This article describe how to configure RADIUS authentication (WPA/WPA2 Enterprise) in Wi-Fi Access Points
First step. Install “Network Policy and Access Services”.
In Server Manager use Add Role:
Check “Routing and Remote Access Services”
In “Select Role Services” windows check “Network Policy Server”:
“Next-Next-Finish” will install required component.
Second step. Configure Network Policy Server.
You can configure NPS from Server Manager or Administrative Tools (Network Policy Server Snap-In).
By default, NPS configured to log “Rejected authentication requests” and “Successful authentication requests”. You can change this settings by clicking right mouse button on “NPS (local)” node and check Properties menu field. Logging options is on the General page. You can check or change ports in Ports page.
Log file path can be changed in Accounting menu. This can help resolve connection error.
Now need to change default “Use Windows authentication for all users” policy in “Connection Request Policies” from “NPS (local) – Policies – Connection Request Policies” menu:
In last “Settings” page check “Authentication” and “Accounting” menu. In “Authentication” menu set “Authenticate requests on this server”. In “Accounting” – clear check box from “Forward accounting requests to this RADIUS server group”.
Add network policy in “NPS (local) – Policies – Network Policies” menu.
In fist “Specify Network Policy Name and Connection Type” page set Policy name:
In second “Specify Conditions” page add Windows Group that you want grant access:
In “Specify Access Permission” page check “Access granted”.
In “Configure Authentication Methods” page use “Add” menu to add “Microsoft: Protected EAP (PEAP)” authentication method” and uncheck all other authentication method:
Another step in this page. Check “Microsoft: Protected EAP (PEAP)” authentication type and use “Edit” button to select certificate:
Click “Next” twice to “Configure Settings” page. In “Encryption” menu unckeck all check boxes except “Strong encryption (MPPE 128-bit)”:
Finish creating network policy.
Step three. Add RADIUS client and register NPS server in Active Directory.
You should add RADIUS client from “NPS (local) – RADIUS Clients and Servers – RADIUS Clients” menu.
Add values in “New RADIUS Client” window. Friendly name, Address (IP or DNS) and Shared secret. In Advanced tab check RADIUS Standard:
Register RADIUS server in Active Directory by clicking right mouse button on “NPS (local)” and press “Register server in Active Directory”:
Step four. Configure Wi-Fi Access Point.
In Access Point setting set WPA/WPA2 Enterprise authentication method:
In RADIUS settings page add RADIUS server IP address, port 1812 (by default) and shared secret from previous step:
Configuration done. Now you can connect to Wi-Fi by using windows login and password.