Cisco 2504 Authentication with Radius Server 2012R2

Hi

Im trying to get a Cisco 2504 WLC to authenticate with server 2012R2 as a radius server

Im not having much luck!

any links or setup guides, much appreciated

thanks in advance
techsolve1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
This is a great guide (I point some of our junior engineers at it), geared towards Server2008 and the 5508 WLC but will work in exactly the same way...

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115988-nps-wlc-config-000.html

How far have you got?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
techsolve1Author Commented:
Hi Craigbeck

below is an auth error from event viewer, its a new domain and we are trying to connect with a laptop that is not part of the domain, would this be the reason for this error

What we want to enable is non domain members to auth to the domain with their domain user accounts, ie for ipad and smart phones etc

+      System

            -      Provider      
                              [ Name]       Microsoft-Windows-Security-Auditing      
                              [ Guid]       {54849625-5478-4994-A5BA-3E3B0328C30D}      

                  EventID      6273

                  Version      1

                  Level      0

                  Task      12552

                  Opcode      0

                  Keywords      0x8010000000000000

            -      TimeCreated      
                              [ SystemTime]       2014-07-14T18:28:50.465328500Z      

                  EventRecordID      12385

                  Correlation

            -      Execution      
                              [ ProcessID]       516      
                              [ ThreadID]       4388      

                  Channel      Security

                  Computer      server.server.LOCAL

                  Security

-      EventData

            SubjectUserSid      S-1-5-21-126271290-1760273300-628037507-500

            SubjectUserName      server\Administrator

            SubjectDomainName      server

            FullyQualifiedSubjectUserName      server.LOCAL/Users/Administrator

            SubjectMachineSID      S-1-0-0

            SubjectMachineName      -

            FullyQualifiedSubjectMachineName      -

            MachineInventory      -

            CalledStationID      6c-fa-89-64-c0-c0:ASNM Wifi

            CallingStationID      00-23-14-a9-1c-cc

            NASIPv4Address      10.13.0.2

            NASIPv6Address      -

            NASIdentifier      Cisco_c7:98:24

            NASPortType      Wireless - IEEE 802.11

            NASPort      1

            ClientName      WLC

            ClientIPAddress      10.13.0.2

            ProxyPolicyName      Secure Wireless Connections

            NetworkPolicyName      Test2

            AuthenticationProvider      Windows

            AuthenticationServer      server.LOCAL

            AuthenticationType      PEAP

            EAPType      -

            AccountSessionIdentifier      -

            ReasonCode      265

            Reason      The certificate chain was issued by an authority that is not trusted.

            LoggingResult      Accounting information was written to the local log file.
0
Craig BeckCommented:
The NPS EAP certificate... Where did you get the certificate from?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

techsolve1Author Commented:
I'm presuming its the CA server cert that you are talking about?, the error im getting is the cert chain was issued by an authority that is not trusted
0
techsolve1Author Commented:
Hi Craigbeck

Ive followed your document exactly and everthing has installed succsessfully, the install of server 2012 is brand new
when i try and connect, I keep getting a message "unable to find a cert to log you on to the network" when i try with a different laptop on a differnet domain I get a message in event viewer that the domain is not authenticated which is correct, i presume

Is there something that i am missing

thanks
0
techsolve1Author Commented:
Ok, everthing works fine from windows 7 onwards, so not going to use XP on network, one question is it an option to use create a cert and get it verified by versign for example and use it for guest users with non domain member laptops, so they can access internet, or is there another way of doing it?

Thanks
0
Craig BeckCommented:
You need to deploy a slightly different GPO to Windows XP clients.  When you create the GPO you get an option for XP or Vista and later, so you should have 2 GPOs for Wireless clients (if you put a blanket GPO across all your devices).

Guests would usually use a captive portal so the portal would need a certificate to enable the users to log in via HTTPS web page, but the connection to the actual wireless network would not need a cert or key.
0
techsolve1Author Commented:
Hi thanks for the info, much appreciated, could you expand a bit more on the guest access option

Thanks
0
Craig BeckCommented:
Guest users would connect to a different SSID which is unencrypted and has no authentication on the wireless link itself.  You would 'grab' guest users' traffic by sending them to a captive portal either at the gateway or by using RADIUS to send them there.

There are a few appliances that can do this, or you can install a captive portal on a router running DD-WRT (for example).
0
techsolve1Author Commented:
Thanks for the help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.