cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6660
Views
5
Helpful
12
Replies

Configuration between Wireless Controller 2504 and Windows 2008 NPS as Radius Server

alemunmo81
Level 1
Level 1

Hello All

I am actually working in configuring a wireless controller 2504 integrated a windows 2008 server as radius server for authenticating the network users registered in a windows active directory database. The Radius server is a Windows 2008 Server with the rol of Network Policy Server.

I have been following a pair of documents in Internet, but it doesn't work yet.

Which authentication method should i use?...the Windows 2008 NPS doesn't work wtih LEAP, should i use PEAP or there is an another recomendation to authenticate the windows active directory users?

I would appreciate if somebody can share me a configuration tested working between a cisco wireless controller and Windows 2008 NPS as Radius Server for authenticating the windows network users.

Thanks a lot.

Alexis 

12 Replies 12

Scott Fella
Hall of Fame
Hall of Fame

You need to use PEAP. The configuration on the WLC is simple. The WLAN is set for 802.1x I would use WPA2/AES and then assign your radius server on that WLAN. The NPS part, you will need to look online to fine some good examples. If I find some, I will post it.

Sent from Cisco Technical Support iPad App

-Scott
*** Please rate helpful posts ***

http://blog.instruosolutions.com/2012/10/10/configuring-microsoft-nps-server-2008-for-wireless-client-authentication-ms-peap/

Sent from Cisco Technical Support iPad App

-Scott
*** Please rate helpful posts ***

Hello Scott

Thanks a lot for your answer, i have followed the document as example and i had some problems matching the network policy on the NPS due to the NPS has connection request policies and network policies for setting up, understanding that one is for authentication and the other one for authorization,  additionaly, other issue was when duplicated the certificate template, i had to use the certificate issued by default on the CA for requesting a new certificate for the NPS Server.

After days looking for figuring up this issues, it has worked well. As you told me, the configuration on the Wireless Controller was the easy part, the issue come up when i started working on the NPS as Radius Server.

One more thing, for applying FlexConnect or HREAP for the Remote APs that i have distributed on my branch offices, should i use other WLAN configured on the Wireless Controller or with the same WLAN use for all the user is enough applying the parameters for getting work with HREAP?

I would appreciate any help fot getting work with HREAP.

Thanks a lot.

Alexis

You should be able to use the same SSID or a new one. You just have to ensure you setup the site infrastructure and the AP for FlexConnect.

I used this recently with central auth/local switching which worked well:

http://www.cisco.com/en/US/docs/wireless/controller/7.3/configuration/guide/b_wlc-cg_chapter_01110.pdf

I recently set up exactly same setup.. Hope every thing is ok with you now otherwise let me know.

Thanks

Hi,  I'm configuring the same setup..   evrything works except one scenario..

if I add the policy "machine group"  or "windows group" for "Domain Computers "

It does'nt allow the laptop to connect to the network. But the laptop is already added to the domain and in AD it is under the Domain computers group.

any idea?

Windows 2008 NPS only seems to accept machine or user authentication. It won't work with both machine and user authentication. I have seen this stated somewhere but I can't remember where. NPS is a bit limited. If you want to use compound conditions for authentication then you'll probably be better off with an ACS server.

Regards

Roger

I think i had the same issue if i add Windows Group ( Domain User and Domain Computers) all works ok but if i add Machine group laptop don't authenticate. Really strange

Yes that is correct. Domain Computers policy does'nt work.

But I'm facing a diffrent issue now..

I've configured NPS with domain users policy.

When I connect a laptop (not connected to domain & logined as local user) it prompted for user credentials and I entered my AD username & password, connected.

But the problem is , it connects automatically to the wireless even if I log off and then login back

so when I login back it did'nt ask for the domain user credentials and automatically connected to the wireless.

I unchecked "enable fast reconnect" & also not checked "save this user name and password for future use" but still it is automatically conencting to the wireless ...

is it somethign to do with NPS/ any idea ?

This is possibly a setting on your wireless profile. Are you disconnecting from the wireless network or logging off from the computer? If you are only disconnecting from the wireless then remember that the authentication credentials will be cached in the wireless controller for 5 minutes by default.

Check this setting on your profile:

Regards

Roger

Are you applying client side settings through gpo if you do then i think you need to uncheck this option in GPO policy

scottsassin
Level 1
Level 1

Can someone let me know how to configure the RADIUS in Windows 2008 and WLC to authenticate the Management User?  Is there a way to do this.  I recently configured all the switches and routers to work this way.

Thanks,

Scott Sassin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: