Wireless Access

last person joined: 2 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

802.1x authentication with NPS on windows server 2008

  • 1.  802.1x authentication with NPS on windows server 2008

    Posted Feb 10, 2015 09:36 PM

    I configured both on controller and radius server but I try to login by inserting username and password. There's warning that "Netwok policy server denined access to a user" and reason it 's "The client aould not be authenticated because the EAP type cannot be processed by server"

     

     

    On labtop network authentication method is PEAP



  • 2.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 10, 2015 09:37 PM
    Is PEAP configured in your network policy on the NPS side?


  • 3.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 10, 2015 09:44 PM

    In authentication methed I try to edit "PEAP" but it alerts "A certificate could not be found that can be used with this EAP"

     

    Nomally Should I configure EAP ?? 

     

    Capture5.PNG



  • 4.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 10, 2015 09:45 PM
    You need to create a server certificate for use with PEAP.


  • 5.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 10, 2015 09:53 PM

    If i choose authentication method is MS-CHAP, Is i still use server certificates ?



  • 6.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 10, 2015 09:54 PM
    Yes.


  • 7.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 11, 2015 10:22 PM

    How i install server certificate ? do you have any guidelines ?

     

    Thanks



  • 8.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 11, 2015 10:23 PM


  • 9.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 11, 2015 10:34 PM
    i should export server cert and import it to client right ?


  • 10.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 11, 2015 10:35 PM
    Is it a publicly signed certificate?


  • 11.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 11, 2015 10:44 PM

    I think it is not public cert. My server use within organization



  • 12.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 11, 2015 10:50 PM

    This can get a bit complex.

     

    1) If the certificate is signed by your internal CA and the client has the internal CA installed (common on AD-joined machines), then you do not have to install the certificate locally. You will however need to either push down network policy through group policy or manually configure clients with your RADIUS server names and select the internal root CA as trusted for the connection profile (SSID).

     

    2) For Windows machines that do not receive the root CA (non-AD joined), they will have to have the internal root CA installed in the local certificate store and configure the wireless supplicant with the RADIUS server names and select the internal root CA as trusted for the connection profile (SSID).

     

    3) Mac OS X devices will prompt the user to trust the certificate (generally requires admin rights). If you manage your Mac OS X devices, the management platform can push down a configuration profile.

     

    4) Mobile device users (smartphones and tablets) will be prompted to access the certificate

     

    5) Chrome OS devices require you to install the internal root CA on the device and select it in the network configuration settings.



  • 13.  RE: 802.1x authentication with NPS on windows server 2008

    Posted Feb 10, 2015 11:40 PM
    It can be issued by an internal CA as long as the client trusts it.