×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Authenticate wireless users with Active Directory and NPS

Unanswered Question
Nov 13th, 2014
User Badges:

We currently have a wireless infrastructure consisting of 2702i access points and a 5508 controller. We have a guest (Internet only) SSID and also a private (corporate) SSID. We are currently using PSK for the corporate wireless but I would much rather have users authenticate through Active Directory. I have Googled this and see some people say it is possible using Server 2008 R2 and NPS.

Has anyone ever successfully deployed this solution? If so, I would greatly appreciate information on how to configure this. One key thing to note is that we do have non-domained devices that will still need to authenticate against user accounts in AD.

Thank you in advance,

John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
George Stefanick Fri, 11/14/2014 - 07:34
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Hi John,

 

You will have some reading to do my friend. I will outline the key components and the process with some links. 

 

802.1X - 

You are looking to do 802.1X (EAP). Whereby you leverage a radius server NPS and authenticate users against a database, in this case AD.  If you never done this before. Know that you will need to configure the radius side and also the client side. 

http://technet.microsoft.com/en-us/library/cc759077(v=ws.10).aspx 

 

NPS - 

Configuration 

http://technet.microsoft.com/en-us/library/dd283091(v=ws.10).aspx 

 

EAP - 

You will have to select an EAP type. The most common and widely supported is EAP-PEAPv0. It supports MsChapV2. I might suggest leading with EAP-PEAPv0.

http://www.networkworld.com/article/2223672/access-control/which-eap-typ... 

 

WLAN - 

You will need to configure your WLAN as 802.1X.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configurati...

 

CLEINT -

You will need to configure your clients with PEAP.

https://supportforums.cisco.com/document/68096/peap-authentication-confi...

 

Hope this helps ..

 

 

John Woods Fri, 11/14/2014 - 19:36
User Badges:

George, thank you for the detailed reply. I will let you know how it goes.

Thank you,

John

Actions

This Discussion

 

 

Trending Topics - Security & Network