Scribd Logo
Upload

Welcome to Scribd!

  • Using Windows 2008 With Aruba

    Uploaded by

    Zealich Jeff
    11 views36 pages
    Using Windows 2008 With Aruba

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Using Windows 2008 With Aruba

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views36 pages

    Using Windows 2008 With Aruba

    Uploaded by

    Zealich Jeff
    Using Windows 2008 With Aruba

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 36

    UsingWindows2008WithArubaControllers

    Version1.0 TobiasRice ThiswillbeabasicsetupusingWindows2008Servertoallowdot1xauthwithan Arubacontroller.Stepstohaveabasicinstallationinclude: 1. 2. 3. 4. 5. 6. Renametheserver SettingserverasDomainController InstallingCertificateServices RequestCertificates(optional) InstallingNetworkPolicyServices(previouslyIAS) CreatingGroupPolicies

    RenameTheServer
    SomethingdifferentaboutWindows2008Serveristhattheservernameisauto generatedandyouarenotgivenachanceduringtheinstalltonametheserverso youmustdobeforeinstallingActiveDirectoryorCertificateServices. IntheInitialConfigurationTaskswindow,clicktheProvidecomputernameand domainlink.

    EnteraComputerdescriptionandclicktheChangebuttontochangethe computername.IllbeusingWLANDCasmynameanddescription.

    EntertheComputernameandclickOKandrebootwhenprompted.

    SettingServerasaDomainController
    Forthisexamplewesetupanewforestforthewlan.netdomain.Server2008 abstractsmostserverfunctionintoRolessowellbeaddingtheActiveDirectory DomainServicesRolewiththeServerManagerbyclickingRolesandclickingAdd Roles.

    SelecttheActiveDirectoryDomainServicesRole.

    ClickthroughtheconfirmationscreensandclickInstall.Youshouldgetseean installationprogressscreenandfinallyaninstallationsuccessmessagethatasks youtorunthecommanddcpromo.exewhichwillconfigureyourdomain.Soclick thelinktorundcpromoorclicktheStartbutton,selectRunandenter dcpromo.exe.YoushouldnowseetheActiveDirectoryDomainServiceinstall wizard.ClickNexttocontinue.

    ChooseCreateanewdomaininanewforestandclickNext.

    Forourexampledomainwellusewlan.net.ClickNextanditwillchecktoseeif thenameisalreadyusedonthenetwork.

    WhenaskedtosetwhichForestFunctionalLevelIusedthe2008level.

    ThenextscreenyoullseeisawarningthattheDNSserviceisntinstallandwill offertoinstallitforyou.JustclickNexttoacceptandinstall.

    Itwilldisplaythefollowingwarning,justclickYestocontinue.

    JustacceptthedefaultsandclickNext.

    NowyoullbepromptedtoenteraDirectoryServicesRestoreModeAdministrator

    Password.EnterapasswordandclickNext.

    ClickNextattheSummaryscreen.

    YoullnowseetheInstallationWizardinstallDNSandActiveDirectory.Checkthe Rebootoncompletionboxandoncethewizardfinishesitllrebootandbeready

    forthenextstep.

    ToenablePEAPorEAPTLSwellneedtoinstallCertificateServicestoenablea CertificateAuthority(CA)togenerateandsigncertificatesforourdomain.Again, addaRoleviatheServerManagerandselectActiveDirectoryCertificateServices

    InstallingCertificateServices

    andclickNext.

    ClickthroughtheconformationscreenandselectCertificationAuthorityand CertificateAuthorityWebEnrollmentwhichwilltellyouthatyoullneedIIStobe installedtousetheCertificateAuthorityWebEnrollment.ClickAddRequired

    RoleServicesandclickNexttocontinue.

    WhenpromptedforwhichtypeofCertificateAuthoritytoinstall,choose Enterprise.

    WhenpromptedforCAType,selectRootCAandclickNext.

    WhenpromptedtoSetUpPrivateKeyselectCreateanewprivatekeyandclick Next.

    WhenpromptedtoConfigureCryptographyforCA,acceptthedefaultsandclick Nextfortherestoftheconformationscreens.

    RequestCertificates(optional)
    NowthatwehaveourCertificateAuthority(CA)upandrunningwemaywantto requestacertificateforourAuthenticationServer. WellcreateaMicrosoftManagementConsole(MMC)thatwillallowustorequest andinstallthecertificateforourserver.PresstheStartbuttonandenterMMCin thecommandfieldtoopentheMMC.NextwelladdtheCertificate(ForLocal Computer)snapinbyclickingFileandchoosingAdd/RemoveSnapin.Select

    CertificatesandclickAdd.

