06-14-2012 04:29 AM - edited 11-18-2020 02:59 AM
Configuring Microsoft NPS (Network Policy Server) / (Internet Authentication Service) IAS as Wireless LAN Controller (WLC) RADIUS Server
This goes through client and user certificate generation via Cert Templates as well as client auto-enrollment of certs through group policy. Also, cert template creation for the NPS server itself.
Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization. In addition, you can use NPS as a Remote Authentication Dial-In User Service (RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS servers that you configure in remote RADIUS server groups.
NPS allows you to centrally configure and manage network access authentication, authorization, and client health policies with the following three features:
You can configure NPS with any combination of the preceding features. For example, you can configure one NPS server to act as a NAP policy server using one or more enforcement methods, while also configuring the same NPS server as a RADIUS server for dial-up connections and as a RADIUS proxy to forward some connection requests to members of a remote RADIUS server group for authentication and authorization in another domain.
To configure NPS as a RADIUS server or a NAP policy server, you can use either standard configuration or advanced configuration in the NPS console or in Server Manager. To configure NPS as a RADIUS proxy, you must use advanced configuration.
When you use advanced configuration, you manually configure NPS as a RADIUS server, NAP policy server, or RADIUS proxy. Some wizards are provided to assist you with policy and NAP configuration; however, these wizards are opened from the NPS folder tree in the NPS console rather than from the Getting Started section in the details pane of the console.To configure NPS by using advanced configuration, open the NPS console, and then click the arrow next to Advanced Configuration to expand this section.The following advanced configuration items are provided.
http://technet.microsoft.com/en-us/library/cc732912.aspx
There is an entire section dedicated to configuration of PEAP and EAP certificates and their requirements as well as pushing client configurations out through group policy. “Most” of this stuff should be handled by a Windows Administrator or their Domain Admin, however it really helps put the pieces of the puzzle together from our end. I will get this added to our page as well.
Setup NPS from scratch for a basic configuration Appendix B page 153 is the start of the NPS configuration.
Hi, can someone update this for windows server 2016? I don't have NAP as an option anymore.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: