Configure Cisco Aironet 1130AG with RADIUS Authentication from AD

I have 3 Cisco Aironet 1130AG wireless access points that I need to configure so that wireless users authenticate with their Active Directory username and password.  Currently, they are configured with a WPA key and plugged directly into our LAN, and the domain controller provides DHCP and DNS.  We'd like to secure this by only allowing users with a valid AD account access to the wireless network.
The DC is Windows Server 2008 with the Network Policy Server role installed.
I've tried a bit of config on this myself, but have had no luck.  I've read some things about certificates- is this what is required?  I do not know if this would be suitable as some users have iPhones and other wireless devices...

A complete config or step by step guide would be useful, although any help is appreciated!  Thanks!
ArdamayneAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

naykamCommented:
It a pretty lengthy job, but no you do not 'need' certificates. You can validate it all without certs for the time being.

Network policy server works great, as like you mentioned you can integrate it into AD. If you use group policy items such as single sign on, then the users will login to there domain computer on the wireless and everything will map, eg scrips will run, as if there were at there desk.

Im almost certain the iphones wont be a problem, becuase they support 802.1x authentication. The users will just have to enter their domain credentials in upon first connection.

I am currently writing a blog post on doing exactly what your asking. I will post here when I have finished. As it is a very lengthy process to get it running.

But in the meantime, have you seen this?

http://technet.microsoft.com/en-us/library/cc771455%28WS.10%29.aspx

Just try and ignore the things about certificate, and ensure on the wireless clients, under advanced wireless settings that they are not selected "validate server certificate".

Also remember that you have to validate the NPS server in active directy / you have to allow it to read and interact with your domain controller. This is done by on the network policy server, and it will automatically add that sever in your active directory somewhere.

Last thing - Disable the windows firewall for testing, check the windows security logs, they will be your best friend.

Hope this helps.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ArdamayneAuthor Commented:
Thank you for the response, as well as the link.  I haven't seen that one yet.  I've put this project on the back burner for now, but it isn't going away...
Please, link your blog post when it is complete.  I'm very eager to read it.
0
naykamCommented:
No worries,

Also check out this, you could use IAS or NPS

http://articles.techrepublic.com.com/5100-10878_11-6148579.html
0
netcmhCommented:
Have you written up your procedure?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.