    NowbesuretoselectComputerAccountandclickNext.

    ChooseLocalComputer,clickFinishandOK.

    TIP:WhileyourehereyoumightaswelladdtheCertificateAuthoritysnapinand savethisMMCtoyourdesktopbecauseyoullneeditagaininthefuture. Torequestacertificateforyourserver(ifyoudontwanttousethedefault certificate)expandCertificates(LocalComputerAccount),Personal,andright clickCertificatesandselectAllTasks,RequestNewCertificate

    ClickthroughtheEnrollmentscreenschoosingthesettingsyoudesireforyour certificate.

    InstallingNetworkPolicyandAccessServices
    InWindows2008ServeryoucannolongerjustinstalltheInternetAuthentication Service(IAS)andhaveRADIUSfunctionality.YoumustnowinstallNetworkPolicy andAccessServices,whichnowincludeeverythingfromearlierversionsof WindowsserversuchasRRAS/IAS/etc,butnowincludesNAP(thinkNACfor Windows).WewillbeinstallingandconfiguringjustenoughtoenablePEAPand RADIUSfunctionalitywithourArubacontroller.SoonceagainheadtotheServer ManagerandAddaRoleselectingNetworkPolicyandAccessServicesandclick throughtheconfirmationscreen.

    SelectNetworkPolicyServer,RoutingandRemoteAccessServices,Remote AccessServiceandRouting.ClickNext,clickthroughtheconfirmationscreen

    andclickInstall.

    Installationwilltakeacoupleofminutesandpresentyouwithaninstallsummery. JustclickClose. NowthatNPSisinstalled,presstheStartbuttonandenternps.mscinthe commandfield.TheNPSMMCshouldopenupallowingyoutoselecttheRADIUS serverfor802.1XWirelessorWiredConnectionsInstallationWizardfromthe

    StandardConfigurationpulldownmenuandclickConfigure802.1X.

    FromtheSelect802.1XConnectionsTypepage,selectSecureWireless ConnectionsandclickNext.

    FromtheSpecify802.1XSwitchesscreenclickAddandenterthesettingsfor yourArubacontrollerandpressOK.

    FortheConfigureanAuthenticationMethodscreenselectMicrosoftSmartCard orothercertificateforEAPTLSorMicrosoftProtectedEAP(PEAP)forPEAP.I

    willbeselectingPEAPforthisexampleandclickConfigure

    Selecttheappropriatecertificatetouseforthisserver.Inthiscasewellusethe WLANDC.wlan.netcertificateandclickOK.

    FortheSpecifyUserGroupsscreenselecttheusersand/orgroupsyouwouldlike toallowwirelessaccess.ForthisexampleIamallowingallofmydomainusersby selectingtheDomainUsersgroup.IfIwanttoenforceMachineAuthenticationI needtoaddtheDomainComputersgroupaswellascheckingtheEnforce MachineAuthoptioninthedot1xpolicyonmyArubacontroller.ClickNextto continue. Note:GroupslistedhereareconsideredasanORstatement.

    ForthenextscreenyoucanclickNextandFinishorclickConfiguretoadd RADIUSattributesforServerDerivationrules.

    Forexample,youmaywanttomaptheDomainUserstotheemployee_roleon yourArubacontroller.YoucoulddothatherewiththeFilterIdattribute.

    Note:ThereseemstobeabuginWindowsifyoumesswiththeseattributestoo muchtheFilterIdattributevanishes.Ifthishappenscanceloutofthewizardand startover. PressNextandFinishtocompletethewizard.Thisshouldnowallowyouto authenticateusersagainstyourWindows2008Server.Totestyourconfiguration, sshtoyourArubacontrollerandconfigureittousethenewRADIUSserver. (MC800)>en Password:****** (MC800)#configureterminal EnterConfigurationcommands,oneperline.EndwithCNTL/Z

    (MC800)(config)#aaaauthenticationserverradiusnps (MC800)(RADIUSServer"nps")#host10.1.0.236 (MC800)(RADIUSServer"nps")#enable (MC800)(RADIUSServer"nps")#keyp@ssw0rd (MC800)(RADIUSServer"nps")#nasidentifierArubaMaster (MC800)(RADIUSServer"nps")#nasip10.1.0.250

    Nowtesttoseeifeverythingisworkingproperly.
    Authenticationsuccessful

    (MC800)#aaatestservermschapv2npstobiasqwerty12!@

    You might also like