Discussion:
802.1x windows server 2008 NPS
(too old to reply)
Joe C
2009-05-26 20:48:56 UTC
Permalink
Hello,
I am attempting to configure a stand alone radius server to authenticate to
active directory. My active directory box is a 2008 box as well. The end
goal is to have wireless users authenticate to the radius server and be
placed on a vlan based on the active directory credentials they use. If
someone could give me tips or point me to a good how to guide, that would
help me so much. I have been looking on google and while I did find some
good examples none told me how to configure it with vlans assigned to
groups. Thanks so much!
James McIllece [MS]
2009-06-03 19:27:36 UTC
Permalink
Post by Joe C
Hello,
I am attempting to configure a stand alone radius server to
authenticate to active directory. My active directory box is a 2008
box as well. The end goal is to have wireless users authenticate to
the radius server and be placed on a vlan based on the active
directory credentials they use. If someone could give me tips or
point me to a good how to guide, that would help me so much. I have
been looking on google and while I did find some good examples none
told me how to configure it with vlans assigned to groups. Thanks so
much!
NPS can instruct the APs to assign users to a VLAN if you use the correct
attributes in NPS network policy.

Basically you create groups in AD that correspond to the VLAN you want the
user assigned to, and then create the network policy so that membership in
a specific group is required to match the policy. Then make sure you add
the VLAN attributes to the policy.

Obviously the APs must be compatible with 802.1X and RADIUS and must be
VLAN-capable too.

The following Web page has links to multiple NPS resources:

Network Policy Server for Windows Server 2008,
http://technet.microsoft.com/en-us/library/cc753655(WS.10).aspx

The VLAN information is in the NPS Help on the box and on the Web, and it's
also in the NPS technical reference.

Also, just for future reference, the Windows Server 2008 and WS08 R2
Technical Library is the source for the most recent and accurate Microsoft-
produced content for Windows Server 08 technologies. The library is at
http://technet.microsoft.com/en-us/library/dd349801(WS.10).aspx

**************************

James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
Joe C
2009-06-15 20:48:33 UTC
Permalink
Thank you very much for the information.
Just wondering if you have any information on how to achieve a single sign
on for wired networks in a windows domain using 802.1x?
Joe
Post by James McIllece [MS]
Post by Joe C
Hello,
I am attempting to configure a stand alone radius server to
authenticate to active directory. My active directory box is a 2008
box as well. The end goal is to have wireless users authenticate to
the radius server and be placed on a vlan based on the active
directory credentials they use. If someone could give me tips or
point me to a good how to guide, that would help me so much. I have
been looking on google and while I did find some good examples none
told me how to configure it with vlans assigned to groups. Thanks so
much!
NPS can instruct the APs to assign users to a VLAN if you use the correct
attributes in NPS network policy.
Basically you create groups in AD that correspond to the VLAN you want the
user assigned to, and then create the network policy so that membership in
a specific group is required to match the policy. Then make sure you add
the VLAN attributes to the policy.
Obviously the APs must be compatible with 802.1X and RADIUS and must be
VLAN-capable too.
Network Policy Server for Windows Server 2008,
http://technet.microsoft.com/en-us/library/cc753655(WS.10).aspx
The VLAN information is in the NPS Help on the box and on the Web, and it's
also in the NPS technical reference.
Also, just for future reference, the Windows Server 2008 and WS08 R2
Technical Library is the source for the most recent and accurate Microsoft-
produced content for Windows Server 08 technologies. The library is at
http://technet.microsoft.com/en-us/library/dd349801(WS.10).aspx
**************************
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Loading...