Course Hero Logo

Extensible authentication protocol eap and protected

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 8 - 10 out of 20 pages.

Extensible Authentication Protocol (EAP) and Protected EAP (PEAP).EAPis anInternet standards–based infrastructure that allows the addition of arbitrary authenticationmethods, such as smart cards, certificates, one-time passwords, and token cards. Aspecific authentication method that uses the EAP infrastructure is anEAP type. NPSincludes support for EAP-Transport Layer Security (EAP-TLS), as well as PEAP-MS-CHAP v2 and PEAP-TLS.Authorization methodsNPS supports a number of authorization methods and allows you to add custom methods thatmeet your authorization requirements. The supported authorization methods are:Dialed Number Identification Service (DNIS). The authorization of a connectionattempt that is based on the number called. DNIS supplies the number that was called tothe call receiver and is provided by most standard telephone companies.Automatic Number Identification/Calling Line Identification (ANI/CLI). Theauthorization of a connection attempt that is based on the phone number of the caller.ANI/CLI service supplies the number of the caller to the call receiver and is provided bymost standard telephone companies.Guest authorization. The authorization of a connection when the caller does not send ausername or password during the authentication process. If unauthenticated access isenabled, the Guest account is used by default as the identity of the caller.In addition, you can configure authorization by user with Active Directory Domain Services(AD DS) user and computer account dial-in properties or authorization by group using NPSnetwork policy.Centralized user authentication and authorizationTo authenticate a connection request, NPS validates the connection credentials against user andcomputer accounts in the local computer security accounts manager (SAM) database (also calledLocal Users and Groups), a Windows NT Server 4.0 domain, or an Active Directory domain. Foran Active Directory domain, NPS supports the use of Active Directory user principal names(UPNs) and universal groups.
To authorize a connection request, NPS uses the dial-in properties of the user account thatcorrespond to both the connection credentials and network policies.One of the elements used during authorization is theNetwork Access Permissionsetting, whichcan be set both on the user or computer account and in the network policy. Although it isrelatively easy to manage network access permission for each user account, this approach doesnot scale well as an organization grows. NPS network policies provide a more powerful andflexible way to manage network access permission.With network policies, you can authorize network access based on various conditions, including:User account membership in a group.The time of day, the day of the week, or both.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 20 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Spring
Professor
NoProfessor
Tags
Windows 2000, NPS, Extensible Authentication Protocol

Newly uploaded documents

Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture