Scribd Logo
Upload

Welcome to Scribd!

  • Using Microsoft Windows 2008 Server With Aruba PDF

    Uploaded by

    ChuongNguyen
    16 views36 pages

    Original Title

    Using+Microsoft+Windows+2008+Server+With+Aruba.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views36 pages

    Using Microsoft Windows 2008 Server With Aruba PDF

    Uploaded by

    ChuongNguyen

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 36

    UsingWindows2008WithArubaControllers

    Version1.0
    TobiasRice
    ThiswillbeabasicsetupusingWindows2008Servertoallowdot1xauthwithan
    Arubacontroller.Stepstohaveabasicinstallationinclude:
    1.
    2.
    3.
    4.
    5.
    6.

    Renametheserver
    SettingserverasDomainController
    InstallingCertificateServices
    RequestCertificates(optional)
    InstallingNetworkPolicyServices(previouslyIAS)
    CreatingGroupPolicies

    RenameTheServer

    SomethingdifferentaboutWindows2008Serveristhattheservernameisauto
    generatedandyouarenotgivenachanceduringtheinstalltonametheserverso
    youmustdobeforeinstallingActiveDirectoryorCertificateServices.
    IntheInitialConfigurationTaskswindow,clicktheProvidecomputernameand
    domainlink.

    EnteraComputerdescriptionandclicktheChangebuttontochangethe
    computername.IllbeusingWLANDCasmynameanddescription.

    EntertheComputernameandclickOKandrebootwhenprompted.

    SettingServerasaDomainController

    Forthisexamplewesetupanewforestforthewlan.netdomain.Server2008
    abstractsmostserverfunctionintoRolessowellbeaddingtheActiveDirectory
    DomainServicesRolewiththeServerManagerbyclickingRolesandclickingAdd
    Roles.


    SelecttheActiveDirectoryDomainServicesRole.

    ClickthroughtheconfirmationscreensandclickInstall.Youshouldgetseean
    installationprogressscreenandfinallyaninstallationsuccessmessagethatasks
    youtorunthecommanddcpromo.exewhichwillconfigureyourdomain.Soclick
    thelinktorundcpromoorclicktheStartbutton,selectRunandenter
    dcpromo.exe.YoushouldnowseetheActiveDirectoryDomainServiceinstall
    wizard.ClickNexttocontinue.

    ChooseCreateanewdomaininanewforestandclickNext.

    Forourexampledomainwellusewlan.net.ClickNextanditwillchecktoseeif
    thenameisalreadyusedonthenetwork.

    WhenaskedtosetwhichForestFunctionalLevelIusedthe2008level.

    ThenextscreenyoullseeisawarningthattheDNSserviceisntinstallandwill
    offertoinstallitforyou.JustclickNexttoacceptandinstall.

    Itwilldisplaythefollowingwarning,justclickYestocontinue.

    JustacceptthedefaultsandclickNext.

    NowyoullbepromptedtoenteraDirectoryServicesRestoreModeAdministrator

    Password.EnterapasswordandclickNext.

    ClickNextattheSummaryscreen.

    YoullnowseetheInstallationWizardinstallDNSandActiveDirectory.Checkthe
    Rebootoncompletionboxandoncethewizardfinishesitllrebootandbeready

    forthenextstep.

    InstallingCertificateServices

    ToenablePEAPorEAPTLSwellneedtoinstallCertificateServicestoenablea
    CertificateAuthority(CA)togenerateandsigncertificatesforourdomain.Again,
    addaRoleviatheServerManagerandselectActiveDirectoryCertificateServices

    andclickNext.

    ClickthroughtheconformationscreenandselectCertificationAuthorityand
    CertificateAuthorityWebEnrollmentwhichwilltellyouthatyoullneedIIStobe
    installedtousetheCertificateAuthorityWebEnrollment.ClickAddRequired

    RoleServicesandclickNexttocontinue.

    WhenpromptedforwhichtypeofCertificateAuthoritytoinstall,choose
    Enterprise.

    WhenpromptedforCAType,selectRootCAandclickNext.

    WhenpromptedtoSetUpPrivateKeyselectCreateanewprivatekeyandclick
    Next.

    WhenpromptedtoConfigureCryptographyforCA,acceptthedefaultsandclick
    Nextfortherestoftheconformationscreens.

    RequestCertificates(optional)

    NowthatwehaveourCertificateAuthority(CA)upandrunningwemaywantto
    requestacertificateforourAuthenticationServer.
    WellcreateaMicrosoftManagementConsole(MMC)thatwillallowustorequest
    andinstallthecertificateforourserver.PresstheStartbuttonandenterMMCin
    thecommandfieldtoopentheMMC.NextwelladdtheCertificate(ForLocal
    Computer)snapinbyclickingFileandchoosingAdd/RemoveSnapin.Select

    CertificatesandclickAdd.

