This article helps you to create self-signed certificate in Windows Server 2008. This is required to create a new user in the Active directory and to configure Juniper WLC for Dot1x authentication.
Disclaimer: Juniper does not provide support for setting up a Windows RADIUS server; however, it has been known to work for Wireless Dot1x authentication.
Disclaimer: Juniper does not provide support for setting up a Windows RADIUS server; however, it has been known to work for Wireless Dot1x authentication.
Microsoft link to configure NPS for Secure Wireless Access at
https://technet.microsoft.com/en-us/library/cc771696(v=ws.10).aspx
Follow these steps to create a self-signed certificate in Windows Server 2008, configuring NPS and creating a new user in the Active directory. This configuration was created by a customer and provided to JTAC. If you encounter problems with these steps, please contact Microsoft for support.
In this example, wireless users will use 802.1X authentication against the RADIUS server installed on a Windows 2008 Server machine. The users database is the Active Directory on the same Windows 2008 machine.
Here is the example WLC configuration:
set service-profile test2k8 ssid-name <ssid-name>
set service-profile test2k8 cipher-tkip enable
set service-profile test2k8 wpa-ie enable
set service-profile test2k8 attr vlan-name <vlan-name>
set radius server <any-name> address <Radius server IP address> key <Shared secret key you used while adding WLC as radius client in Windows NPS settings>
set server group <any-name> members <Name of the radius server>
set authentication dot1x ssid <ssid name> ** pass-through <radius server group name>
set radio-profile <any-name>
set radio-profile <Profile name you created> service-profile <any-name>
Map the radio-profile that you have created in the AP radios:
set ap 1 radio 1 radio-profile <Profile name you created> mode enable
To configure the Windows 2008 Server machine:
1. Open Server Manager (in Administrative Tools).
Here you have all the services for the roles of your Windows 2008 Server.
2. Create a user and a group in Active Directory.
2.1. Go to
Active Directory Domain Services.
2.2. Go to Active Directory Users and Computers.
2.3. Select your domain.
2.4. Go to
Users.
2.5. Right-click
Users.
2.6. Select
New ‐> Group.
2.7. Give your
User Group a name (in our example it is
testgroup
).

2.8. Right-click
Users.
2.9. Select
New ‐> User. 2.10. Enter the details for this user and click
Next.

2.11. Select the password; click
Next and
Finish.
2.12. Double‐click the user just created.
2.13. Go to the
Dial‐in tab and select
Allow access under
Network Access Permission.

2.14. Go to
Member of and select the user group created before.
3. Configure NPS
3.1. Go to
Network Policy >
Access Services.
3.2. Select
NPS.
3.3. Select
RADIUS Clients and Servers.
3.4. Select
RADIUS Clients.
3.5. Right‐click
RADIUS Clients.
3.6. Select
New RADIUS Client.
3.7. Put all the WLC details here: friendly name, IP address and shared secret key (exactly the same as the one configured on the WLC).

3.8. Click
OK to finish.
3.9. Select
NPS again.
3.10. In the
Getting Started screen, select
RADIUS Server for 802.1X Wireless or Wired Connections from the drop‐down list.
