hello everyone this is Jay and welcome to this YouTube video of radius server wireless authentication with Windows Server 2016 in this series we will be configuring a domain controller and testing it after that we will install Active Directory and certificate services along with Network policy server apart from this I will show you settings of my home wireless modem and you can use any other wireless router or modem which can support WPA or wpa2 enterprise security I will be making some changes to my home wireless router so please check your user manual if you're not able to find these settings on your actually home router or wireless modem so level of this video series I would say this course is an intermediate level course so I expected you know a little bit about wireless router modem settings so that you can go back to your wireless router or modem and change some or tweak some settings basics of Windows Server 2016 installation apart from these requirements you need home wireless modem or router with wpa wpa2 enterprise security Windows Server 2016 data center desktop experience installed on your windows or in hyper-v or actually installed on a server windows computer with Wi-Fi so we can test our setup so now let's have a quick look at the network diagram that we have so we I we have this Windows Server 2016 and then it's gonna be a domain controller we will be having a DHCP server on it and active directory certificate authority configured NPS radius server configured and I'm gonna name it to test or local so the IP address of this is going to be 192 168 or 10.2 and he's got it's connected to a switch here and then switch it there's a wireless modem is connected to the same switch and then I've got this laptop here which has Wi-Fi on it I'm gonna name it a test - PC or one and this one will be connected to Windows Server 2016 domain controller and after that this is gonna or I will connect this test - PC to wireless mode and with the help of radius of authentication it is going to access all the resources from the server and it is going to access Internet as well through this wireless and with the help of radius server authentication alright so let's get started so I've logged into Windows Server 2016 with the local administrator account and now if I click on local server I have changed the name as well of the server I have named renamed it to test - cert apart from that I also with ipv4 address I have it was DHCP by default so I have changed it to static IP address so let's have a look on that it's still loading at the moment here we go so now we can see Ethernet and 192 168 10.2 if I click on that it's going to open another window here we can see actually the IP address has been changed from DHCP to a static IP address all right here we are if I double click on the Ethernet adapter and properties and ipv4 properties it will show me that the IP address was changed from DHCP to static IP address here we are so the IP address that I have changed 10.2 I kept the subnet mask default and default gateway is my default gateway from where I'm getting internet at the moment 10.10 and the preferred dns I named this one as a DNS and DNS so what actually NS over after that so I'm gonna close this for now and let's click on Tools sorry managed and we're gonna add roles and features you can skip this one by default click Next so what we're gonna install now click Next we're going to install on to this server next and the option that we are going to pick is Active Directory domain services so these are the whole bunch of tools that it's offering us we're gonna add these tools as well apart from this we will she pick DHCP server and DNS so all right so we will click Next so we don't need any extra features and wiki we're keeping everything default next it's the confirmation I usually check the restart option and install so it's good it will take like few minutes and I will be back once this is done all right good news insulation has succeeded so we will close that and then on the triangle we're gonna click on the triangle and then we will click on promote it so what what domain controller a new window is gonna come up here we are and then we're gonna add a new forest and then we gonna name it test dot local all right and then click Next so here I'm really happy with the default options and I will enter a new password here and then we click Next so DNS options we can't create the DNS delegation at the moment but that's not a problem so we can ignore that and NetBIOS name it we'll pick an advise name on the basis of the domain name there you are so next and we are keeping everything defaults now and the next next these are the warnings that it is showing so which is fine so press click install alright folks I pause the video and it actually signed me out and once it sounds you out after the installation of domain controller and then you sign back in with your administrator account and now server manager is up and the next step I will do is I will configure DHCP on the server to configure DHCP if you click on the that yellow triangle and then complete the click on complete DHCP configuration and after that click Next and authorize the server so use the following credentials it's using administrator account then commit so it has authorized the as a DHCP server and click on tools and click on DHCP so we are going to create a new DHCP pool in IP ipv4 right so extend that ipv4 click write.the right-click and new scope and I'm going to name it test clients next and start IP address is 10.50 and an IP address is 192 168 10 200 and click Next and exclusions up to you if you want to add some and then I'm happy with that yes I want to configure these options now please and default gateway for me is 10.10 I will add this next and here is DNS server which is already added this is a