Setup enterprise wireless in Windows Server 2008 R2: Part2 NPS

Once the GPO’s are configured to provide client computers with settings required to obtain a certificate from the domain the next step is authenticating users using Network Policy Server via RADIUS.

First add a RAIDUS client which is my SonicPoint IP address.  I manually entered the Shared Secret.

Next add a Connection Request Policy:

Type of network access server: Unspecified

Conditions: NAS Port Type; Wireless – IEEE 802.11 (middle section) and Wireless – Other (bottom section)

 

Next add a Network Policy:

Grant Access

Type of network access server: Unspecified

Conditions: NAS Port Type; Wireless – IEEE 802.11 (middle section) and Wireless – Other (bottom section)

Conditions: Windows Groups; <Specify Windows Security Group for laptops to access wireless>

Constraints: Authentication Methods: EAP Types: PEAP and EAP-MSCHAP v2

Click PEAP and Edit.  Select domain certificate.

 

Test this setup in the firewall user authentication tool to check username and passwords are validated correctly.  Configure NPS accounting to troubleshoot issues with authentication.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s