Solved

how to configure windows 2008 nps (ra with cisco aironet wireless

Posted on 2012-03-12
9
1,355 Views
Last Modified: 2012-05-13
i have windows 2008 dc with 5 wireless access point and cisco controller i need to configure radius server to authenticate domain user to connect to wireless connection.
0
Comment
Question by:leganti
  • 6
  • 3
9 Comments
 
LVL 21

Expert Comment

by:Jakob Digranes
ID: 37712408
on NPS - do the following:

Choose 802.1X connection from drop down in main menu (see picture)
Give the connection a name
create Radius Clients for all APs - with correct shared key
Select EAP type - for establishing connection to NPS server. Try with Protected EAP first
Choose configure - choose certificate and choose EAP type, try MS-Chap V2 - clients authenticating using usernames and passwords
Select User Groups that are granted access, depending on how you want to grant access, to computers, users or both ...

nps start
Here's some good step-by-step guide
http://techblog.mirabito.net.au/?p=87
http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/
0
 

Author Comment

by:leganti
ID: 37734192
thanx jakob_di i will check it and let you know.
0
 

Author Comment

by:leganti
ID: 37734670
regarding policy properties ----setting    what i have to change if i have cisco aironet
for example : radius attributes , nap,routing and remote acccess
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:leganti
ID: 37736580
do i have to configure any thing Active directory group policy for wireless users , or not.
0
 

Author Comment

by:leganti
ID: 37736631
find attached doc if this is oky to implement windows 2008 nps radiusWINDOWS-2008-NPS-WITH-CISCO-AIRO.doc with cisco wireless
0
 
LVL 21

Accepted Solution

by:
Jakob Digranes earned 500 total points
ID: 37736645
you can use a special windows group if you want only a few users to have access, or you can use domain computers/users ---

That document covers some - but it uses EAP-TLS (Certificate and smart card) for inner authentication - but says nothing on how to deploy certificates to users and computers.
It doesn't say anything on how to deploy RAS/IAS certificate to NPS server.

For start - it would be easier to deploy MsChapV2 as inner authentication method rather than EAP-TLS - to avoid enrolling certificates to all clients

Otherwise it looks okay
0
 

Author Comment

by:leganti
ID: 37736714
thanx jakob_di but i have doubt regarding for lap top not member of the AD domain will it work this.
0
 
LVL 21

Expert Comment

by:Jakob Digranes
ID: 37736731
if it's not domain joined - then you should deploy a user group and either certificates (export and import to user computer) or user EAP-MsChap V2 - and remove Use Windows Login Credentials;
http://www.codealias.info/technotes/caching_domain_logon_credentials_for_eap_peap_mschap_authentication
0
 

Author Comment

by:leganti
ID: 37801050
kindly check the error below  as you can see it is displaying   mac address not user name i don't why

1- can you i configure the nps not to check the certificate and is required to install certificate for nps

2-how to configure it to use only user name and password from AD.

----------------------------------------------------------------------------------------------

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
    Security ID:            NULL SID
    Account Name:            001cbf22157f
    Account Domain:            abc
    Fully Qualified Account Name:    abc\001cbf22157f

Client Machine:
    Security ID:            NULL SID
    Account Name:            -
    Fully Qualified Account Name:    -
    OS-Version:            -
    Called Station Identifier:        00-1a-6c-3c-ef-30:abc-WL
    Calling Station Identifier:        00-1c-bf-22-15-7f

NAS:
    NAS IPv4 Address:        192.168.1.2
    NAS IPv6 Address:        -
    NAS Identifier:            abc-WLC
    NAS Port-Type:            Wireless - IEEE 802.11
    NAS Port:            1

RADIUS Client:
    Client Friendly Name:        ciscowl
    Client IP Address:            192.168.1.2

Authentication Details:
    Connection Request Policy Name:    wl
    Network Policy Name:        -
    Authentication Provider:        Windows
    Authentication Server:        nps.abc.local
    Authentication Type:        Unauthenticated
    EAP Type:            -
    Account Session Identifier:        -
    Logging Results:            Accounting information was written to the local log file.
    Reason Code:            8
    Reason:                The specified user account does not exist.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NTP problem 24 73
Urgent Help dns, clock issues nightmare 71 74
GPO on certain users 17 33
Cost to upgrade from Windows Server 2008 to Server 2008 R2 3 73
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question