domain controller but I would like to add another the DNS and I will add it me just make sure the domain controller dns has to be at the top and next when servers I don't have any wind servers yes I want to activate this scope now next finish so scope is activated so now we're going to test our DHCP server if it's working or not with another Windows 10 computer all right so if we look at the ipv4 scope and then server extend the scope and in address lizzi's you will find any device which is connected to the network at the moment I have connected one computer and it has picked up that computer so let's test our domain controller I will connect to this computer which is up in 10 I think I guess yep win 10 so I will connect to this device and then I will add it to my domain so what we do is so let's open Active Directory users and computers and let's create some organizational units and groups and one user and one computer so in here let's extend this and click Add top test a local right-click and new we will create organizational unit and I will name it test - test computers and the next one I'm going to name new organizational unit test uses and there's going to be another one new organizational unit test groups click OK in computers I will create a new computer new computer I will name it tests - PC or one ok and users going to with the user users I am going to copy one user from the built-in users it's going to be administrator so copy and name it test logon name as well test and next so it cannot be changed so just password for it next finish and then I will move this user to the test users yes in the test groups I will create a new group call it let's call it WLAN users okay and this user add to a group I will add to WLAN users okay so this part is done so I will connect to this computer now and then all right I have logged on to 10.50 so let's test few things open come online so in command line ping test dot local so it film it will make sure that our DNS is working so when are we pinging test or local it's resolving our IP address to 10.2 alright so if we check the IP as well so our Ethernet adapter IP it's getting from test dot local and ipv4 is 10.50 and all these information is coming from our DHCP server so which means our Active Directory domain controller and DHCP and DNS everything is working fine so we can connect this computer to domain as well so I change settings and then here let's call it test - PC or one and domain which is test dot local ok so now it's going to prompt for the username and password so administrator and then enter password so this is going to our domain machine as well from this machine we're gonna access our Wi-Fi restart it alright now let's have a look at the wireless modem settings and so that you can tweak these settings accordingly if these settings aren't similar so please check the manual use a menu of that wireless router or modem so now I have plugged in let's have a look in our DHCP what IP it has got it has got 10.5 won so I'd like to do a few things also what I would like to do is I would like to make it an add to the reservation list so this has been added to reservation so the IPA this will never change so we don't want these IP address to be changed so because we have to enter the client IP address in our next step and now so as soon as I have added it to the reservation list and the next thing I can do it I can add it in the DNS list as well so let's open our DNS and then what we do is in DNS open the tree extended and in forward look up zone click on test or local or you the name that you have picked up for your domain controller right click here and then add new host and then name it I'm gonna name it accordingly cuz its TD w 8 9 8 0 you think will conform in my DHCP TD - W 8 9 8 0 TD - W 8 9 8 to 0 IP address that we have is one nine two one six eight dot 10.5 1 and then click on add host so this host has been added here done so we have client IP address and the name so minimize that I'm connecting to my client that I have added the other computer test - PC oh one and then OpenEdge or any other browser that you like and I would like to go to one and two one six eight dot 10.50 one the reason why I could browse to that address let's have a look the reason being I'll show you why I could browse to that address because I logged into my router my wireless router modem before and I have tweaked some settings here so in system tools and here I have got manage control okay here I have tweaked one settings which is I clicked on remote so I can control remotely so if I look at the status and it has got one nine two one six eight ten dot fifty-one IP address all right so apart from that what you have to do is I will click on wireless 2.4 gigahertz and I'm going to change some settings here okay I read the user manual because in user manual it should ask me to disable WPS settings so I have disabled that and which makes me to enable wpa wpa2 Enterprise authentication enable otherwise I couldn't enable it before so please video user manual and now let's click on wireless security and here I'm going to make some changes so this is the IP address I have already entered so I just make sure that you have the right radius server IP which I have got 10.2 and the radius server password so this password we are going to enter onto our server soon and then that's about it so really server port so we are keeping it default because we are not going to change that port on radius server but if you're changing your port on radius server so just make sure you enter that same port here so it can talk to radius server so it just saved these settings and let's go back and then we're going to install certificate authority role on to Windows Server 2016 so I'm back to Windows Server 2016 which is our domain controller click on Tools no tools