Security

last person joined: 3 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Radius server setup on Windows 2012

  • 1.  Radius server setup on Windows 2012

    Posted Mar 24, 2014 11:49 PM

    Hi,

     

    anyone encounter any issues with Radius on win2012. I setup new radius server 2012 but i can't seems to get it to talk to my IAP.

     

    I followed the setup guide for win 2008R2 radius setup.

     

    Regards,

    Roy Chan



  • 2.  RE: Radius server setup on Windows 2012

    Posted Mar 25, 2014 01:09 AM

    You can fallow my manual if you want it to work with 802.1x

    http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/tutorial-802-1X-with-Server-Derived-user-role-Instant-Windows/td-p/146084

     

    Hopefully that helps you

     

    Cheers

    Carlos



  • 3.  RE: Radius server setup on Windows 2012

    Posted Mar 25, 2014 01:26 AM

    Awesome. Thanks a lot. 



  • 4.  RE: Radius server setup on Windows 2012

    Posted Dec 08, 2014 07:17 AM

    Hi,

     

    I have gone through your link. Iam having one small doubt.

     

    While configuring it is asking for  IP/DNS address. Which IP address i have to give?

    1) Is it an IP address given by the network service provider (122.166.214.27) ?

    2) Is it an IP address of the server i.e., 192.168.50.11 ( where iam configuring Radius Server) ?

    3)Is it an IP address of the firewall ( We are using fortinet for that the IP is 192.168.50.1) ?

     

    All our client machines are getting IP from server (192.168.50.11) , The server is DHCP enabled.

     

    The Server IP address is as follows:

    IP: 192.168.50.11

    Gateway: 192.168.50.1

    DNS: 192.168.50.1

     

    Regards.,

    Srinivas.



  • 5.  RE: Radius server setup on Windows 2012

    Posted Dec 10, 2014 05:23 AM

    Srinivas, is it the Radius Client IP-adress you're referring to (picture 4 in NightShades guide)? This is the IP the Controller use when sending Radius traffic to the Radius server. Usually this is the controller-ip, but is configurable.



  • 6.  RE: Radius server setup on Windows 2012

    Posted Dec 10, 2014 05:28 AM

    Hi John,

     

    Yes iam having a doubt about that IP( which is in fig-4) only. Controller IP in the sense the IP used for the configuration of the Aruba device( IAP-115) right?

     

     

     

     

    Regards.,

    Srinivas.



  • 7.  RE: Radius server setup on Windows 2012

    Posted Dec 10, 2014 05:36 AM

    If you're doing this with IAP - under System you need to enable "Dynamic Radius proxy" and add a "Virtual Controller IP". Use this VC-IP as Radius Client IP on the Radius Server. Make sure there is routing and openings for udp 1812/1813 between the Radius Server and this VC-IP.

     

     



  • 8.  RE: Radius server setup on Windows 2012

    Posted Dec 10, 2014 05:53 AM

    Hi,

     

    Thanks for the reply.

     

    This things i have already done. But when connecting to that wifi using windows credentials it is showing as unable to connect. I think there is a connectivity issue between IAP & Radius server.

     

    Kindly find the below attachments.

     

     

    Regards.,

    Srinivas.



  • 9.  RE: Radius server setup on Windows 2012

    Posted Dec 10, 2014 06:27 AM

    srinivas7y@gmail.com,

     

    You should check to see if there is anything in the Event Viewer on the Windows Server under Custom Views> Server Roles> Network Policy and Access.  That would give you a clue what is happening.

     

     



  • 10.  RE: Radius server setup on Windows 2012

    Posted Dec 10, 2014 06:36 AM

    On the Instant you can also check the "show ap debug radius-statistics" either in CLI or through the GUI "More -> Support".

     

    Here you'll find useful counters like

    • Invalid secret
    • Timeout
    • Mismatch

    Based on this and the findings in NPS log you should be able to narrow the issue down enough to solve it.



  • 11.  RE: Radius server setup on Windows 2012

    Posted Dec 10, 2014 07:07 AM
      |   view attached

    Hi John,

     

    I think this may be the cause.

     

    I have already enabled windows authentication but event viewer is showing as below.

     

    Kindly find the attachment.

     

    Regards.,

    Srinivas.

     



  • 12.  RE: Radius server setup on Windows 2012

    Posted Dec 10, 2014 07:25 AM

    srinivas7y@gmail.com,

     

    What is configured under the "Constraints" tab in NPS?  Your event viewer says that it is not being classified by any any policies, basically.  The "Connections to other Access Servers" policy is normally hit, when your conditions and/or are constraints are too restrictive.  Your constraints tab should like like the below:

     

    constraints.png



  • 13.  RE: Radius server setup on Windows 2012

    Posted Dec 11, 2014 06:14 AM

    Hi John,

     

    The configuration and all the remaining things are same,but still iam unable to find the solution.

     

    Kindly find the attachments.

     

     

    Regards.,

    Srinivas.



  • 14.  RE: Radius server setup on Windows 2012

    Posted Dec 11, 2014 06:48 AM

    Please open a case with TAC so that they can go through your configuration in detail.

     



  • 15.  RE: Radius server setup on Windows 2012

    Posted Dec 11, 2014 07:30 AM

    Hi,

     

    Ok then, i will chech with them.

     

     

    Regards.,

    Srinivas.



  • 16.  RE: Radius server setup on Windows 2012

    Posted Mar 16, 2016 10:35 AM

    Completely unhelpful, especially with screenshots in Spanish.  I am having the same issue where I can't get the IAP to communicate with the Radius server (Windows Server 2012).  The link provided is for configuration with server derived user roles.  I don't need to use that, just plaing old authentication for WiFi access.



  • 17.  RE: Radius server setup on Windows 2012

    Posted Mar 16, 2016 10:40 AM

    Mikey71174,

     

    What are you referring to?  This thread is almost two years old.  You should open your own thread so we can see what your problem is.  The radius server configuration is pretty vanilla across manufacturers and not even anything that is specific to Aruba.  Microsoft has its own guide that applies to every manufacturer with regards to setting up NPS 2012 here:  https://technet.microsoft.com/en-us/library/jj721726.aspx

     

    If you have more specific questions, you should open your own thread.