locked
Configure IAS to support authentication on a RADIUS server for WLAN (not sure if correct title) RRS feed

  • Question

  • Hi, first of all, Im not sure if I had the correct title. We were asked to setup a WLAN in our office and the authentication menthod is on a RADIUS server via IAS.

    FYI:

    1. We have 2 domain controllers DCO001 and DCO002 (primary is DCO002 physical server and secondary is DCO001 vm both Win2K3 SP2 32-bit)

    My first question is: Can I install this on the secondary DC since this is a vm, in case I get into trouble configuring this at least I can revert back to the original settings.

    or another option would be install/configure IAS on a non-domain controller but OS is Win2K8 R2 SP1?

    Besides installing/configuring which I saw in technet:

    http://technet.microsoft.com/en-us/library/cc780214%28v=ws.10%29.aspx

    BTW, we're using Cisco 2100 series controller

    Are there other things I need to be aware of before starting this configuration?

    Thanks

    Jeff


    • Edited by jeco Thursday, November 21, 2013 7:30 AM
    Thursday, November 21, 2013 6:46 AM

Answers

  • Hi Jeco,

    the IAS installation is pretty simple and I do not expect problems just because of the installation of that service. And it can be easily uninstalled as well.

    Btw: IAS is called NPS (Network Policy Server beginning with Windows Server 2008).

    I would recommend to install IAS/NPS on 2 servers and connect your Cisco controller to both of them for fail-over. IAS/NPS does not have a replication mechanism, so have to make the same configuration settings on both servers or to find a script copying the settings (IAS to NPS sync is different from a NPS to NPS sync script).

    If you want PEAP or EAP-TLS you need certificates as well. Domain controller certificates do the job.

    Regards,

    Lutz

    • Proposed as answer by Michael_LS Thursday, November 28, 2013 6:57 AM
    • Marked as answer by Michael_LS Friday, November 29, 2013 8:35 AM
    Thursday, November 21, 2013 4:38 PM
  • A Windows Enterprise CA is listed as pre-requisite in the article, or as I said you can use Domain Controller certificates. If you do not have a internal PKI you can request the certificate from a public CA,e.g. GoDaddy, Verisign.

    http://technet.microsoft.com/en-us/library/cc775816(v=ws.10).aspx

    http://technet.microsoft.com/en-us/library/cc772401(v=WS.10).aspx

    • Proposed as answer by Michael_LS Thursday, November 28, 2013 6:57 AM
    • Marked as answer by Michael_LS Friday, November 29, 2013 8:35 AM
    Monday, November 25, 2013 2:13 PM

All replies

  • Hi Jeco,

    the IAS installation is pretty simple and I do not expect problems just because of the installation of that service. And it can be easily uninstalled as well.

    Btw: IAS is called NPS (Network Policy Server beginning with Windows Server 2008).

    I would recommend to install IAS/NPS on 2 servers and connect your Cisco controller to both of them for fail-over. IAS/NPS does not have a replication mechanism, so have to make the same configuration settings on both servers or to find a script copying the settings (IAS to NPS sync is different from a NPS to NPS sync script).

    If you want PEAP or EAP-TLS you need certificates as well. Domain controller certificates do the job.

    Regards,

    Lutz

    • Proposed as answer by Michael_LS Thursday, November 28, 2013 6:57 AM
    • Marked as answer by Michael_LS Friday, November 29, 2013 8:35 AM
    Thursday, November 21, 2013 4:38 PM
  • I see, this could be one hell of a job but I need to make some research for this, haha, first time to do this. Will get back to you for feedback.

    Thanks and have a great day ahead

    Jeff

    Friday, November 22, 2013 2:28 AM
  • Hi, I followed this guide because it has the same scenario where I'm at:

    http://araihan.wordpress.com/2010/04/30/complete-guide-to-build-a-cisco-wireless-infrastructure-using-cisco-wlc-5500-cisco-1142-ap-and-microsoft-radius-server/

    and I'm on the part where I need to request for a certificate on the IAS server but this error came:

    Any ideas on this?

    Thanks

    Jeff

    Monday, November 25, 2013 9:16 AM
  • A Windows Enterprise CA is listed as pre-requisite in the article, or as I said you can use Domain Controller certificates. If you do not have a internal PKI you can request the certificate from a public CA,e.g. GoDaddy, Verisign.

    http://technet.microsoft.com/en-us/library/cc775816(v=ws.10).aspx

    http://technet.microsoft.com/en-us/library/cc772401(v=WS.10).aspx

    • Proposed as answer by Michael_LS Thursday, November 28, 2013 6:57 AM
    • Marked as answer by Michael_LS Friday, November 29, 2013 8:35 AM
    Monday, November 25, 2013 2:13 PM