  NAS Port-Type:
  Ethernet
  NAS Port:
  12345678
  RADIUS Client:
  Client Friendly Name:
  3com
  Client IP Address:
  xxx.xxx.xx.xx
  Authentication Details:
  Connection Request Policy Name:
  NAP 802.1X (Wired) 2
  Network Policy Name:
  Authentication Provider:
  Windows
  Authentication Server:
    server.abc.local
  Authentication Type:
  PAP
  EAP Type:
  Account Session Identifier:
  Logging Results:
  Accounting information was written to the local log file.
  Reason Code:
  16
  Reason:
  Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
  All I could find was " Authentication failed due to the reason appeared in the reason code but I am very sure that the name and the password are the same. I hope someone can help me out. 
  Thanks.

  Hi,
  Thanks for your post.
  MAC address authorization is performed when the user does not type in any user name or password, and refuses to use any valid authentication method. In this case, Network Policy Server (NPS) receives the Calling-Station-ID attribute, and no user name and
  password. To support MAC address authorization, Active Directory Domain Services (AD DS) must have user accounts that contain MAC addresses as user names.
  For more detailed information about MAC Address Authorization, please refer to the below article. Hope it helps.
  MAC Address Authorization
  http://technet.microsoft.com/en-us/library/dd197535(WS.10).aspx
  Best Regards,
  Aiden
  Aiden Cao
  TechNet Community Support

• Authenicating Windows Servers to NMAS Radius Server

  I am trying to figure out how to authenicate logins to a Windows Server (W2k & W2003) via NMAS Radius Server 3.8. Has anyone done this?
  John

  John,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Connecting Windows 7 to Apple Radius server

  Anyone know how to get a windows 7 machine to connect to an apple radius server? My macs work great and authenticate perfectly, but my windoww boxes won't connect at all.

  Please check out the following Apple Support article for details on how to access a HDD attached to an AirPort Extreme Base Station (AEBS) from either a Mac or PC.

• Access denied when ssh in window server 2008 after set it as radius server

  yesterday i succeed to use aaa to login and can see aaa in sh aaa session
  https://murison.wordpress.com/2010/11/11/cisco-radius-configuration-with-server-2008-r2/
  today i simulate again, it access denied, do not know where is wrong
  win 192.168.2.12 ---  switch 192.168.2.5 --- 192.168.2.1 R1
  R1
  conf t
  hostname router1
  int FastEthernet0/0
  ip address 192.168.2.1 255.255.255.0
  no shut
  end
  conf t
  ip route 192.168.2.0 255.255.255.0 192.168.2.5
  end
  enable
  configure terminal
  enable secret cisco
  end
  conf t
  aaa new-model
  username radiusclient privilege 15 password 0 cisco
  crypto key generate rsa
  ip ssh time-out 60
  ip ssh version 2
  line vty 0 4
  transport input ssh
  exit
  line vty 5 15
  transport input ssh
  exit
  ip domain-name radius1.local
  radius-server host 192.168.2.12
  radius-server key cisco
  aaa group server radius NPSSERVER
  server 192.168.2.12
  exit
  aaa authentication login default group NPSSERVER local
  aaa authorization exec default group NPSSERVER local
  exit
  R2
  conf t
  vlan 10
  int vlan 10
  ip address 192.168.2.5 255.255.255.0
  end
  conf t
  hostname router2
  int FastEthernet1/0
  switchport
  switchport access vlan 10
  switchport mode access
  shutdown
  no shut
  end
  conf t
  hostname router2
  int FastEthernet1/1
  switchport
  switchport access vlan 10
  switchport mode access
  shutdown
  no shut
  end
  conf t
  hostname router2
  int FastEthernet1/2
  switchport
  switchport access vlan 10
  switchport mode access
  shutdown
  no shut
  end
  R3
  conf t
  hostname router3
  int FastEthernet0/0
  ip address 192.168.2.7 255.255.255.0
  no shut
  end
  conf t
  ip route 192.168.2.0 255.255.255.0 192.168.2.5
  end

  Hi,
  The configuration looks fine. What do you see in radius server as the reason for authentication failure?
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.

