can radius server be installed on a domain controller with only wireless access
how would the controller authenticate itself if it's only connection is wireless if the radius server is installed on the same server as the domain controller?
July 1st, 2012 11:46am

depending on your settings, RADIUS can authenticate himself by using server certificate. And it is ok to install RADIUS on domain controller.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2012 1:09am

thank you for your response vadim. i am complete noob. ive set up my home domain on server 2008. the controller is on a pc which can only connect via wireless card. i am using a wrt54g router as wireless and lan access point. it works fine as long as i use wpa2-personal. when i switch to wpa2-enterprise, i set radius server ip on the wrt54g as the ip for the domain controller but then i can only see the router momentarily and then when it tries to authenticate it is no longer visible. can you provide with instructions for setting this up please. i have domain controller, radius server, dns, and dhcp all on the wireless pc running server 2008. the other computer runs windows 7 ultimate 64 bit. please remember i am complete noob.
July 2nd, 2012 3:47pm

That is a typical catch-22, the Radius server can not be on the same WLAN SSID that is authenticated by that Radius server! You can get this running if you have another SSID with WPA-PSK to connect the server and another with 802.1x(radius) to connect alla other devices and users. /Hasain
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2012 4:28am

can i install something like free radius on another computer strictly for authenticating wireless connections. would it play nice with the windows server 2008 domain controller?
July 3rd, 2012 8:14am

You can get free radius to work with AD through LDAP but not as easy as the built in Radius service via NPS. Regardless that I think that you need to make sure the connection between the wireless AP and the Radius server not depending on the wireless authentication it self. The best solution is probably to connect the server and the wireless AP/controller using an ethernet connection. /Hasain
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2012 9:02am

ok, did that. i connected the dc (server 2008) to the ap via cable. now i cannot connect a pc running windows 7x64 to the domain unless i change ap to wpa2-personal. when using wpa2-enterprise, i configured the ap to look to the dc controller ip for radius authentication, i can see the ap on the windows 7 machine momentarily then it disappears.
July 3rd, 2012 4:33pm

Good, now the server and AP can reach each others you need to: Install the NPS role on your serverConfigure a Network Policy on the NPS server role to support WLAN auth using 802.1x http://technet.microsoft.com/en-us/library/cc753678Configure a wireless policy on your clients (preferably using Group Policy) http://technet.microsoft.com/en-us/library/dd283034(v=ws.10)Configure your AP to use 802.1x and sen the requests to the NPS server For more general discussion about 802.1x pelase check the 802.1X Authenticated Wireless Deployment Guide http://technet.microsoft.com/en-us/library/dd283093(v=ws.10) /Hasain
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2012 4:44pm

ok, done all of this, but i cannot get the radius server to authenticate my host.
July 4th, 2012 11:25pm

here's my accounting log: <Event><Timestamp data_type="4">07/07/2012 04:59:40.525</Timestamp><Computer-Name data_type="1">WIN-H4F6BS7RKHK</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name data_type="1">host/HOME-PC.MyHomeDomain.local</User-Name><NAS-IP-Address data_type="3">192.168.1.101</NAS-IP-Address><Called-Station-Id data_type="1">0018f8cf0cbe</Called-Station-Id><Calling-Station-Id data_type="1">00195b66d98b</Calling-Station-Id><NAS-Identifier data_type="1">0018f8cf0cbe</NAS-Identifier><NAS-Port data_type="0">52</NAS-Port><Framed-MTU data_type="0">1400</Framed-MTU><NAS-Port-Type data_type="0">19</NAS-Port-Type><Client-IP-Address data_type="3">192.168.1.101</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Home Wireless</Client-Friendly-Name><Class data_type="1">311 1 192.168.1.102 07/07/2012 09:44:31 1</Class><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event> <Event><Timestamp data_type="4">07/07/2012 04:59:40.525</Timestamp><Computer-Name data_type="1">WIN-H4F6BS7RKHK</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 192.168.1.102 07/07/2012 09:44:31 1</Class><Client-Friendly-Name data_type="1">Home Wireless</Client-Friendly-Name><Client-Vendor data_type="0">0</Client-Vendor><Client-IP-Address data_type="3">192.168.1.101</Client-IP-Address><Packet-Type data_type="0">3</Packet-Type><Reason-Code data_type="0">49</Reason-Code></Event>
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2012 8:08am

July 8th, 2012 4:14am

The reason code presented in the logs indicates that the connection request policy in your IAS does not match the authentication request! Please make sure you have configured IAS properly. There are many resources available on the TechNet site but this guide http://lab.technet.microsoft.com/en-us/library/dd162271.aspx will give you a good overview of the necessary steps using IAS in Windows Server 2003. /Hasain
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2012 5:30am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics