troubleshooting Question

How to get RADIUS Server Authentication to work with Active Directory for corporate wireless?

Avatar of Pkafkas
Pkafkas asked on
Wireless NetworkingActive DirectoryNetwork Security
7 Comments1 Solution192 ViewsLast Modified:
How to setup a new RADIUS Server for Wireless Authentication?

I have never setup a RAIDUS server before.  In the past, for wireless or Citrix or any form of authentication we just had to configure:

- LDAP Server IP address (Active Directory Server IP address).
- User account with administrator access that could authenticate to the AD server.
- Worked with a vendor (like Citrix) that had accomplished this before.

Now, I am working in a new environment where my project is to migrate to the new Aruba Wireless System from an E.O.L. wireless system.   We have an older HP MSM700 series Wireless system used in production and the Aruba is in my test lab.  

We require a RADIUS Server for employee authentication to our Corporate Wireless network.  I have found a few web sites; but, I want to know how I can verify if the new RADIUS server (Network Policy Server) has all of the requirements?

The production Wireless Controller (older) is setup to use EAP Authentication and it is configured to use a local certificate that was provided to us by DigiCert (THAWTE - CA).  That certificate is labelled to be used to authenticate to the peer.  We attempted to use the currenlty used RADIUS server; but, after the new Aruba Clients were added the RADOUS server  stopped working; hence, it was decided to create  anew RADOUS server for the new Wireless system and that should not affect the users in the production environment.

The new RADIUS server is setup as follows:

1.  Network Policy Server Role (Windows 2012 R2)
2.  Does not have Active Directory installed.  A.D., is a different server.
3.  I have added the Aruba Controllers as RADIUS Clients (by IP address).
4.  The current test server has "EAP MSCHAPv2" setup for the Authentication method.
5.  I have registered the NPS with Active Directory.

Question1:  What will I need to verify if the current production wireless setup has or does not have?  So I can duplicate the authentication on the new Aruba system.

Question2:  Why am I getting the following error from the Network Policy server's "Event Viewer" when attempting to authenticate to the corporate Wireless from the new
RADIUS server.

The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.


https://www.gypthecat.com/how-to-configure-windows-2012-nps-for-radius-authentication-with-ubiquiti-unifi

https://community.arubanetworks.com/t5/Controllerless-Networks/Wireless-Connection-issues-while-roaming-with-Lenovo-Laptops/td-p/241742
ASKER CERTIFIED SOLUTION
Mahesh
Architect
Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros