The purpose of this document is to provide guidelines on how to install and configure the Network Policy Server (NPS) to function with Mideye Server when forwarding MS-CHAP-V2 packages. The installation guide for NPS will be installed on a Windows Server 2012 R2 machine, but it´s similar for Windows Server 2008 R2, Windows Server 2016 and Windows Server 2019.
Requirements & prerequisites
A Mideye Server (4.3.0 or higher) is required. If the NPS server is installed on a separate machine the firewall must allow UDP/1812 (default) two-way traffic between Mideye-server and the NPS. By default, both the Mideye-server and the NPS runs on UDP/1812. Therefore either the NPS or the Mideye-server have to change port if they run on the same server. We recommend that you run the NPS on a different port since the Mideye-server normally serves more than one RADIUS-clients.
Install the NPS-role
From the Server Manager click “Add Role and Features”
Configure the NPS-server
Once the installation is completed, open the Network Policy Server console. First time you need to register the NPS with your domain. Right-click NPS at the top of the tree and choose “Register server in Active Directory”
To change the UDP-port for NPS right-click NPS and choose “Properties”. By default UDP/1812 will be used, but this is recommended to be changed to another UDP-port if NPS is installed on the same machine as your Mideye-server.
Add a new RADIUS-client
The next step is to add your Mideye-server as a RADIUS-client. Expand “Radius Clients and Servers” and right-click “RADIUS Clients” followed by “New”. Give your Mideye-server a friendly name, IP-address and a shared-secret. This shared secret needs to be identical on your Mideye-server.
Create a new Network Policy
Expand “Policies” and right-click “Network Policies” and click “New”.
Configure Mideye-server to communicate with NPS
On your Mideye-server open configuration-tool. Select “LDAP Servers” tab and choose to modify your existing LDAP-server used by your remote-solution.
Click “NPS” tab and enter the IP-address of your NPS-server. Make sure to change the UDP-port to match the same as on the NPS-server. Enter the same shared-secret as on the NPS- server.
The last step is to enable your Mideye server to allow password-changes. Click the “Active Directory” tab and check “Allow Password Reset” and “Allow Password Expired”.
Change your remote-solution to use MS-CHAP
Check if anything is written to the Mideye RADIUS logs
Contact Mideye support
For further support please contact Mideye support, firstname.lastname@example.org, +46854514750.