Help with setting up a radius server for BYOD devices RRS feed

  • Question

  • I have setup a RADIUS server with server 2012 r2 following this guide.


    Its a little hard to understand his accent but I get the gist of it from what he's doing on screen.

    The only difference is that i chose to not use certificates since i would like my iphone and laptop that is not on the domain to be able to connect using my network username and password. (simulating BYOD) So I chose to use EAP-MSCHAP v2 (which doesnt require a client cert?) I do have a CA on another server just in case I need it. I'm currently using it for SSL WSUS.  I am using a Cisco e4200 dual band wifi router which does support WPA Enterprise.  I am using windows 8.1 on my laptop and ios 7 on my iphone 5. I did not manually create a profile like you see in the video because I would like it to work just entering in my network credentails like you would for a typical BYOD device and phone.

    When I try to connect using my domain username and password on either my laptop or iphone it fails to connect and I am not sure why. Since its using 802.1x do I need switches that support 802.1x? I just have a dumb switch at the moment just a typical 8 port dlink gigabit consumer grade switch. Overall it seems fairly simple to get this setup and working but I must be missing something since I cant seem to connect.

    Any ideas on how to use RADIUS in server 2012 r2 to connect to a typical wifi router which does support wpa2 enterprise and then getting my iphone and laptop which are not domain joined to connect as BYOD devices?


    Saturday, November 23, 2013 8:16 PM

All replies

  • Hi,

    First, you can check the logs.

    EAP-MS-CHAP v2 is available only with PEAP. 

    Understanding 802.1X authentication for wireless networks


    In order to eliminate if the switch causes the issue, you can pass by it.

    Connect wireless Access Point with NPS directly.

    Hope this helps.

    Monday, November 25, 2013 8:52 AM
  • When I check the logs there are no logs available so it appears its not even getting that far.  I can't do a direct connect because the NPS server is a VM and I don't have any more NICs available.
    Monday, November 25, 2013 6:00 PM