• Windows Radius / NPS not working with mac book pro 10.9.4 wired

  Hi,
  I'm trying to get my Radius windows server 2012 working with the correct setting for using 802.1x wired connection for the mac book pro. The only issue I'm having is there is not much setting in the mac book pro. I'm not sure what need to setup on the sever to make it connect correctly and assign it to the correct vlan when it's authenticated.
  Here are some screen shoots for my mac book pro
  So I've got it up to a point where I have this issue and here is my screen shots setting:
  So the above are my windows 2012 screen shot settings.
  On the mac book pro, I'm getting a prompted about adding certificate and I've added that into the laptop and then I need to put the username and password information. I put the following:
  [email protected] and the password.
  I'm current working with someone at HP on the switch settings, everything looks good.
  I know the following:
  1. Wireshark: shows server is getting request from the switch but it's not accepting them here are my logs on the NPS:
  RAD01  6274    Information      Microsoft Windows security auditing.   Security            2014-08-21 12:40:24 PM
  Here is the detail of the machine:
  Network Policy Server discarded the request for a user.
  Contact the Network Policy Server administrator for more information.
  User:
  Security ID:                              S-1-5-21-2690993882-1154983957-2264505580-1328
  Account Name:                         [email protected]
  Account Domain:                                  LCS
  Fully Qualified Account Name:  LCS\username
  Client Machine:
  Security ID:                              S-1-0-0
  Account Name:                         -
  Fully Qualified Account Name:  -
  OS-Version:                             -
  Called Station Identifier:                      b4-39-d6-ec-2c-00
  Calling Station Identifier:                     ac-7f-3e-e6-32-34
  NAS:
  NAS IPv4 Address:                   xx.xx.xx.xx
  NAS IPv6 Address:                   -
  NAS Identifier:                         5412zl-xxx-xxxxswithname
  NAS Port-Type:                                    Ethernet
  NAS Port:                                 170
  RADIUS Client:
  Client Friendly Name:               HP Procurve 5412zl switch
  Client IP Address:                                xx.xx.xx.xx
  Authentication Details:
  Connection Request Policy Name:       Secure Wired (Ethernet) Connections
  Network Policy Name:              Secure Wired (Ethernet) Connections
  Authentication Provider:                      Windows
  Authentication Server:             rad01.xxx.xxx.ca
  Authentication Type:                EAP
  EAP Type:                                -
  Account Session Identifier:                  -
  Reason Code:                          1
  Reason:                                               An internal error occurred. Check the system event log for additional information.
  Again I don't know what's the correct setting the default 802.1x for mac book pro, but it should correct.
  I'm also not sure what the internal error message is regarding about. The switch should automatically put me to vlan 7
  Can you some please help out what the correct authentication method for mac 10.9.4.
  Thanks

  Flash Player is a browser add-on, not a standalone application.
  You can test if the player is correctly installed at http://www.adobe.com/software/flash/about/

• Can't authenticate Mac VPN client from RADIUS server

  Hello,
  I'm a real noob here so please bear with me.
  I have been able to configure my PIX 515E to allow VPN connections onto my network, but what I need to do is set up some sort of user authentication to control access at a user level. From what I've read here and in the Configuration Guide I should be able to do this authentication with a RADIUS server. I'm running a Corriente Networks Elektron Security server which has RADIUS server capabilities. It is running on my (inside) interface at IP 192.168.10.26.
  I thought that I had everything configured properly but it never seems to authenticate. I connect, the XAUTH window pops up, I add my username and password as it's configured on my RADIUS server, but when I click OK it just cycles the progress bar at the bottom and eventually times out. The client log doesn't show me anything and the log on the RADIUS server shows me nothing. Any ideas? this seems like it should be simple because I can connect until I attempt to authenticate to the RADIUS server.
  TIA for any direction you can provide me.
  Christine

