Configure Cisco Aironet 1130AG with RADIUS Authentication from AD

I have 3 Cisco Aironet 1130AG wireless access points that I need to configure so that wireless users authenticate with their Active Directory username and password.  Currently, they are configured with a WPA key and plugged directly into our LAN, and the domain controller provides DHCP and DNS.  We'd like to secure this by only allowing users with a valid AD account access to the wireless network.
The DC is Windows Server 2008 with the Network Policy Server role installed.
I've tried a bit of config on this myself, but have had no luck.  I've read some things about certificates- is this what is required?  I do not know if this would be suitable as some users have iPhones and other wireless devices...

A complete config or step by step guide would be useful, although any help is appreciated!  Thanks!
Who is Participating?
naykamConnect With a Mentor Commented:
It a pretty lengthy job, but no you do not 'need' certificates. You can validate it all without certs for the time being.

Network policy server works great, as like you mentioned you can integrate it into AD. If you use group policy items such as single sign on, then the users will login to there domain computer on the wireless and everything will map, eg scrips will run, as if there were at there desk.

Im almost certain the iphones wont be a problem, becuase they support 802.1x authentication. The users will just have to enter their domain credentials in upon first connection.

I am currently writing a blog post on doing exactly what your asking. I will post here when I have finished. As it is a very lengthy process to get it running.

But in the meantime, have you seen this?

Just try and ignore the things about certificate, and ensure on the wireless clients, under advanced wireless settings that they are not selected "validate server certificate".

Also remember that you have to validate the NPS server in active directy / you have to allow it to read and interact with your domain controller. This is done by on the network policy server, and it will automatically add that sever in your active directory somewhere.

Last thing - Disable the windows firewall for testing, check the windows security logs, they will be your best friend.

Hope this helps.
ArdamayneAuthor Commented:
Thank you for the response, as well as the link.  I haven't seen that one yet.  I've put this project on the back burner for now, but it isn't going away...
Please, link your blog post when it is complete.  I'm very eager to read it.
No worries,

Also check out this, you could use IAS or NPS
Have you written up your procedure?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.