Windows Thread, setting up a RADIUS server for wireless authentication in Technical; hi
at the previous place where i worked we had a wireless network with an ias server doing wireless authentication. ...
7th February 2010, 06:30 PM #1
setting up a RADIUS server for wireless authentication
at the previous place where i worked we had a wireless network with an ias server doing wireless authentication. it was setup so that when the user logged on with a domain user account they could access wireless, with a local account they could not. (i believe)
I am now trying to replicate this setup at another site, but have never set it up before. All i know is it used IAS and cert services, and i imagine some way to deploy certs based on user account (GP?)
my question is does anyone know how to set this up and could they provide me with the steps to go through?
I know this is quite tricky as the NM who set it up at the last place spent two weeks doing it!!
thanks in advance
7th February 2010, 06:48 PM #2
This topic has been discussed loads on edugeek.
Check this site out fella. If you are wanting to use Windows 2003 IAS then following the notes on this link will certainly help you. Its a very good guide:
It's slightly changed in 2008 IAS has been replaced with Network policy server or NPS.
I have just set one up where I work and after issues which I couldn't figure out I got some external help and it was a config issue on the NPS server, now though it seems to be working well.
There is some microsoft documentation step by step showing you how to setup in 2008, I would follow those. You can message me if you wish I may be able to help.
Here's everything you want to know about setting up wireless on Microsoft network: http://technet.microsoft.com/en-us/n.../bb530679.aspx
Last edited by ranj; 7th February 2010 at 06:54 PM.
2 Thanks to ranj:
bart21 (7th February 2010), Jawloms (3rd February 2013)
21st September 2010, 04:25 PM #3
ranj - I see you were having problems with NPS and was wondering if I could ask you a couple of simple questions...
We had NPS setup and working with a set of 16 laptops and all of a sudden they have stopped working :0s
I had my RADIUS clients added and setup with there shared secret
The connection request policies setup basically just to enabled connection all the time and nothing set in the the settings tab
And under Netowrk Policies it set to grant access, unspecified network access server. Conditions set to Domain computers and Domain users.
Constraints set to Protected EAP in authentication methods and a associated policy setup in AD to apply to the laptop which all worked well.
I haven't touched it for ages and now it doesn't work. In the test phase I use to watch the client connect I believe in the eventvwr and see different NPS events happens now I can't fine anything!!! Just so I know I'm not going mad it was the System event log the messages are logged in yes?
Did you use any other tools apart from event log meesages to solve your issue? Last time I set it up the event log was about all I needed but now I can't see anything logged!!!!!!
21st September 2010, 04:53 PM #4
Is your NPS server certificate still valid?
22nd September 2010, 02:38 PM #5
I did look at this funny enough and it was the only thing I wasn't sure about! I have RADIUS/NPS setup at two sites and the certificates are different (the only thing different between the two), the certificate at the site which isn't working says it is still valid under the Edit Protected EAP properties but the server I got the certificate from I don't know whether it exist any more (As it is/was one at head office) does that matter?
1. Am I look at the right bit about certificates? (Under Authentication Methods/Edit Protected EAP properties?
2. How would I renew it? Do you think I need to renew it?
22nd September 2010, 02:49 PM #6
When you view the certificate does it say you have the private key?
22nd September 2010, 03:20 PM #7
I don't know I couldn't find anywhere where I could view the the cert. I took a look at this NPS Server Migration: Verifying the Migration under "Verifying authentication methods" but couldn't find how to view the cert. Here is a screen shot of what I found:
22nd September 2010, 03:28 PM #8
That looks fine. What does the security log show when you try and connect (it logs the NPS authentication)
Originally Posted by FatBoy
Thanks to DMcCoy from:
FatBoy (23rd September 2010)
22nd September 2010, 03:28 PM #9
I found this great guide right here on Edugeek.
Sorry I can't remember where I got it from for their due credit!
2 Thanks to chazzy2501:
FatBoy (23rd September 2010), truebluesteve (14th November 2013)
22nd September 2010, 04:58 PM #10
Thanks for the help guys, the problem I'm having is at a remote site which I'm going to tomorrow. I'll try and get the clients to connect tomorrow and let you know what the security logs says
chazzy thanks for the guide, the only problem is I'm using 2008's NPS not IAS, same but different if you know what I mean. either way there is still some good info in there.
23rd September 2010, 12:53 PM #11
Just thought I would let you know its resolved It was sure a silly little problem in the end as most are when something that was working suddenly stops. I wasn't getting anything in the security or NPS logs about NPS connections so that made me think that the APs weren't even connecting to the server. For some reason the APs which are 3com Airconnect 9550 set them self's back to a previous state maybe from a power cut or something. The problem was I move the radius server sometime back from one server to another with the Ip address only changing from 10.140.1.1 to 10.140.1.0. The old setting was on the APs and were it was so similar I just didn't see it straight away!
9th December 2010, 08:09 PM #12
- Rep Power
I followed the guide provided by Ranj and chazzy and built the IAS server (Windows Server 2003) using the self-signed certificate. I'm using a cisco AIR-AP1252G-A-K9 running c1250-k9w7-tar.124-21a.JY in autonomous mode. The problem is that whenever I try to connect to the network it keeps re-opening the authentication window over and over not accepting a working AD user account. There are no error logs from event viewer on the server.
By ranj in forum Windows Server 2008 R2
Last Post: 26th April 2010, 12:49 PM
By jayemm in forum Wireless Networks
Last Post: 22nd September 2009, 11:50 AM
By maniac in forum Wireless Networks
Last Post: 23rd October 2008, 10:10 AM
By jamin100 in forum Wireless Networks
Last Post: 22nd July 2008, 11:50 PM
By spc-rocket in forum Wireless Networks
Last Post: 3rd January 2008, 07:15 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)