Hi,
i need to set up a radius server (the radius server resides on DC sever and it’s a Windows Server 2008 R2), for users authentication through wireless access points.
Surfing on the web, i found an useful post about setting up a radius server as in my case. You can find under the links to the posts:
What i did is exactly what you can see in the posts:
- I created a certificate under the path “Personal” à “Certificates” in the DC sever;
- I added a NPS server and, using the wizard, i configured it for Wireless Connections; in the authentication pane i selected “Microsoft Protected EAP (PEAP)” and configured it for using the certificate i created early in the step 1;
- I
setted up the access point in this way:
- Security mode: WPA2-Enterprise;
- Radius Server: the ip address of the NAP sever (in my case 10.254.92.10);
- <st1:place w:st="on"><st1:placename w:st="on">Radius</st1:placename> <st1:placetype w:st="on">Port</st1:placetype></st1:place>: 1812;
- Encryption: AES;
- Shared secret: the same of the relative client radius on the NAP server.
- Finally
on the client computer i installed the certificate i created early, and configured the wireless connection in this way:
- Network authentication:WPA2 (in the post he speaks about set it to “WPA2-Enterprise”, but in windows xp sp3 there isn’t any WPA2-Enterprise, just WPA2);
- Encryption: AES;
- Authentication: PEAP and in the setting tab of PEAP i selected the certificate i installed early.
Here a piece of information about network and client computer model:
- DC = NAP = 10.254.92.10 (vsi08r2). Windows Server 2008 R2
- Domain name = vsisrv2k;
- AP ip address = 10.254.92.38;
- AP model = Linksys WAP200;
- Client radius name = vs-open;
- Client radius ip = 10.254.92.38.
- Client Computer = Windows XP sp3.
When i try to connect to through the AP by client (after typed user & psw), on the NAP server i always receive the following log:
<Event>
<Timestamp data_type="4">04/20/2012 08:22:28.493</Timestamp>
<Computer-Name data_type="1">VSI08R2</Computer-Name>
<Event-Source data_type="1">IAS</Event-Source>
<Class data_type="1">311 1 10.254.92.10 04/20/2012 05:45:08 8</Class>
<Authentication-Type data_type="0">11</Authentication-Type>
<Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant>
<Client-IP-Address data_type="3">10.254.92.38</Client-IP-Address>
<Client-Vendor data_type="0">0</Client-Vendor>
<Client-Friendly-Name data_type="1">VSI-open</Client-Friendly-Name>
<Proxy-Policy-Name data_type="1">Connessioni wireless sicure</Proxy-Policy-Name>
<Provider-Type data_type="0">1</Provider-Type>
<SAM-Account-Name data_type="1">VSISRV2K\bertig</SAM-Account-Name>
<Fully-Qualifed-User-Name data_type="1">VSISRV2K\bertig</Fully-Qualifed-User-Name>
<NP-Policy-Name data_type="1">Connessioni wireless sicure</NP-Policy-Name>
<Packet-Type data_type="0">3</Packet-Type>
<Reason-Code data_type="0">23</Reason-Code>
</Event>
Any ideas ?
Thanks.