Solved

setting up wpa2 enterprise with server 2008 r2

Posted on 2014-09-06
16
66 Views
Last Modified: 2015-06-27
I am trying to set up wpa2 enterprise with server 2008 r2. I followed this tutorial http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Setting-up-Wi-Fi-Authentication-Windows-Server-2008-Part2.html, did exactly the same configuration. but my client pc not able to connect....

the AP i use here is DD-WRT linksys router. Any suggestion of why it's not working?
0
Comment
Question by:okamon
  • 6
  • 5
  • 3
  • +1
16 Comments
 
LVL 11

Expert Comment

by:Joseph O'Loughlin
ID: 40308216
Any difficulties at the
Configure the wireless controllers and/or APs
step on the DD-WRT?
Are there other restrictions on the DD-WRT, e.g. blocking unknown mac addresses?
Are you getting an error when attempting to connect?  What is the error?  
If using a pcmcia or a usb wifi adapter try using another socket.
0
 

Author Comment

by:okamon
ID: 40308252
I reset the dd-wrt router and used it only as AP. So basically, it's all default setting. I only disabled dhcp and setup the wap2 enterprise there. I just got unable to connect message on client pc... I used the built-in adapter, I had no problem connecting to other non-enterprise wap2 AP.
0
 
LVL 11

Expert Comment

by:Joseph O'Loughlin
ID: 40308413
You are telling me that the dd-wrt it configured for wap2 enterprise, using the 2008 server as the radius server?
Instructions are here
http://vnetwise.wordpress.com/2012/05/26/creating-a-wpa2-eap-wireless-network-with-nps-ad-cs-and-gpo/
I suspect an earlier error was Certificate is not trusted?
See also Request Certificate at
http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:okamon
ID: 40308526
Thanks! I think it has something to do with my certificate.... I got an error when I clicked EAP edit button...
How do I redo it from scratch?
cert
0
 
LVL 11

Expert Comment

by:Joseph O'Loughlin
ID: 40308622
From the second link above:
Under Installing  Network Policy and Access Services
...
Work down to "Specify 802.1X Switches", adding the dd-wrt
...
For the “Configure an Authentication Method” screen select “Microsoft Smart Card or other certificate” for EAP-TLS or “Microsoft Protected EAP (PEAP)” for PEAP.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40312909
You've got a bit to do here.  In a nutshell...

1] Obtain a computer certificate for the NPS server from a CA, or generate a self-signed cert.
2] Configure a Network Access Policy in NPS to use the certificate, as Joseph said.  If you want to use computer authentication you need to use EAP-TLS.  If you want to use AD user/pass you need to use PEAP with MSChapV2.
3] Configure the AP as a RADIUS Client in NPS.
4] Configure the AP to use WPA2-Enterprise (or WPA2 802.1x if it's called that on the AP).
0
 

Author Comment

by:okamon
ID: 40320983
craigbeck, this is exactly what I did, but not working. as I haven't run any windows update on my newly built machine (server 2008 r2 and windows 7) ... is there anything to do with that?
0
 

Author Comment

by:okamon
ID: 40321364
i also followed exactly the same steps of this video, still no luck!!! https://www.youtube.com/watch?v=g-0MM_tK-Tk
it doesn't looks like difficult at all, but I really have no idea why it's not working for me.
0
 
LVL 11

Expert Comment

by:Joseph O'Loughlin
ID: 40321461
Did you have any difficulties on the dd wrt?
Are you using windows or vendor (which one, e.g. intel, hp) utilities to connect to the wireless network?
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40321603
In post ID: 40308526 the picture says what the issue (or at least part of it) is.  You don't have a certificate which can be used by the NPS server to process EAP authentication.  Even if you have requested and obtained a certificate from a CA you've not done it correctly.

The easiest way to obtain a certificate is to request a computer certificate from the Certificates MMC snap-in on the NPS server.  This will be saved in the Computer's Personal certificate store and can be used by the NPS policy.
0
 

Author Comment

by:okamon
ID: 40321774
Actually I rebuilt the server and I don't see that error anymore. but I think someone also having issue like me with server 2008 R2... I did request the certificate using MMC on the CA....anyway, I found another tutorial and this worked for me https://www.youtube.com/watch?v=PjdFwQc_tCw   the way he setup the certificate it's very different from all other tutorial. can you tell me why this worked but other didn't? I am pretty sure  something to do with the certificate, but I did exactly the same from other tutorial. Unless there is something to do with 2008 R2..
0
 
LVL 11

Expert Comment

by:Joseph O'Loughlin
ID: 40321784
Certificates are created for specific uses.  Some are single purpose, e.g. for a particular website or a particular email address, others can serve multiple purposes.  Check the certificate's properties for hints as to the intended roles.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40322049
There is nothing different with 2008R2 with respect to requesting certificates.

Are you able to get clients connected using certificates or PEAP-MSChapV2 now?
0
 

Accepted Solution

by:
okamon earned 0 total points
ID: 40322320
yes. as I mentioned in my last post. After I followed another tutorial here  https://www.youtube.com/watch?v=PjdFwQc_tCw everything is working now. I just wanted to know why this worked while other tutorial I posted before didn't.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40854361
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question