How to setup a new RADIUS Server for Wireless Authentication?
I have never setup a RAIDUS server before. In the past, for wireless or Citrix or any form of authentication we just had to configure:
- LDAP Server IP address (Active Directory Server IP address).
- User account with administrator access that could authenticate to the AD server.
- Worked with a vendor (like Citrix) that had accomplished this before.
Now, I am working in a new environment where my project is to migrate to the new Aruba Wireless System from an E.O.L. wireless system. We have an older HP MSM700 series Wireless system used in production and the Aruba is in my test lab.
We require a RADIUS Server for employee authentication to our Corporate Wireless network. I have found a few web sites; but, I want to know how I can verify if the new RADIUS server (Network Policy Server) has all of the requirements?
The production Wireless Controller (older) is setup to use EAP Authentication and it is configured to use a local certificate that was provided to us by DigiCert (THAWTE - CA). That certificate is labelled to be used to authenticate to the peer. We attempted to use the currenlty used RADIUS server; but, after the new Aruba Clients were added the RADOUS server stopped working; hence, it was decided to create anew RADOUS server for the new Wireless system and that should not affect the users in the production environment.
The new RADIUS server is setup as follows:
1. Network Policy Server Role (Windows 2012 R2)
2. Does not
have Active Directory installed. A.D., is a different server.
3. I have added the Aruba Controllers as RADIUS Clients (by IP address).
4. The current test server has "EAP MSCHAPv2" setup for the Authentication method.
5. I have registered the NPS with Active Directory.
: What will I need to verify if the current production wireless setup has or does not have? So I can duplicate the authentication on the new Aruba system.
: Why am I getting the following error from the Network Policy server's "Event Viewer" when attempting to authenticate to the corporate Wireless from the new
The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.