Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 12088 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wireless Radius Authentication to Windows 2012r2

JeffCooper

Hi,

We just got a pair of AP100s for our UTM9.

I'm also making a switch from Apple Open Directory to Active Directory.  I have my AD server up and running (and working).  I enabled Radius and got it working; it works for VPN clients.  However, Wifi clients will not authenticate.  They worked when using the Open Directory radius server, but once I switch over to AD, VPN still works but wireless does not.

I found all sorts of posts about settings in various version of windows server, some mention adding conditions that match the SSID, some mention adding policies in Windows under "Connection Network Policies", which seem to be different somehow than "Network Policies" but I'll be damned if I can figure out what the difference is or why I would need to set parameters in one, the other, or both.  But none of them work.

Again, radius seems to work as my VPN clients can authenticate fine.  Wireless is a different story.

Could someone point me to actual working settings as set in Window Server Standard 2012r2 that work for wifi AND wireless radius clients?

Thanks!

Jeff



This thread was automatically locked due to age.
Parents
  • 0

    OK, more info. Also asked this on microsoft forums, but since I'm trying to get my AD server to talk to my UTM I'll post it here too.  Even though all the KB articles refer to 2008 (not 2012) for some reason, it seems from them I need to get certificates "connected" (for lack of a better term) to radius somehow.  So...I want to enable CA in server 20912r2 so I can do this. I have an existing certificate used to help connect to a Remote Desktop server. This certificate is untrusted, for internal only, and I imagine only exists because windows requires it.  I have no idea how the consultant who set up our server got it in there.

    If I use the Add Server Roles function and add a CA so I can try to get Radius working with wireless, will this delete/invalidate/make-stop-working the "untrusted" certificate I already have?  The cert is named Machinename.domain.local, and it seems the CA wants to end in domain.local as well. Will this cause me problems?

    If someone could please please please answer me one way or the other so I can either follow help pages and blogs to work through this or get the consultant to redo the server "right" I would REALLY appreciate it.  Been going in circles for two days now.

    Thanks,

    Jeff

Reply
  • 0

    OK, more info. Also asked this on microsoft forums, but since I'm trying to get my AD server to talk to my UTM I'll post it here too.  Even though all the KB articles refer to 2008 (not 2012) for some reason, it seems from them I need to get certificates "connected" (for lack of a better term) to radius somehow.  So...I want to enable CA in server 20912r2 so I can do this. I have an existing certificate used to help connect to a Remote Desktop server. This certificate is untrusted, for internal only, and I imagine only exists because windows requires it.  I have no idea how the consultant who set up our server got it in there.

    If I use the Add Server Roles function and add a CA so I can try to get Radius working with wireless, will this delete/invalidate/make-stop-working the "untrusted" certificate I already have?  The cert is named Machinename.domain.local, and it seems the CA wants to end in domain.local as well. Will this cause me problems?

    If someone could please please please answer me one way or the other so I can either follow help pages and blogs to work through this or get the consultant to redo the server "right" I would REALLY appreciate it.  Been going in circles for two days now.

    Thanks,

    Jeff

Children
No Data
Unfiltered HTML