Wireless connectivity offers users a high degree of mobility and provides another networking option when traditional wired networks are impractical. The Windows Server® 2008 operating system provides the networking services needed to deploy a secure and manageable wireless local area network (WLAN) infrastructure within networks ranging from small business to an enterprise environment. This guide provides comprehensive guidance to deploy an 802.1X authenticated wireless access solution.
Below is a quick guide on how to setup radius server 2008 r2 for wireless(WPA&WPA2-Enterprise)
# Active Directory with group policy
# One or more Network Policy Server (NPS) servers.
# Active Directory Certificate Services based PKI for Server certificates for NPS computer/s and your wireless PC’s
# One or more wireless access points (APs) support WPA&WPA2-Enterprise.
1) Install and setup Active Directory
dcpromo /unattend /ReplicaOrNewDomain:Domain /NewDomain:Forest /NewDomainDNSName:troycity.org /DomainNetBIOSName:TROY /SafeModeAdminPAssword:Troycity2015. /InstallDNS:yes /REbootOnCompletion:yes
2) Install Network Policy Server (NPS) servers, Active Directory Certificate Service, DHCP server
Click Next –> Next –> checked on Network Policy Server then click Next.
-> Click Next
-> Click Next
-> Click Ok – > Next . Checked on Disable DHCPv6 –> then click Next.
Authorize DHCP Server Let it default then click Next –> Next
Specify CA type: choose Root CA then click Next
Setup Private Key: choose Create a new private key then click Next
Click Next – > Next then click Install
3) Setup Active Directory and Certificate Services
5) Setup Network Policy Server (NPS) servers
Register in AD to to link and sync user’s permissions
-> Right click on NPS and click on Register server in AD then click OK.
We’re using NPS for Radius wireless LAN user Authentication
We’ll use PEAP for authenticating and apply its credential permission
This policy will apply for this group of users.
-> click Next –> Finish
open cmd –> mmc –> Click on File –> Add or Remove Snap-ins
Duplicate a Computer Certificate Template in Order to personalize it to our need
Let users and computers enroll themselves
–> then click Apply.
We’ll use this certificate for Users and Computers authentication
Click Certificate Template to Issue
Now, request a new certificate with the last Certificate Template and include a symmetric algorithm for information gathering(Client to Server)
click Apply –> then click Enroll –> click Finish
6) Setup wireless access points (APs)
7) Setup Wireless connection for Users
Give user credential in order to authenticate itself and access network service
click “Manually create a network profile”
Type exactly your SSID in Network name
Under Security tab click select Settings –> check choose certificate(you have to import certificate to trusted local) or un-check validate server certificate if you don’t want authenticate.
-> click advanced settings –> check choose Specify authentication mode then select User or computer authentication
If all successful you are good to go.