This article describes setting up Radius (Windows Server 2008 R2) authentication to work with Sophos UTM and with Sophos UTM Wireless devices. The following sections are covered:
Applies to the following Sophos products and versions Sophos UTM
Important: The Microsoft KB articles at the bottom of this article must be followed as well for the certificates to work properly.
This article is based on using a fresh install of Windows Server 2008 R2. This has been tested using Windows Server 2008 R2 with UTM 9 with the following Wireless Network configuration:
If you already have some of the below steps configured, please use this as a jumping off point for troubleshooting issues you may be having.
Windows Server required Roles & Features:
This article assumes the following:
Authorize your Network Policy Server with your Active Directory
Radius Client Setup:
Connection Request Policies:
Click Network Polices
Please make sure the certificate you are using has a valid subject as in the following screen shot:
You can use your current certificate but we recommend creating a separate RAS and IAS certificate template if your Radius server is on the same machine as your Domain Controller. If you renew your Domain Controller cert it can stop authentication via Radius
The following links point to a few Microsoft KB articles describing how to deploy a CA and NPS Server Cert. You must follow the below links in order. Remember, this document outlines a fresh configuration. Please tailor this section according to how you have your certificates setup.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.