Setup radius server 2008 r2 for wireless(WPA&WPA2-Enterprise)

Wireless connectivity offers users a high degree of mobility and provides another networking option when traditional wired networks are impractical. The Windows Server® 2008 operating system provides the networking services needed to deploy a secure and manageable wireless local area network (WLAN) infrastructure within networks ranging from small business to an enterprise environment. This guide provides comprehensive guidance to deploy an 802.1X authenticated wireless access solution.

Below is a quick guide on how to setup radius server 2008 r2 for wireless(WPA&WPA2-Enterprise)

Requirements:

# Active Directory with group policy

# One or more Network Policy Server (NPS) servers.

# Active Directory Certificate Services based PKI for Server certificates for NPS computer/s and your wireless PC’s

# One or more wireless access points (APs) support WPA&WPA2-Enterprise.

Steps:

1) Install and setup Active Directory

dcpromo /unattend /ReplicaOrNewDomain:Domain /NewDomain:Forest /NewDomainDNSName:troycity.org /DomainNetBIOSName:TROY /SafeModeAdminPAssword:Troycity2015. /InstallDNS:yes /REbootOnCompletion:yes

DCpromo

DCpromo2

2) Install Network Policy Server (NPS) servers, Active Directory Certificate Service, DHCP server

add_roles

add roles Certificate-Network Policy-DHCP

Click Next –> Next –> checked on Network Policy Server then click Next.

network-policy-server

-> Next

network connection bindings DHCP

-> Click Next

DNS Server setting

-> Click Next

add Scope

-> Click Ok – > Next . Checked on Disable DHCPv6 –> then click Next.

Authorize DHCP Server Let it default then click Next –> Next

select Role services

Specify setup type

Specify CA type: choose Root CA then click Next

Setup Private Key: choose Create a new private key then click Next

Configure cryptographly for CA

CA Name

validity period

Installation Results

Click Next – > Next then click Install

3) Setup Active Directory and Certificate Services

radius_users

 

5) Setup Network Policy Server (NPS) servers

Register in AD to to link and sync user’s permissions

register in AD to link and sync user permission

-> Right click on NPS and click on Register server in AD then click OK.

We’re using NPS for Radius wireless LAN user Authentication

wireless lan authentication

wireless lan authentication2

wireless lan authentication3

We’ll use PEAP for authenticating and apply its credential permission

PEAP authentication

PEAP authentication2

This policy will apply for this group of users.

-> click Next –> Finish

open cmd –> mmc –> Click on File –> Add or Remove Snap-ins

Duplicate a Computer Certificate Template in Order to personalize it to our need

duplicate certificate2

cer1

Let users and computers enroll themselves

cer2

cer3 cer4

–> then click Apply.

We’ll use this certificate for Users and Computers authentication

cer5

Click Certificate Template to Issue

cer6

Now, request a new certificate with the last Certificate Template and include a symmetric algorithm for information gathering(Client to Server)

request a certificate

click Apply –> then click Enroll –> click Finish

 

6) Setup wireless access points (APs)

 

LAPN600 Wireless-N600 Dual Band Access Point with PoE 3

 

LAPN600 Wireless-N600 Dual Band Access Point with PoE 2

 

LAPN600 Wireless-N600 Dual Band Access Point with PoE

 

7) Setup Wireless connection for Users

Give user credential in order to authenticate itself and access network service

View Available Networks_2015-06-01_15-34-42

click “Manually create a network profile”

Manually connect to a wireless network_2015-06-01_15-35-21

Type exactly your SSID in Network name

Manually connect to a wireless network_2015-06-01_15-36-06

Manually connect to a wireless network_2015-06-01_15-36-46

Under Security tab click select Settings –> check choose certificate(you have to import certificate to trusted local) or un-check validate server certificate if you don’t want authenticate.

Manage Wireless Networks_2015-06-01_15-38-07

-> click advanced settings –> check choose Specify authentication mode then select User or computer authentication

Advanced settings_2015-06-01_15-38-33

If all successful you are good to go.

View Available Networks_2015-06-01_15-39-15 Windows Security_2015-06-01_15-39-38

_2015-06-01_15-40-17

2 Comments

  1. pls help me.
    i try that methode above, but i have not succeeded. i don’t knwo why.i use the french verson, is it the problem?

  2. Hi,
    I don’t understand this: “Now, request a new certificate with the last Certificate Template and include a symmetric algorithm for information gathering(Client to Server)”. Tks.

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.