  If it helps, here is my config with a some of the non-related bits deleted:
  interface ethernet0 auto
  interface ethernet1 auto
  interface ethernet2 auto
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  nameif ethernet2 DMZ security50
  enable password ********* encrypted
  passwd ******* encrypted
  hostname pixfirewall
  domain-name acme.com
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol http 80
  fixup protocol http 82
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  access-list inside_outbound_nat0_acl permit ip any 192.168.10.0 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip host 192.168.10.26 192.168.10.192 255.255.255.224
  access-list inside_outbound_nat0_acl permit ip host 192.168.10.69 192.168.10.192 255.255.255.224
  access-list outside_cryptomap_dyn_20 permit ip any 192.168.10.0 255.255.255.0
  access-list outside_cryptomap_dyn_40 permit ip any 192.168.10.192 255.255.255.224
  mtu outside 1500
  mtu inside 1500
  mtu DMZ 1500
  ip address outside 207.XXX.XXX.130 255.255.255.0
  ip address inside 192.168.10.1 255.255.255.0
  ip address DMZ 192.168.100.1 255.255.255.0
  multicast interface inside
  ip audit info action alarm
  ip audit attack action alarm
  ip local pool CBI_VPN_Pool 192.168.10.201-192.168.10.220
  pdm location 192.168.10.50 255.255.255.255 inside
  pdm group CBI_Servers inside
  pdm logging warnings 100
  pdm history enable
  arp timeout 14400
  global (outside) 200 interface
  global (DMZ) 200 interface
  nat (inside) 0 access-list inside_outbound_nat0_acl
  nat (inside) 200 192.168.10.0 255.255.255.0 0 0
  static (inside,outside) 207.XXX.XXX.150 192.168.10.27 netmask 255.255.255.255 0 0
  static (inside,outside) 207.XXX.XXX.132 192.168.10.26 dns netmask 255.255.255.255 0 0
  access-group 100 in interface outside
  route outside 0.0.0.0 0.0.0.0 207.XXX.XXX.129 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server radius-authport 1812
  aaa-server radius-acctport 1812
  aaa-server TACACS+ protocol tacacs+
  aaa-server RADIUS protocol radius
  aaa-server RADIUS (inside) host 192.168.10.26 ************* timeout 10
  aaa-server LOCAL protocol local
  http server enable
  http 192.168.10.3 255.255.255.255 inside
  no floodguard enable
  sysopt connection permit-ipsec
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
  crypto dynamic-map outside_dyn_map 40 match address outside_cryptomap_dyn_40
  crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map client authentication RADIUS
  crypto map outside_map interface outside
  crypto map inside_map interface inside
  isakmp enable outside
  isakmp nat-traversal 3600
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption des
  isakmp policy 20 hash md5
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  vpngroup Test_VPN address-pool CBI_VPN_Pool
  vpngroup Test_VPN dns-server 142.77.2.101 142.77.2.36
  vpngroup Test_VPN default-domain acme.com
  vpngroup Test_VPN idle-time 1800
  vpngroup Test_VPN authentication-server RADIUS
  vpngroup Test_VPN user-authentication
  vpngroup Test_VPN user-idle-timeout 1200
  vpngroup Test_VPN password ********
  ssh timeout 5
  console timeout 0
  dhcpd address 192.168.10.100-192.168.10.254 inside
  dhcpd dns 142.77.2.101 142.77.2.36
  dhcpd lease 3600
  dhcpd ping_timeout 750
  dhcpd auto_config outside
  dhcpd enable inside

• Authenticated on ISE 1.2 (as admin) against an external radius server

  Hello
  Our customer wants to be authenticated on ISE 1.2 (as admin) against an external radius server (like ACS not microsoft). How could i do that ?
  Is it possible while retaining internal admin users database in a sequence "external_radius or internal"
  thank you in advance.
  Best regards

