Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[WLC] How to set up RADIUS authentication on Windows Server 2008

0

0

Article ID: KB32130 KB Last Updated: 10 Oct 2017Version: 1.0
Summary:

This article helps you to create self-signed certificate in Windows Server 2008. This is required to create a new user in the Active directory and to configure Juniper WLC for Dot1x authentication.

Disclaimer: Juniper does not provide support for setting up a Windows RADIUS server; however, it has been known to work for Wireless ​Dot1x authentication​.

 

Solution:

Disclaimer: Juniper does not provide support for setting up a Windows RADIUS server; however, it has been known to work for Wireless Dot1x authentication.

Microsoft link to configure NPS for Secure Wireless Access at https://technet.microsoft.com/en-us/library/cc771696(v=ws.10).aspx

Follow these steps to create a self-signed certificate in Windows Server 2008, configuring NPS and creating a new user in the Active directory. This configuration was created by a customer and provided to JTAC. If you encounter problems with these steps, please contact Microsoft for support.

In this example, wireless users will use 802.1X authentication against the RADIUS server installed on a Windows 2008 Server machine. The users database is the Active Directory on the same Windows 2008 machine.

Here is the example WLC configuration:
set service-profile test2k8 ssid-name <ssid-name>
set service-profile test2k8 cipher-tkip enable
set service-profile test2k8 wpa-ie enable
set service-profile test2k8 attr vlan-name <vlan-name>
set radius server <any-name> address <Radius server IP address> key <Shared secret key you used while adding WLC as radius client in Windows NPS settings>
set server group <any-name> members <Name of the radius server>
set authentication dot1x ssid <ssid name> ** pass-through <radius server group name> 
set radio-profile <any-name>
set radio-profile <Profile name you created> service-profile <any-name>
Map the radio-profile that you have created in the AP radios:
set ap 1 radio 1 radio-profile <Profile name you created> mode enable

To configure the Windows 2008 Server machine:

1. Open Server Manager (in Administrative Tools).

Here you have all the services for the roles of your Windows 2008 Server.

2. Create a user and a group in Active Directory.

2.1. Go to Active Directory Domain Services.
2.2. Go to Active Directory Users and Computers.
2.3. Select your domain.
2.4. Go to Users.
2.5. Right-click Users.
2.6. Select New ‐> Group.
2.7. Give your User Group a name (in our example it is testgroup).

2.8. Right-click Users.
2.9. Select New ‐> User. 2.10. Enter the details for this user and click Next.

2.11. Select the password; click Next and Finish.
2.12. Double‐click the user just created.
2.13. Go to the Dial‐in tab and select Allow access under Network Access Permission.

2.14. Go to Member of and select the user group created before.

3. Configure NPS

3.1. Go to Network Policy > Access Services.
3.2. Select NPS.
3.3. Select RADIUS Clients and Servers.
3.4. Select RADIUS Clients.
3.5. Right‐click RADIUS Clients.
3.6. Select New RADIUS Client.
3.7. Put all the WLC details here: friendly name, IP address and shared secret key (exactly the same as the one configured on the WLC).

3.8. Click OK to finish.
3.9. Select NPS again.
3.10. In the Getting Started screen, select RADIUS Server for 802.1X Wireless or Wired Connections from the drop‐down list.