This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wireless Radius Authentication to Windows 2012r2

Hi,

We just got a pair of AP100s for our UTM9.

I'm also making a switch from Apple Open Directory to Active Directory.  I have my AD server up and running (and working).  I enabled Radius and got it working; it works for VPN clients.  However, Wifi clients will not authenticate.  They worked when using the Open Directory radius server, but once I switch over to AD, VPN still works but wireless does not.

I found all sorts of posts about settings in various version of windows server, some mention adding conditions that match the SSID, some mention adding policies in Windows under "Connection Network Policies", which seem to be different somehow than "Network Policies" but I'll be damned if I can figure out what the difference is or why I would need to set parameters in one, the other, or both.  But none of them work.

Again, radius seems to work as my VPN clients can authenticate fine.  Wireless is a different story.

Could someone point me to actual working settings as set in Window Server Standard 2012r2 that work for wifi AND wireless radius clients?

Thanks!

Jeff



This thread was automatically locked due to age.
  • Update (clue?):

    Windows Server reports "The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server."  I see all sorts of posts about expired certificates, but our cert is fine (expires later this year).  Also tried changing MTU for both Network Policies and Network Connection Policies to 1344 to no avail.

    Thanks,

    Jeff

  • OK, more info. Also asked this on microsoft forums, but since I'm trying to get my AD server to talk to my UTM I'll post it here too.  Even though all the KB articles refer to 2008 (not 2012) for some reason, it seems from them I need to get certificates "connected" (for lack of a better term) to radius somehow.  So...I want to enable CA in server 20912r2 so I can do this. I have an existing certificate used to help connect to a Remote Desktop server. This certificate is untrusted, for internal only, and I imagine only exists because windows requires it.  I have no idea how the consultant who set up our server got it in there.

    If I use the Add Server Roles function and add a CA so I can try to get Radius working with wireless, will this delete/invalidate/make-stop-working the "untrusted" certificate I already have?  The cert is named Machinename.domain.local, and it seems the CA wants to end in domain.local as well. Will this cause me problems?

    If someone could please please please answer me one way or the other so I can either follow help pages and blogs to work through this or get the consultant to redo the server "right" I would REALLY appreciate it.  Been going in circles for two days now.

    Thanks,

    Jeff

  • Found it!  Yes, you have to turn on CA in Windows 2012 and add PEAP to the authentication methods for the network security. whew.

  • I am having similar issues with getting my APs working as.  Any check you found a good set of instructions on how to set these up via the UTM for Windows 2012 R2.  I have my CA/NPS roles installed and configured.  My Merkai APs are working finew with Radius just can't get these Sophos ones to work.  Any help?

    When I do a test from my UTM to my RADIUS Server I get Error: error sending packet. send failed.

    I can ping and communicate to my RADIUS Server from the UTM...any thoughts?