Radius Server Wireless Authentication Notes

Jul 25, 2024

Radius Server Wireless Authentication with Windows Server 2016

Overview

  • Intermediate level course on configuring wireless authentication using Windows Server 2016.
  • Focus on domain controller setup, Active Directory, certificate services, and Network Policy Server (NPS).
  • Viewers should be familiar with wireless router settings and Windows Server basics.

Requirements

  • Home wireless modem/router with WPA/WPA2 enterprise security.
  • Windows Server 2016 Data Center installed (either directly or via Hyper-V).
  • Firmware updates may be needed for wireless devices.

Network Diagram

  • Domain Controller Configuration:
    • Windows Server 2016 with IP Address: 192.168.10.2
    • Connects to switch, which connects to wireless modem and laptop (test-PC-01).
    • Wireless setup will use RADIUS authentication to access resources and the internet.

Setting Up Windows Server 2016

  1. Login as local administrator.
  2. Change Server Name to test-cert and configure static IP:
    • IP Address: 192.168.10.2
    • Subnet Mask: default
    • Default Gateway: 192.168.10.10
    • DNS: point to itself.
  3. Install Roles and Features:
    • Go to Manage > Add Roles and Features.
    • Select:
      • Active Directory Domain Services
      • DHCP Server
      • DNS Server
  4. Configure DHCP:
    • Complete DHCP configuration to authorize.
    • Create DHCP scope:
      • Start IP: 192.168.10.50
      • End IP: 192.168.10.200
      • Set exclusion options and define DNS settings.

Creating Active Directory

  1. In Server Manager, promote to domain controller.
  2. Create a new forest with domain name: test.local.
  3. Set password and keep defaults during DNS options.
  4. Confirm installation and restart if necessary.

DHCP Pool Testing

  • Verify the DHCP pool is active and check if connected devices receive IP addresses.
  • Use IP configuration to ensure it resolves to the domain correctly.

Active Directory Configuration

  1. Create Organizational Units:
    • test-computers
    • test-users
    • test-groups
  2. Add Users and Groups:
    • Copy built-in admin user to create test-user.
    • Create a new group: WLAN-users.

Wireless Modem Settings

  1. Connect laptop to wireless network and ensure it receives the correct DHCP IP (e.g., 10.51).
  2. Set Reservations:
    • Add devices to DHCP reservations to maintain consistent IP addresses.
  3. Wireless Security Settings:
    • Disable WPS and enable WPA/WPA2-Enterprise.
    • Set RADIUS server IP and shared secret.

Installing Certificate Authority

  1. On Windows Server, add Active Directory Certificate Services role.
  2. Configure as enterprise CA with default settings.
  3. Request and install a certificate for the domain controller.

Setting Up Network Policy Server

  1. Add role for Network Policy and Access Services.
  2. Configure NPS for 802.1X authentication for secure wireless connections.
  3. Set the shared secret matching what is configured on the wireless modem.
  4. Ensure WLAN-users is included in the user group settings.

Testing Wireless Connection

  1. On laptop, connect to wireless network.
  2. Enter username and password for authentication.
  3. Verify connectivity by pinging the domain.
  4. Test using an iPhone to ensure mobile devices can connect seamlessly using the RADIUS authentication method.

Conclusion

  • Successfully configured a RADIUS server on Windows Server 2016.
  • Ensure all users can connect to the wireless network using secure authentication.
  • Encourage questions from viewers and remind them to like, share, and subscribe.