click on manage and add roles and ya next next and we pick we're picking first one Active Directory certificate services and then click Next so we don't need any extra features click Next Next and certificate authority next restart the server but it I'm not I'm very sure that it's not gonna restart just install so I will be back once this is done ok so now click on this yellow triangle and then click on configure Active Directory certificate services okay and speaking of these credentials I'm happy with that next click on certificate authority and then click Next setup type enterprise click Next and root CA click Next oops I just hit the microphone and create a new private key click Next we'll be picking sha-1 and rest I'm keeping the default click Next CA name I'm gonna get rid of this thing here so we don't have that there and then click Next validate the period 5 is very happy with that we can increase it if you want certificate database I'm keeping it at default as well so this is the changes that we're making configure and it's going to configure soon and alright this is done so close and the next step is we we will be requesting a certificate and we will install the certificate onto the domain controller to do that in command line windows R and then go to MMC click OK and file add snap in so that snap in we will be adding these certificates add for local computer finish ok so you can save it as well click on personal certificates and then request new certificate click Next sorry next and then domain controller enroll done finish so we have we will see another certificate here till 2nd a tenth of second 2019 so that's a client authentication certificate ok ok so now we're going to add another role manage add roles and features next next role is going to be on this local computer will be network policy and access services all right so we have added all this and click Next and we don't need any extra bit click Next Next and restart it's not going to restart but I've clicked it anyway so install this will be quick as well so once this is done I will be back ok so roll is successfully installed and click on close tools Network policy server and it's going to open new window for us to configure select video server for 802 X dot X 8'o 2.1 x and then configure aro 2.1 x and we will like to configure it for secure wireless connections all right I'm keeping the name default click Next add various clients so here we're going to add our radius client as you know that friendly name I would like to pick TD - w8 980 so that's the name that we have added in DNS as well so we'll copy that and I paste it here ok as you know that we have added this in our DNS system as well so if you go to CMD and ping TD - w8 980 so its resolving the IP address ok because we have added manually edited our DNS so I'm gonna minimize that and let's verify this results so this is resolving the IP address ok ok alright so before you click ok so we need a shared secret so make sure this secret it matches to the sheer secure that we have entered onto the wireless modem click okay next and I would like to pick Microsoft protected PE ap if we click on configure it has already picked a certificate so that certificate X are expiring in 2019 it's the same certificate that we have that the certificate that we requested okay and then next user groups which use a group you would like to add I would like to add WLAN users okay so that group has the test user that we have created okay next next and done if you look at previous we don't have to do any configuration here okay next and finish so now our radius server is up and running as well so it's time to test our connection so I'm going to going back to on my laptop all right so now so it's tp-link 2.4 gigahertz so that's wireless 2.4 gigahertz tp-link I would like to select that and connect so it will prompt me for user name and password so that knows user name and password is the test user and enter the password click OK so we are getting the certificate let's have a look at the details ok this server thumbprint ends with E 708 1b Connect there you go up and running and connected so we had a look at that certificate thumbprint and if we go back to our server and let's have a look at the certificate file and remove snapping certificates add computer next local computer finish and click ok so here we have in personal we have that certificate which is expiring in 2019 and if you double click on that and you click on details and in here if you scroll down nearly to the bottom and you check the thumbprint ends with E 7 or D 1 B so this has given that certificate and it has authenticated with the help of certificate and with our user that we created earlier test user alright now we're going to test on a smartphone so I have my iPhone on me and I'm gonna connect it and let's see how it goes connecting my phone tp-link 2.4 gigahertz typing my username which is tested at test or local and I'm gonna type in my password as well and now if I'm gonna hit on join so it's gonna prompt for the certificate if we check the details of the certificate at the bottom of the certificate we can see this thumbprint of the certificate which is matching with our server certificate so it's all good so it is connected as well ok it is connected let's test the connectivity if I browse to 192.168.1.5 t1 let's see what happens ok so there you go as you can see you can see the login screen of the wireless and network prata and also if I browse to TD - w8 980 dot test dot local so that's a DNS name that we have n earlier as you can remember so let's stop me in HTTP so here you go so there you go so it's all working and functional now all right so that's all for today if you have any questions please ask an are more than happy to help don't forget to Like share and subscribe see you guys