Wireless Access

Reply
Occasional Contributor I
Posts: 6
Registered: ‎05-02-2012

Radius Server

I'm having problem setting up authentication to Microsoft AD, I'm think of setting up ubuntu 11.10 server as a Radius server with freeradius.  I can't seem to find documentation on how to configure this. Any recommendations?

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: Radius Server

Did you do a search for Windows 2008 in the forums?  There is a guide there...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎05-02-2012

Re: Radius Server

I'm new to airheads, feeling my way around.

Occasional Contributor I
Posts: 6
Registered: ‎05-02-2012

Re: Radius Server

I did the search, but not finding anything on Linux Ubuntu freeradius.

Contributor II
Posts: 61
Registered: ‎02-20-2012

Re: Radius Server

Hello,

 

I developed Aruba - Windows 2008 R2 radius authention system with 802.1X PEAP.

I tried the same research in technet.microsoft.com or msdn, but there was not a good document.

 

Here I am going to explain required steps for Windows 2008 R2 server:

 

1. On Active directory or any member server (server which joins in the domain) install Active Directory Certificate Services

   On Server Manager click Add Roles

   Click Next to continue

   Choose Active Directory Certificate Services and click Next

   Click Next to continue

   Click Certification Authority and click Next

   Click Enterprise and click Next (Note: You need Windows 2008 R2 Enterprise version to choose Enterprise. If you have Windows 2008 R2 standard, you can only choose standalone)

   Click Root CA and click Next

   Choose Create a new private key and click Next

    Keep dafault values (RSA#Microsoft Software Key Storage Provider 2048 , SHA1) and click Next

   Keep the common name as displayed and click Next

   Set Validity period (5 Years for CA) and click Next

   Keep default values and click Next

   Confirm the setting values and click Install.

 

2. On Active directory or any member server (server which joins in the domain) install Network Policy and Access Services

    On Server Manager scren click Add Roles

    Click Next to continue

    Click Network Policy and Access Services and click Next

    Click Next to continue

    Select Network Policy Server and click Next

    Click Install to install Network Policy and Access Services

    On Server Manager screen, open the left pane and click on NPS(Local). On Getting started screen, choose RADIUS server for 802.1X Wireless or Wired Connections and click Configure 802.1X

    Choose Secure Wireless Connctions. Leave default name "Secure Wireless Connections" and click Next.

    Click Add to add RADIUS client.

    On New RADIUS client screen, type in Wireless controller's friendly name and IP address. Click on Manual radio button and type in shared secret. Shared secret should match with Wireless controller. [NOTE: If you specify Loopback IP address on Aruba controller, but you should specify Interface IP address. For example, if your VLAN interface IP is 192.168.1.100 and Loopback(Controller IP) is 192.168.1.101, you still need to specify 192.168.1.100 here. You can confirm which IP address tries to speak to Windows 2008 R2 RADIUS by capturing Wireshark trace. Filter TCP 1812 packets to narrow capturing packets.

     Choose Microsoft PEAP. [Note: This article only mentions about PEAP. There is another EAP-TLS. ]

     Choose the certificate "servername.domainname". "domainname-servername-CA" is CA certificate and CA certificate cannot be used for 802.1X. If you only see CA certificate in the window, you need to create server certificate manually. This is Windows 2008 R2 known issue. Please refer to Windows Server Techcenter - Windows server forums - Network Access Protection - Having Issues getting PEAP with EAP-MSCHAP v2 working on Windows 2008 R2. Perform Mr. Greg Lindsay's step (Friday April 22, 2011 5:44pm) Try this:  to re-issue a certificate.

 

     Specify User Groups such as domainname\Domain Users. [Note: If user cannot be authenticated, you need to Allow each user's dial-in profile]

 

     Configure Traffic Controls - click Next.

     Click Finish to create NPS Policy.

 

     Aruba controller setting:

 

     Confuguration - Security - Authentication - Server Group and add new server group "Win2008"

     Configuration - Security - Authentication - Radius server and add new radius server "Win2008RADIUS"

     On Win2008RADIUS setting, type in Host IP (Windows 2008's IP address). Type key, which should match with Windows 2008's RADIUS client. Click Apply

     Go back to Server Group Win2008 and under Servers click New. Choose Win2008RADIUS and click Add Server. Click Apply.

     Now you can test RADIUS authentication. Diagonostics - Network - AAA Test Server - Choose Win2008RADIUS in the server name. Choose MSCHAPv2. Type in Windows Active Directory's user and password and click Begin Test. If test is successful, your RADIUS configuration is right. If you set Wireshark trace, you can observe Radius requet and Radius accept (TCP 1812) in the trace.

    

 

 

 

Occasional Contributor I
Posts: 6
Registered: ‎05-02-2012

Re: Radius Server

The AD is Windows 2003 server

Contributor II
Posts: 61
Registered: ‎02-20-2012

Re: Radius Server

If your server is Windows 2003 server, please refer to the article below.

This says windows 2000 server, but configuration steps are same with windows 2003 server.

 

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/Security/SettingupWindows2000Radiustoauthenticatewireless802.1xclients.html

MVP
Posts: 562
Registered: ‎11-28-2011

Re: Radius Server

Alternatively, Google "Step-by-Step Guide for Setting Up Secure Wireless Access in a Test Lab" for a Microsoft guide. It's pretty easy.

 

Tricky bit is importing certificates on servers where it's already got SSL stuff running without breaking it!!!!

Kudos appreciated, but I'm not hunting! (ACMX 104)
Occasional Contributor I
Posts: 7
Registered: ‎12-05-2011

Re: Radius Server

It took me blowing away 4 CentOS servers to get it running up to the point of creating a cert.  I used these web site in order to get it running.  Good luck.  

 

 

http://itscblog.tamu.edu/joining-samba-to-a-windows-2008-r2-domain/

 

http://deployingradius.com/documents/configuration/active_directory.html

 

If you or someone can document the process into one.  Please let me know!!!!

Occasional Contributor I
Posts: 6
Registered: ‎05-02-2012

Re: Radius Server

Thanks everyone, We are just trying to connect the Aruba 3400 to the AD 2003 sever, first we tried LDAP which didn't work so now trying configuring Radius on the server.

Search Airheads
Showing results for 
Search instead for 
Did you mean: