Scribd Logo
Upload

Welcome to Scribd!

  • Using Windows 2008 With Aruba Controllers: Rename The Server

    Uploaded by

    tekalien
    16 views36 pages
    steps involve in configuring NPS and radius for wireless network access with 802.1x, with peap

    Original Title

    Windows2k8_NPSand_WirelessNetworks

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    steps involve in configuring NPS and radius for wireless network access with 802.1x, with peap

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views36 pages

    Using Windows 2008 With Aruba Controllers: Rename The Server

    Uploaded by

    tekalien
    steps involve in configuring NPS and radius for wireless network access with 802.1x, with peap

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 36

    !"#$% '#$()*" +,,- '#./ 01234 5)$.

    1)6671"
    veision 1.u
    Tobias Rice
    This will be a basic setup using Winuows 2uu8 Seivei to allow uot1x auth with an
    Aiuba contiollei. Steps to have a basic installation incluue:
    1. Rename the seivei
    2. Setting seivei as Bomain Contiollei
    S. Installing Ceitificate Seivices
    4. Request Ceitificates (optional)
    S. Installing Netwoik Policy Seivices (pieviously IAS)
    6. Cieating uioup Policies

    87$497 :/7 ;71<71

    Something uiffeient about Winuows 2uu8 Seivei is that the seivei name is auto-
    geneiateu anu you aie not given a chance uuiing the install to name the seivei so
    you must uo !"#$%" installing Active Biiectoiy oi Ceitificate Seivices.
    In the "Initial Configuiation Tasks" winuow, click the "Pioviue computei name anu
    uomain" link.

    Entei a Computei uesciiption anu click the "Change." button to change the
    computei name. I'll be using WLAN-BC as my name anu uesciiption.







    Entei the Computei name anu click "0K" anu ieboot when piompteu.


    ;7..#$% ;71<71 4" 4 =)94#$ 5)$.1)6671
    Foi this example we setup a new foiest foi the wlan.net uomain. Seivei 2uu8
    abstiacts most seivei function into "Roles" so we'll be auuing the Active Biiectoiy
    Bomain Seivices Role with the Seivei Nanagei by clicking "Roles" anu clicking "Auu
    Roles."

    Select the Active Biiectoiy Bomain Seivices Role.

    Click thiough the confiimation scieens anu click Install. You shoulu get see an
    installation piogiess scieen anu finally an "installation success" message that asks
    you to iun the commanu "ucpiomo.exe" which will configuie youi uomain. So click
    the link to iun "ucpiomo" oi click the "Stait" button, select "Run" anu entei
    "ucpiomo.exe". You shoulu now see the "Active Biiectoiy Bomain Seivice" install
    wizaiu. Click "Next " to continue.











    Choose "Cieate a new uomain in a new foiest" anu click "Next".

    Foi oui example uomain we'll use "wlan.net". Click "Next" anu it will check to see if
    the name is alieauy useu on the netwoik.









    When askeu to set which "Foiest Functional Level" I useu the 2uu8 level.

    The next scieen you'll see is a waining that the BNS seivice isn't install anu will
    offei to install it foi you. }ust click "Next" to accept anu install.

    It will uisplay the following waining, just click "Yes" to continue.

    }ust accept the uefaults anu click "Next".
    Now you'll be piompteu to entei a "Biiectoiy Seivices Restoie Noue Auministiatoi
    Passwoiu". Entei a passwoiu anu click "Next".

    Click "Next" at the Summaiy scieen.

    You'll now see the Installation Wizaiu install BNS anu Active Biiectoiy. Check the
    "Reboot on completion" box anu once the wizaiu finishes it'll ieboot anu be ieauy
    foi the next step.




    >$".466#$% 571.#?#@4.7 ;71<#@7"

    To enable PEAP oi EAP-TLS we'll neeu to install Ceitificate Seivices to enable a
    Ceitificate Authoiity (CA) to geneiate anu sign ceitificates foi oui uomain. Again,
    auu a Role via the Seivei Nanagei anu select "Active Biiectoiy Ceitificate Seivices"
    anu click "Next".

    Click thiough the confoimation scieen anu select "Ceitification Authoiity" anu
    "Ceitificate Authoiity Web Eniollment" which will tell you that you'll neeu IIS to be
    installeu to use the "Ceitificate Authoiity Web Eniollment". Click "Auu Requiieu
    Role Seivices" anu click "Next" to continue.

    When piompteu foi which type of Ceitificate Authoiity to install, choose
    "Enteipiise".

    When piompteu foi CA Type, select "Root CA" anu click "Next".

    When piompteu to Set 0p Piivate Key select "Cieate a new piivate key" anu click
    "Next".

    When piompteu to Configuie Ciyptogiaphy foi CA, accept the uefaults anu click
    "Next" foi the iest of the confoimation scieens.



    87A27". 571.#?#@4.7" B)C.#)$46D

    Now that we have oui Ceitificate Authoiity (CA) up anu iunning we may want to
    iequest a ceitificate foi oui Authentication Seivei.
    We'll cieate a Niciosoft Nanagement Console (NNC) that will allow us to iequest
    anu install the ceitificate foi oui seivei. Piess the "Stait" button anu entei "NNC" in
    the commanu fielu to open the NNC. Next we'll auu the Ceitificate (Foi Local
    Computei) snap-in by clicking "File" anu choosing "AuuRemove Snap-in". Select
    "Ceitificates" anu click "Auu".

    Now be suie to select "Computei Account" anu click "Next".

    Choose "Local Computei", click "Finish" anu "0K".

    &'() While you'ie heie you might as well auu the "Ceitificate Authoiity" snap-in anu
    save this NNC to youi uesktop because you'll neeu it again in the futuie.
    To iequest a ceitificate foi youi seivei (if you uon't want to use the uefault
    ceitificate) expanu "Ceitificates (Local Computei Account)", "Peisonal", anu iight-
    click "Ceitificates" anu select "All Tasks", "Request New Ceitificate."

    Click thiough the Eniollment scieens choosing the settings you uesiie foi youi
    ceitificate.


    >$".466#$% E7.*)1F G)6#@H 4$( 0@@7"" ;71<#@7"

    In Winuows 2uu8 Seivei you can no longei just install the Inteinet Authentication
    Seivice (IAS) anu have RABI0S functionality. You must now install Netwoik Policy
    anu Access Seivices, which now incluue eveiything fiom eailiei veisions of
    Winuows seivei such as RRASIASetc,. but now incluues NAP (think NAC foi
    Winuows). We will be installing anu configuiing just enough to enable PEAP anu
    RABI0S functionality with oui Aiuba contiollei. So once again heau to the Seivei
    Nanagei anu "Auu a Role" selecting "Netwoik Policy anu Access Seivices" anu click
    thiough the confiimation scieen.

    Select "Netwoik Policy Seivei", "Routing anu Remote Access Seivices", "Remote
    Access Seivice" anu "Routing". Click "Next", click thiough the confiimation scieen
    anu click "Install".

    Installation will take a couple of minutes anu piesent you with an install summeiy.
    }ust click "Close".
    Now that NPS is installeu, piess the "Stait" button anu entei "nps.msc" in the
    commanu fielu. The NPS NNC shoulu open up allowing you to select the "RABI0S
    seivei foi 8u2.1X Wiieless oi Wiieu Connections" Installation Wizaiu fiom the
    "Stanuaiu Configuiation" pull-uown menu anu click "Configuie 8u2.1X".

    Fiom the "Select 8u2.1X Connections Type" page, select "Secuie Wiieless
    Connections" anu click "Next".

    Fiom the "Specify 8u2.1X Switches" scieen click "Auu." anu entei the settings foi
    youi Aiuba contiollei anu piess "0K".

    Foi the "Configuie an Authentication Nethou" scieen select "Niciosoft Smait Caiu
    oi othei ceitificate" foi EAP-TLS oi "Niciosoft Piotecteu EAP (PEAP)" foi PEAP. I
    will be selecting PEAP foi this example anu click "Configuie."

    Select the appiopiiate ceitificate to use foi this seivei. In this case we'll use the
    "WLAN-BC.wlan.net" ceitificate anu click "0K".

    Foi the "Specify 0sei uioups" scieen select the useis anuoi gioups you woulu like
    to allow wiieless access. Foi this example I am allowing all of my uomain useis by
    selecting the "Bomain 0seis" gioup. If I want to enfoice Nachine Authentication I
    neeu to auu the "Bomain Computeis" gioup as well as checking the "Enfoice
    Nachine Auth" option in the uot1x policy on my Aiuba contiollei. Click "Next" to
    continue.
    *$+") uioups listeu heie aie consiueieu as an 0R statement.

    Foi the next scieen you can click "Next" anu "Finish" oi click "Configuie." to auu
    RABI0S attiibutes foi Seivei Beiivation iules.

    Foi example, you may want to map the "Bomain 0seis" to the "employee_iole" on
    youi Aiuba contiollei. You coulu uo that heie with the "Filtei-Iu" attiibute.

    *$+") Theie seems to be a bug in Winuows if you mess with these attiibutes too
    much the "Filtei-Iu" attiibute vanishes. If this happens cancel out of the wizaiu anu
    stait ovei.
    Piess "Next" anu "Finish" to complete the wizaiu. This shoulu now allow you to
    authenticate useis against youi Winuows 2uu8 Seivei. To test youi configuiation,
    ssh to youi Aiuba contiollei anu configuie it to use the new RABI0S seivei.
    (NC8uu) >en
    Passwoiu:******
    (NC8uu) #configuie teiminal
    Entei Configuiation commanus, one pei line. Enu with CNTLZ

    (NC8uu) (config) #aaa authentication-seivei iauius nps
    (NC8uu) (RABI0S Seivei "nps") #host 1u.1.u.2S6
    (NC8uu) (RABI0S Seivei "nps") #enable
    (NC8uu) (RABI0S Seivei "nps") #key psswuiu
    (NC8uu) (RABI0S Seivei "nps") #nas-iuentifiei Aiuba-Nastei
    (NC8uu) (RABI0S Seivei "nps") #nas-ip 1u.1.u.2Su

    E)* .7". .) "77 #? 7<71H./#$% #" *)1F#$% C1)C716HI
    (NC8uu) #aaa test-seivei mschapv2 nps tobias qweity12!

    Authentication successful

    You might also like