Showing results for 
Search instead for 
Did you mean: 

Authenticate wireless users with Active Directory and NPS

John Woods

We currently have a wireless infrastructure consisting of 2702i access points and a 5508 controller. We have a guest (Internet only) SSID and also a private (corporate) SSID. We are currently using PSK for the corporate wireless but I would much rather have users authenticate through Active Directory. I have Googled this and see some people say it is possible using Server 2008 R2 and NPS.

Has anyone ever successfully deployed this solution? If so, I would greatly appreciate information on how to configure this. One key thing to note is that we do have non-domained devices that will still need to authenticate against user accounts in AD.

Thank you in advance,



Hi John,


You will have some reading to do my friend. I will outline the key components and the process with some links. 


802.1X - 

You are looking to do 802.1X (EAP). Whereby you leverage a radius server NPS and authenticate users against a database, in this case AD.  If you never done this before. Know that you will need to configure the radius side and also the client side. 


NPS - 



EAP - 

You will have to select an EAP type. The most common and widely supported is EAP-PEAPv0. It supports MsChapV2. I might suggest leading with EAP-PEAPv0. 



You will need to configure your WLAN as 802.1X.



You will need to configure your clients with PEAP.


Hope this helps ..



"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

George, thank you for the detailed reply. I will let you know how it goes.

Thank you,


Jeffrey Keown
Cisco Employee
Cisco Employee
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: