how to configure windows 2008 nps (ra with cisco aironet wireless

i have windows 2008 dc with 5 wireless access point and cisco controller i need to configure radius server to authenticate domain user to connect to wireless connection.
legantiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jakob DigranesSenior ConsultantCommented:
on NPS - do the following:

Choose 802.1X connection from drop down in main menu (see picture)
Give the connection a name
create Radius Clients for all APs - with correct shared key
Select EAP type - for establishing connection to NPS server. Try with Protected EAP first
Choose configure - choose certificate and choose EAP type, try MS-Chap V2 - clients authenticating using usernames and passwords
Select User Groups that are granted access, depending on how you want to grant access, to computers, users or both ...

nps start
Here's some good step-by-step guide
http://techblog.mirabito.net.au/?p=87
http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/
0
legantiAuthor Commented:
thanx jakob_di i will check it and let you know.
0
legantiAuthor Commented:
regarding policy properties ----setting    what i have to change if i have cisco aironet
for example : radius attributes , nap,routing and remote acccess
0
Acronis Data Cloud 7.8 Enhances Cyber Protection

A closer look at five essential enhancements that benefit end-users and help MSPs take their cloud data protection business further.

legantiAuthor Commented:
do i have to configure any thing Active directory group policy for wireless users , or not.
0
legantiAuthor Commented:
find attached doc if this is oky to implement windows 2008 nps radiusWINDOWS-2008-NPS-WITH-CISCO-AIRO.doc with cisco wireless
0
Jakob DigranesSenior ConsultantCommented:
you can use a special windows group if you want only a few users to have access, or you can use domain computers/users ---

That document covers some - but it uses EAP-TLS (Certificate and smart card) for inner authentication - but says nothing on how to deploy certificates to users and computers.
It doesn't say anything on how to deploy RAS/IAS certificate to NPS server.

For start - it would be easier to deploy MsChapV2 as inner authentication method rather than EAP-TLS - to avoid enrolling certificates to all clients

Otherwise it looks okay
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
legantiAuthor Commented:
thanx jakob_di but i have doubt regarding for lap top not member of the AD domain will it work this.
0
Jakob DigranesSenior ConsultantCommented:
if it's not domain joined - then you should deploy a user group and either certificates (export and import to user computer) or user EAP-MsChap V2 - and remove Use Windows Login Credentials;
http://www.codealias.info/technotes/caching_domain_logon_credentials_for_eap_peap_mschap_authentication
0
legantiAuthor Commented:
kindly check the error below  as you can see it is displaying   mac address not user name i don't why

1- can you i configure the nps not to check the certificate and is required to install certificate for nps

2-how to configure it to use only user name and password from AD.

----------------------------------------------------------------------------------------------

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
    Security ID:            NULL SID
    Account Name:            001cbf22157f
    Account Domain:            abc
    Fully Qualified Account Name:    abc\001cbf22157f

Client Machine:
    Security ID:            NULL SID
    Account Name:            -
    Fully Qualified Account Name:    -
    OS-Version:            -
    Called Station Identifier:        00-1a-6c-3c-ef-30:abc-WL
    Calling Station Identifier:        00-1c-bf-22-15-7f

NAS:
    NAS IPv4 Address:        192.168.1.2
    NAS IPv6 Address:        -
    NAS Identifier:            abc-WLC
    NAS Port-Type:            Wireless - IEEE 802.11
    NAS Port:            1

RADIUS Client:
    Client Friendly Name:        ciscowl
    Client IP Address:            192.168.1.2

Authentication Details:
    Connection Request Policy Name:    wl
    Network Policy Name:        -
    Authentication Provider:        Windows
    Authentication Server:        nps.abc.local
    Authentication Type:        Unauthenticated
    EAP Type:            -
    Account Session Identifier:        -
    Logging Results:            Accounting information was written to the local log file.
    Reason Code:            8
    Reason:                The specified user account does not exist.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.