Knowledge Base
Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles[WLC] How to set up RADIUS authentication on Windows Server 2008
Solution:
Disclaimer: Juniper does not provide support for setting up a Windows RADIUS server; however, it has been known to work for Wireless Dot1x authentication.
Microsoft link to configure NPS for Secure Wireless Access at https://technet.microsoft.com/en-us/library/cc771696(v=ws.10).aspxFollow these steps to create a self-signed certificate in Windows Server 2008, configuring NPS and creating a new user in the Active directory. This configuration was created by a customer and provided to JTAC. If you encounter problems with these steps, please contact Microsoft for support.
In this example, wireless users will use 802.1X authentication against the RADIUS server installed on a Windows 2008 Server machine. The users database is the Active Directory on the same Windows 2008 machine.
Here is the example WLC configuration:
set service-profile test2k8 ssid-name <ssid-name> set service-profile test2k8 cipher-tkip enable set service-profile test2k8 wpa-ie enable set service-profile test2k8 attr vlan-name <vlan-name> set radius server <any-name> address <Radius server IP address> key <Shared secret key you used while adding WLC as radius client in Windows NPS settings> set server group <any-name> members <Name of the radius server> set authentication dot1x ssid <ssid name> ** pass-through <radius server group name> set radio-profile <any-name> set radio-profile <Profile name you created> service-profile <any-name>Map the radio-profile that you have created in the AP radios:
set ap 1 radio 1 radio-profile <Profile name you created> mode enable
To configure the Windows 2008 Server machine:
1. Open Server Manager (in Administrative Tools).Here you have all the services for the roles of your Windows 2008 Server.
2. Create a user and a group in Active Directory.
2.1. Go to Active Directory Domain Services.
2.2. Go to Active Directory Users and Computers.
2.3. Select your domain.
2.4. Go to Users.
2.5. Right-click Users.
2.6. Select New ‐> Group.
2.7. Give your User Group a name (in our example it is
2.9. Select New ‐> User. 2.10. Enter the details for this user and click Next.
2.12. Double‐click the user just created.
2.13. Go to the Dial‐in tab and select Allow access under Network Access Permission.
2.2. Go to Active Directory Users and Computers.
2.3. Select your domain.
2.4. Go to Users.
2.5. Right-click Users.
2.6. Select New ‐> Group.
2.7. Give your User Group a name (in our example it is
testgroup).
2.9. Select New ‐> User. 2.10. Enter the details for this user and click Next.
2.12. Double‐click the user just created.
2.13. Go to the Dial‐in tab and select Allow access under Network Access Permission.
3. Configure NPS
3.1. Go to Network Policy > Access Services.
3.2. Select NPS.
3.3. Select RADIUS Clients and Servers.
3.4. Select RADIUS Clients.
3.5. Right‐click RADIUS Clients.
3.6. Select New RADIUS Client.
3.7. Put all the WLC details here: friendly name, IP address and shared secret key (exactly the same as the one configured on the WLC).
3.9. Select NPS again.
3.10. In the Getting Started screen, select RADIUS Server for 802.1X Wireless or Wired Connections from the drop‐down list.
3.2. Select NPS.
3.3. Select RADIUS Clients and Servers.
3.4. Select RADIUS Clients.
3.5. Right‐click RADIUS Clients.
3.6. Select New RADIUS Client.
3.7. Put all the WLC details here: friendly name, IP address and shared secret key (exactly the same as the one configured on the WLC).
3.9. Select NPS again.
3.10. In the Getting Started screen, select RADIUS Server for 802.1X Wireless or Wired Connections from the drop‐down list.