    NowbesuretoselectComputerAccountandclickNext.

    ChooseLocalComputer,clickFinishandOK.

    TIP:WhileyourehereyoumightaswelladdtheCertificateAuthoritysnapinand
    savethisMMCtoyourdesktopbecauseyoullneeditagaininthefuture.
    Torequestacertificateforyourserver(ifyoudontwanttousethedefault
    certificate)expandCertificates(LocalComputerAccount),Personal,andright
    clickCertificatesandselectAllTasks,RequestNewCertificate


    ClickthroughtheEnrollmentscreenschoosingthesettingsyoudesireforyour
    certificate.

    InstallingNetworkPolicyandAccessServices

    InWindows2008ServeryoucannolongerjustinstalltheInternetAuthentication
    Service(IAS)andhaveRADIUSfunctionality.YoumustnowinstallNetworkPolicy
    andAccessServices,whichnowincludeeverythingfromearlierversionsof
    WindowsserversuchasRRAS/IAS/etc,butnowincludesNAP(thinkNACfor
    Windows).WewillbeinstallingandconfiguringjustenoughtoenablePEAPand
    RADIUSfunctionalitywithourArubacontroller.SoonceagainheadtotheServer
    ManagerandAddaRoleselectingNetworkPolicyandAccessServicesandclick
    throughtheconfirmationscreen.


    SelectNetworkPolicyServer,RoutingandRemoteAccessServices,Remote
    AccessServiceandRouting.ClickNext,clickthroughtheconfirmationscreen

    andclickInstall.

    Installationwilltakeacoupleofminutesandpresentyouwithaninstallsummery.
    JustclickClose.
    NowthatNPSisinstalled,presstheStartbuttonandenternps.mscinthe
    commandfield.TheNPSMMCshouldopenupallowingyoutoselecttheRADIUS
    serverfor802.1XWirelessorWiredConnectionsInstallationWizardfromthe

    StandardConfigurationpulldownmenuandclickConfigure802.1X.

    FromtheSelect802.1XConnectionsTypepage,selectSecureWireless
    ConnectionsandclickNext.

    FromtheSpecify802.1XSwitchesscreenclickAddandenterthesettingsfor
    yourArubacontrollerandpressOK.

    FortheConfigureanAuthenticationMethodscreenselectMicrosoftSmartCard
    orothercertificateforEAPTLSorMicrosoftProtectedEAP(PEAP)forPEAP.I

    willbeselectingPEAPforthisexampleandclickConfigure

    Selecttheappropriatecertificatetouseforthisserver.Inthiscasewellusethe
    WLANDC.wlan.netcertificateandclickOK.

    FortheSpecifyUserGroupsscreenselecttheusersand/orgroupsyouwouldlike
    toallowwirelessaccess.ForthisexampleIamallowingallofmydomainusersby
    selectingtheDomainUsersgroup.IfIwanttoenforceMachineAuthenticationI
    needtoaddtheDomainComputersgroupaswellascheckingtheEnforce
    MachineAuthoptioninthedot1xpolicyonmyArubacontroller.ClickNextto
    continue.
    Note:GroupslistedhereareconsideredasanORstatement.

    ForthenextscreenyoucanclickNextandFinishorclickConfiguretoadd
    RADIUSattributesforServerDerivationrules.

    Forexample,youmaywanttomaptheDomainUserstotheemployee_roleon
    yourArubacontroller.YoucoulddothatherewiththeFilterIdattribute.


    Note:ThereseemstobeabuginWindowsifyoumesswiththeseattributestoo
    muchtheFilterIdattributevanishes.Ifthishappenscanceloutofthewizardand
    startover.
    PressNextandFinishtocompletethewizard.Thisshouldnowallowyouto
    authenticateusersagainstyourWindows2008Server.Totestyourconfiguration,
    sshtoyourArubacontrollerandconfigureittousethenewRADIUSserver.
    (MC800)>en
    Password:******
    (MC800)#configureterminal
    EnterConfigurationcommands,oneperline.EndwithCNTL/Z

    (MC800)(config)#aaaauthenticationserverradiusnps
    (MC800)(RADIUSServer"nps")#host10.1.0.236
    (MC800)(RADIUSServer"nps")#enable
    (MC800)(RADIUSServer"nps")#keyp@ssw0rd
    (MC800)(RADIUSServer"nps")#nasidentifierArubaMaster
    (MC800)(RADIUSServer"nps")#nasip10.1.0.250

    Nowtesttoseeifeverythingisworkingproperly.

    (MC800)#aaatestservermschapv2npstobiasqwerty12!@

    Authenticationsuccessful

    You might also like