  External authentication is supported only with internal authorization:
  External Authentication + Internal Authorization
  When configuring Cisco ISE to provide administrator authentication using an external RSA SecurID identity store, administrator credential authentication is performed by the RSA identity store. However, authorization (policy application) is still done according to the Cisco ISE internal database. In addition, there are two important factors to remember that are different from External Authentication + External Authorization:
  You do not need to specify any particular external administrator groups for the administrator.
  You must configure the same username in both the external identity store and the local Cisco ISE database.
  To create a new Cisco ISE administrator that authenticates via the external identity store, complete the following steps:
  Step 1 Choose Administration > System > Admin Access > Administrators > Local Administrators.
  The Administrators window appears, listing all existing locally defined administrators.
  Step 2 Follow the guidelines at Creating a New Cisco ISE Administrator to ensure that the administrator username on the external RSA identity store is also present in Cisco ISE. Be sure to click the External option under Password.
  Note Remember: you do not need to specify a password for this external administrator user ID, nor are you required to apply any specially configured external administrator group to the associated RBAC policy.
  Step 3 Click Save .

• Exchange Server 2013 and RADIUS server(freeRADIUS2)

  I am a student and doing an internship. I have to test Microsoft Exchange Server 2013.
  I am using Windows Server 2012, I already installed Exchange
  Server 2013 on it and everything works as intended.
  But I couldn't find out how to configure my Windows Server 2012 in order to authenticate my mailbox users from Exchange Server 2013 with a RADIUS
  server which is not on my Windows Server 2012. I have to use their RADIUS server ( freeRADIUS2 ), the RADIUS server from
  the company where I am doing my internship.
  I already did the checklist that is on http://technet.microsoft.com/en-us/library/cc772591.aspx. I configured the NPS as
  a RADIUS proxy, because that's what I need.
  So after doing everything that is on that checklist, my question is:
  Is it possible that the Exchange Server 2013 will use my NPS which is now configured as a NPS RADIUS proxy to authenticate my mailbox users that I have on my Exchange Server 2013?

  thanks for such a quick response.
  Just a small question about the link that you put. Does member server mean other server other than domain controller?
  Regards,
  Yes, Also the server on which you are installing Exchange should have exchange installed.
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Exchange Server 2013 with a RADIUS server (freeRADIUS).

  Hello,
  I am a student and doing an internship. I have to test Microsoft Exchange Server 2013.
  I am using Windows Server 2012, I already installed Exchange Server 2013 on it and everything works as intended.
  But I couldn't find out how to configure my Windows Server 2012 in order to authenticate my mailbox users from Exchange Server 2013 with a RADIUS server which is not on my Windows Server 2012. I have to use their RADIUS server (freeRADIUS), the RADIUS server
  from the company where I am doing my internship.
  I already created a NPS and added the RADIUS Client + Remote
  RADIUS Server Groups. I created a Connection Request Policies with the condition:
  User Name *
  I forwarded the Connection Request to the
  Remote RADIUS server that I created in Remote RADIUS Server Groups and then I registered the NPS in th AD. But it's still not working. 
  Maybe I did something wrong or I misunderstood something or does this even work with Exchange Server 2013? To authenticate mailbox users with a RADIUS server before they can login into their mailbox and use their mailbox?
  Thanks in advance.

  Hi,
  I suggest we refer to the following article to double confirm the Network Policy Server is registered properly.
  http://technet.microsoft.com/library/cc732912.aspx
  Thanks,
  Simon Wu
  TechNet Community Support

• RADIUS Server on Mac OS X Server 10.5 Leopard

  I must set up a Radius Server on my LAN and WLAN, I will do this with Mac OS X Server v.10.5 Leopard but I don't know if it's compatible with any routers(for LAN and WLAN Access) and with Windows XP Pro SP3 computers.
  Can anyone help me????

  I know this question is fairly old but I can now state that as of last night I am using a Netgear WN802T - 200 access point paired with the RADIUS service on a Leopard Server.
  Leave the "type" of station either blank or other for Netgear.
  Accounting does not seem to work and throws errors in the radiusd log, but other than that the Mac clients and iPhones show a WPA2 Enterprise connection.
  Your mileage may vary.