Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5925
Views
0
Helpful
3
Replies

Authenticate wireless users with Active Directory and NPS

John Woods
Level 1
Level 1

‎11-13-2014 06:53 PM - edited ‎07-05-2021 01:56 AM

We currently have a wireless infrastructure consisting of 2702i access points and a 5508 controller. We have a guest (Internet only) SSID and also a private (corporate) SSID. We are currently using PSK for the corporate wireless but I would much rather have users authenticate through Active Directory. I have Googled this and see some people say it is possible using Server 2008 R2 and NPS.

Has anyone ever successfully deployed this solution? If so, I would greatly appreciate information on how to configure this. One key thing to note is that we do have non-domained devices that will still need to authenticate against user accounts in AD.

Thank you in advance,

John

Labels:
0 Helpful
3 Replies 3

George Stefanick
VIP Alumni
VIP Alumni

‎11-14-2014 07:34 AM

Hi John,

 

You will have some reading to do my friend. I will outline the key components and the process with some links. 

 

802.1X - 

You are looking to do 802.1X (EAP). Whereby you leverage a radius server NPS and authenticate users against a database, in this case AD.  If you never done this before. Know that you will need to configure the radius side and also the client side. 

http://technet.microsoft.com/en-us/library/cc759077(v=ws.10).aspx 

 

NPS - 

Configuration 

http://technet.microsoft.com/en-us/library/dd283091(v=ws.10).aspx 

 

EAP - 

You will have to select an EAP type. The most common and widely supported is EAP-PEAPv0. It supports MsChapV2. I might suggest leading with EAP-PEAPv0.

http://www.networkworld.com/article/2223672/access-control/which-eap-types-do-you-need-for-which-identity-projects.html 

 

WLAN - 

You will need to configure your WLAN as 802.1X.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70/c70sol.html

 

CLEINT -

You will need to configure your clients with PEAP.

https://supportforums.cisco.com/document/68096/peap-authentication-configuration-example-windows-7

 

Hope this helps ..

 

 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

John Woods
Level 1
Level 1
In response to George Stefanick

‎11-14-2014 07:36 PM

George, thank you for the detailed reply. I will let you know how it goes.

Thank you,

John

0 Helpful

Jeffrey Keown
Cisco Employee
Cisco Employee

‎11-14-2014 07:58 AM

this document has a good 'how to' section on configuring NPS:

 

http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_BN_WirelessLANDeploymentGuide-Feb2013.pdf

 

page 16

 

hth

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card