Cisco 2504 Authentication with Radius Server 2012R2

Posted on 2014-07-14
Last Modified: 2014-07-18

Im trying to get a Cisco 2504 WLC to authenticate with server 2012R2 as a radius server

Im not having much luck!

any links or setup guides, much appreciated

thanks in advance
Question by:techsolve1
    LVL 44

    Accepted Solution

    This is a great guide (I point some of our junior engineers at it), geared towards Server2008 and the 5508 WLC but will work in exactly the same way...

    How far have you got?

    Author Comment

    Hi Craigbeck

    below is an auth error from event viewer, its a new domain and we are trying to connect with a laptop that is not part of the domain, would this be the reason for this error

    What we want to enable is non domain members to auth to the domain with their domain user accounts, ie for ipad and smart phones etc

    +      System

                -      Provider      
                                  [ Name]       Microsoft-Windows-Security-Auditing      
                                  [ Guid]       {54849625-5478-4994-A5BA-3E3B0328C30D}      

                      EventID      6273

                      Version      1

                      Level      0

                      Task      12552

                      Opcode      0

                      Keywords      0x8010000000000000

                -      TimeCreated      
                                  [ SystemTime]       2014-07-14T18:28:50.465328500Z      

                      EventRecordID      12385


                -      Execution      
                                  [ ProcessID]       516      
                                  [ ThreadID]       4388      

                      Channel      Security

                      Computer      server.server.LOCAL


    -      EventData

                SubjectUserSid      S-1-5-21-126271290-1760273300-628037507-500

                SubjectUserName      server\Administrator

                SubjectDomainName      server

                FullyQualifiedSubjectUserName      server.LOCAL/Users/Administrator

                SubjectMachineSID      S-1-0-0

                SubjectMachineName      -

                FullyQualifiedSubjectMachineName      -

                MachineInventory      -

                CalledStationID      6c-fa-89-64-c0-c0:ASNM Wifi

                CallingStationID      00-23-14-a9-1c-cc


                NASIPv6Address      -

                NASIdentifier      Cisco_c7:98:24

                NASPortType      Wireless - IEEE 802.11

                NASPort      1

                ClientName      WLC


                ProxyPolicyName      Secure Wireless Connections

                NetworkPolicyName      Test2

                AuthenticationProvider      Windows

                AuthenticationServer      server.LOCAL

                AuthenticationType      PEAP

                EAPType      -

                AccountSessionIdentifier      -

                ReasonCode      265

                Reason      The certificate chain was issued by an authority that is not trusted.

                LoggingResult      Accounting information was written to the local log file.
    LVL 44

    Expert Comment

    by:Craig Beck
    The NPS EAP certificate... Where did you get the certificate from?

    Author Comment

    I'm presuming its the CA server cert that you are talking about?, the error im getting is the cert chain was issued by an authority that is not trusted

    Author Comment

    Hi Craigbeck

    Ive followed your document exactly and everthing has installed succsessfully, the install of server 2012 is brand new
    when i try and connect, I keep getting a message "unable to find a cert to log you on to the network" when i try with a different laptop on a differnet domain I get a message in event viewer that the domain is not authenticated which is correct, i presume

    Is there something that i am missing


    Author Comment

    Ok, everthing works fine from windows 7 onwards, so not going to use XP on network, one question is it an option to use create a cert and get it verified by versign for example and use it for guest users with non domain member laptops, so they can access internet, or is there another way of doing it?

    LVL 44

    Expert Comment

    by:Craig Beck
    You need to deploy a slightly different GPO to Windows XP clients.  When you create the GPO you get an option for XP or Vista and later, so you should have 2 GPOs for Wireless clients (if you put a blanket GPO across all your devices).

    Guests would usually use a captive portal so the portal would need a certificate to enable the users to log in via HTTPS web page, but the connection to the actual wireless network would not need a cert or key.

    Author Comment

    Hi thanks for the info, much appreciated, could you expand a bit more on the guest access option

    LVL 44

    Expert Comment

    by:Craig Beck
    Guest users would connect to a different SSID which is unencrypted and has no authentication on the wireless link itself.  You would 'grab' guest users' traffic by sending them to a captive portal either at the gateway or by using RADIUS to send them there.

    There are a few appliances that can do this, or you can install a captive portal on a router running DD-WRT (for example).

    Author Closing Comment

    Thanks for the help

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    SIP Trunk provider 20 64
    Show ip route - definition 1 48
    WAP requirements 5 31
    Hardware not recognized. 11 37
    Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
    This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now