Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco 2504 Authentication with Radius Server 2012R2

Posted on 2014-07-14
10
Medium Priority
?
4,999 Views
Last Modified: 2014-07-18
Hi

Im trying to get a Cisco 2504 WLC to authenticate with server 2012R2 as a radius server

Im not having much luck!

any links or setup guides, much appreciated

thanks in advance
0
Comment
Question by:techsolve1
  • 6
  • 4
10 Comments
 
LVL 47

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 40195181
This is a great guide (I point some of our junior engineers at it), geared towards Server2008 and the 5508 WLC but will work in exactly the same way...

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115988-nps-wlc-config-000.html

How far have you got?
0
 

Author Comment

by:techsolve1
ID: 40195345
Hi Craigbeck

below is an auth error from event viewer, its a new domain and we are trying to connect with a laptop that is not part of the domain, would this be the reason for this error

What we want to enable is non domain members to auth to the domain with their domain user accounts, ie for ipad and smart phones etc

+      System

            -      Provider      
                              [ Name]       Microsoft-Windows-Security-Auditing      
                              [ Guid]       {54849625-5478-4994-A5BA-3E3B0328C30D}      

                  EventID      6273

                  Version      1

                  Level      0

                  Task      12552

                  Opcode      0

                  Keywords      0x8010000000000000

            -      TimeCreated      
                              [ SystemTime]       2014-07-14T18:28:50.465328500Z      

                  EventRecordID      12385

                  Correlation

            -      Execution      
                              [ ProcessID]       516      
                              [ ThreadID]       4388      

                  Channel      Security

                  Computer      server.server.LOCAL

                  Security

-      EventData

            SubjectUserSid      S-1-5-21-126271290-1760273300-628037507-500

            SubjectUserName      server\Administrator

            SubjectDomainName      server

            FullyQualifiedSubjectUserName      server.LOCAL/Users/Administrator

            SubjectMachineSID      S-1-0-0

            SubjectMachineName      -

            FullyQualifiedSubjectMachineName      -

            MachineInventory      -

            CalledStationID      6c-fa-89-64-c0-c0:ASNM Wifi

            CallingStationID      00-23-14-a9-1c-cc

            NASIPv4Address      10.13.0.2

            NASIPv6Address      -

            NASIdentifier      Cisco_c7:98:24

            NASPortType      Wireless - IEEE 802.11

            NASPort      1

            ClientName      WLC

            ClientIPAddress      10.13.0.2

            ProxyPolicyName      Secure Wireless Connections

            NetworkPolicyName      Test2

            AuthenticationProvider      Windows

            AuthenticationServer      server.LOCAL

            AuthenticationType      PEAP

            EAPType      -

            AccountSessionIdentifier      -

            ReasonCode      265

            Reason      The certificate chain was issued by an authority that is not trusted.

            LoggingResult      Accounting information was written to the local log file.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 40195498
The NPS EAP certificate... Where did you get the certificate from?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 

Author Comment

by:techsolve1
ID: 40196548
I'm presuming its the CA server cert that you are talking about?, the error im getting is the cert chain was issued by an authority that is not trusted
0
 

Author Comment

by:techsolve1
ID: 40196735
Hi Craigbeck

Ive followed your document exactly and everthing has installed succsessfully, the install of server 2012 is brand new
when i try and connect, I keep getting a message "unable to find a cert to log you on to the network" when i try with a different laptop on a differnet domain I get a message in event viewer that the domain is not authenticated which is correct, i presume

Is there something that i am missing

thanks
0
 

Author Comment

by:techsolve1
ID: 40197294
Ok, everthing works fine from windows 7 onwards, so not going to use XP on network, one question is it an option to use create a cert and get it verified by versign for example and use it for guest users with non domain member laptops, so they can access internet, or is there another way of doing it?

Thanks
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 40197451
You need to deploy a slightly different GPO to Windows XP clients.  When you create the GPO you get an option for XP or Vista and later, so you should have 2 GPOs for Wireless clients (if you put a blanket GPO across all your devices).

Guests would usually use a captive portal so the portal would need a certificate to enable the users to log in via HTTPS web page, but the connection to the actual wireless network would not need a cert or key.
0
 

Author Comment

by:techsolve1
ID: 40197593
Hi thanks for the info, much appreciated, could you expand a bit more on the guest access option

Thanks
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 40197607
Guest users would connect to a different SSID which is unencrypted and has no authentication on the wireless link itself.  You would 'grab' guest users' traffic by sending them to a captive portal either at the gateway or by using RADIUS to send them there.

There are a few appliances that can do this, or you can install a captive portal on a router running DD-WRT (for example).
0
 

Author Closing Comment

by:techsolve1
ID: 40204211
Thanks for the help
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question