Solved

setting up wpa2 enterprise with server 2008 r2

Posted on 2014-09-06
16
55 Views
Last Modified: 2015-06-27
I am trying to set up wpa2 enterprise with server 2008 r2. I followed this tutorial http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Setting-up-Wi-Fi-Authentication-Windows-Server-2008-Part2.html, did exactly the same configuration. but my client pc not able to connect....

the AP i use here is DD-WRT linksys router. Any suggestion of why it's not working?
0
Comment
Question by:okamon
  • 6
  • 5
  • 3
  • +1
16 Comments
 
LVL 11

Expert Comment

by:Joseph O'Loughlin
ID: 40308216
Any difficulties at the
Configure the wireless controllers and/or APs
step on the DD-WRT?
Are there other restrictions on the DD-WRT, e.g. blocking unknown mac addresses?
Are you getting an error when attempting to connect?  What is the error?  
If using a pcmcia or a usb wifi adapter try using another socket.
0
 

Author Comment

by:okamon
ID: 40308252
I reset the dd-wrt router and used it only as AP. So basically, it's all default setting. I only disabled dhcp and setup the wap2 enterprise there. I just got unable to connect message on client pc... I used the built-in adapter, I had no problem connecting to other non-enterprise wap2 AP.
0
 
LVL 11

Expert Comment

by:Joseph O'Loughlin
ID: 40308413
You are telling me that the dd-wrt it configured for wap2 enterprise, using the 2008 server as the radius server?
Instructions are here
http://vnetwise.wordpress.com/2012/05/26/creating-a-wpa2-eap-wireless-network-with-nps-ad-cs-and-gpo/
I suspect an earlier error was Certificate is not trusted?
See also Request Certificate at
http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/
0
 

Author Comment

by:okamon
ID: 40308526
Thanks! I think it has something to do with my certificate.... I got an error when I clicked EAP edit button...
How do I redo it from scratch?
cert
0
 
LVL 11

Expert Comment

by:Joseph O'Loughlin
ID: 40308622
From the second link above:
Under Installing  Network Policy and Access Services
...
Work down to "Specify 802.1X Switches", adding the dd-wrt
...
For the “Configure an Authentication Method” screen select “Microsoft Smart Card or other certificate” for EAP-TLS or “Microsoft Protected EAP (PEAP)” for PEAP.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40312909
You've got a bit to do here.  In a nutshell...

1] Obtain a computer certificate for the NPS server from a CA, or generate a self-signed cert.
2] Configure a Network Access Policy in NPS to use the certificate, as Joseph said.  If you want to use computer authentication you need to use EAP-TLS.  If you want to use AD user/pass you need to use PEAP with MSChapV2.
3] Configure the AP as a RADIUS Client in NPS.
4] Configure the AP to use WPA2-Enterprise (or WPA2 802.1x if it's called that on the AP).
0
 

Author Comment

by:okamon
ID: 40320983
craigbeck, this is exactly what I did, but not working. as I haven't run any windows update on my newly built machine (server 2008 r2 and windows 7) ... is there anything to do with that?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:okamon
ID: 40321364
i also followed exactly the same steps of this video, still no luck!!! https://www.youtube.com/watch?v=g-0MM_tK-Tk
it doesn't looks like difficult at all, but I really have no idea why it's not working for me.
0
 
LVL 11

Expert Comment

by:Joseph O'Loughlin
ID: 40321461
Did you have any difficulties on the dd wrt?
Are you using windows or vendor (which one, e.g. intel, hp) utilities to connect to the wireless network?
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40321603
In post ID: 40308526 the picture says what the issue (or at least part of it) is.  You don't have a certificate which can be used by the NPS server to process EAP authentication.  Even if you have requested and obtained a certificate from a CA you've not done it correctly.

The easiest way to obtain a certificate is to request a computer certificate from the Certificates MMC snap-in on the NPS server.  This will be saved in the Computer's Personal certificate store and can be used by the NPS policy.
0
 

Author Comment

by:okamon
ID: 40321774
Actually I rebuilt the server and I don't see that error anymore. but I think someone also having issue like me with server 2008 R2... I did request the certificate using MMC on the CA....anyway, I found another tutorial and this worked for me https://www.youtube.com/watch?v=PjdFwQc_tCw   the way he setup the certificate it's very different from all other tutorial. can you tell me why this worked but other didn't? I am pretty sure  something to do with the certificate, but I did exactly the same from other tutorial. Unless there is something to do with 2008 R2..
0
 
LVL 11

Expert Comment

by:Joseph O'Loughlin
ID: 40321784
Certificates are created for specific uses.  Some are single purpose, e.g. for a particular website or a particular email address, others can serve multiple purposes.  Check the certificate's properties for hints as to the intended roles.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40322049
There is nothing different with 2008R2 with respect to requesting certificates.

Are you able to get clients connected using certificates or PEAP-MSChapV2 now?
0
 

Accepted Solution

by:
okamon earned 0 total points
ID: 40322320
yes. as I mentioned in my last post. After I followed another tutorial here  https://www.youtube.com/watch?v=PjdFwQc_tCw everything is working now. I just wanted to know why this worked while other tutorial I posted before didn't.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40854361
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco 1830 AP behaving wierdly 7 28
finding who created AD 4 45
Expand C partition 13 21
Best iPhone Wireless Strength Tester 3 25
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now