This post outlines how to configure NPS RADIUS to centrally manage wireless authentication request got from wireless access point.
The test environment includes one windows server 2008 r2, one window 7 and dlink dir-632 wireless router (work as ap). Server and client should be joined to domain.
To configure dlink wireless router work as ap:
1. disable upnp in advanced -> advanced network
2. disable wps in advanced -> wifi-protected setup
3. setup static ip address for the router in setup -> network setttings
4. manually setup wireless settings in setup -> wireless settings
(ssid, wpa-eap, radius ip, shared secret)
To configure WPA-EAP authentication:
1. Create wireless users group and add wireless users and computers in the group.
2. Install and configure NPS
(ADDS, ADCS, Network Policy And Access Service, NPS)
3. Create RADIUS server for 802.1x wireless or wired connection
4. Register server in AD
5. Create a new wireless network policy for windows vista and later release in group policy editor.
6. Enable Certificate Services Client - Auto-Enrollment
7. Select Define These Policy Settings in Certificate Path Validation Settings
Then run gpupdate /force on windows 7 client and try to connect to the wireless network. Guess what, I failed to connect into the network. After hours debug and troubleshooting, I finally found the root cause. My test wireless adapter couldn't support WPA-Enterprise!
See video reference.
No comments:
Post a Comment