can radius server be installed on a domain controller with only wireless access
how would the controller authenticate itself if it's only connection is wireless if the radius server is installed on the same server as the domain controller?
July 1st, 2012 11:46am
depending on your settings, RADIUS can authenticate himself by using server certificate. And it is ok to install RADIUS on domain controller.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2012 1:09am
thank you for your response vadim. i am complete noob. ive set up my home domain on server 2008. the controller is on a pc which can only connect via wireless card. i am using a wrt54g router as wireless and lan access point. it works fine as long as i
use wpa2-personal. when i switch to wpa2-enterprise, i set radius server ip on the wrt54g as the ip for the domain controller but then i can only see the router momentarily and then when it tries to authenticate it is no longer visible. can you provide with
instructions for setting this up please. i have domain controller, radius server, dns, and dhcp all on the wireless pc running server 2008. the other computer runs windows 7 ultimate 64 bit. please remember i am complete noob.
July 2nd, 2012 3:47pm
That is a typical catch-22, the Radius server can not be on the same WLAN SSID that is authenticated by that Radius server!
You can get this running if you have another SSID with WPA-PSK to connect the server and another with 802.1x(radius) to connect alla other devices and users.
/Hasain
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2012 4:28am
can i install something like free radius on another computer strictly for authenticating wireless connections. would it play nice with the windows server 2008 domain controller?
July 3rd, 2012 8:14am
You can get free radius to work with AD through LDAP but not as easy as the built in Radius service via NPS. Regardless that I think that you need to make sure the connection between the wireless AP and the Radius server not depending on the wireless authentication
it self. The best solution is probably to connect the server and the wireless AP/controller using an ethernet connection.
/Hasain
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2012 9:02am
ok, did that. i connected the dc (server 2008) to the ap via cable. now i cannot connect a pc running windows 7x64 to the domain unless i change ap to wpa2-personal. when using wpa2-enterprise, i configured the ap to look to the dc controller ip for radius
authentication, i can see the ap on the windows 7 machine momentarily then it disappears.
July 3rd, 2012 4:33pm
Good, now the server and AP can reach each others you need to:
Install the NPS role on your serverConfigure a Network Policy on the NPS server role to support WLAN auth using 802.1x http://technet.microsoft.com/en-us/library/cc753678Configure a wireless policy on your clients (preferably using Group Policy) http://technet.microsoft.com/en-us/library/dd283034(v=ws.10)Configure your AP to use 802.1x and sen the requests to the NPS server
For more general discussion about 802.1x pelase check the 802.1X Authenticated Wireless Deployment Guide http://technet.microsoft.com/en-us/library/dd283093(v=ws.10)
/Hasain
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2012 4:44pm
ok, done all of this, but i cannot get the radius server to authenticate my host.
July 4th, 2012 11:25pm
here's my accounting log:
<Event><Timestamp data_type="4">07/07/2012 04:59:40.525</Timestamp><Computer-Name data_type="1">WIN-H4F6BS7RKHK</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name data_type="1">host/HOME-PC.MyHomeDomain.local</User-Name><NAS-IP-Address
data_type="3">192.168.1.101</NAS-IP-Address><Called-Station-Id data_type="1">0018f8cf0cbe</Called-Station-Id><Calling-Station-Id data_type="1">00195b66d98b</Calling-Station-Id><NAS-Identifier data_type="1">0018f8cf0cbe</NAS-Identifier><NAS-Port
data_type="0">52</NAS-Port><Framed-MTU data_type="0">1400</Framed-MTU><NAS-Port-Type data_type="0">19</NAS-Port-Type><Client-IP-Address data_type="3">192.168.1.101</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name
data_type="1">Home Wireless</Client-Friendly-Name><Class data_type="1">311 1 192.168.1.102 07/07/2012 09:44:31 1</Class><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">07/07/2012 04:59:40.525</Timestamp><Computer-Name data_type="1">WIN-H4F6BS7RKHK</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 192.168.1.102
07/07/2012 09:44:31 1</Class><Client-Friendly-Name data_type="1">Home Wireless</Client-Friendly-Name><Client-Vendor data_type="0">0</Client-Vendor><Client-IP-Address data_type="3">192.168.1.101</Client-IP-Address><Packet-Type
data_type="0">3</Packet-Type><Reason-Code data_type="0">49</Reason-Code></Event>
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2012 8:08am
July 8th, 2012 4:14am
The reason code presented in the logs indicates that the connection request policy in your IAS does not match the authentication request! Please make sure you have configured IAS properly.
There are many resources available on the TechNet site but this guide http://lab.technet.microsoft.com/en-us/library/dd162271.aspx will give you a good overview of the necessary
steps using IAS in Windows Server 2003.
/Hasain
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2012 5:30am