Search This Blog

Sunday, January 8, 2012

802.1X Wireless Authentication Windows 2008 R2 Infrastructure Configuration - Part2

<Part 2>
DC - Create Wireless Group Policy
CA - Create the Server Cert for NPS server
NPS - Export NPS Server Cert and CA Cert

7. In CA, Create a RAS Certificate for Network Policy Service
Click Start and select Run
Type mmc and click OK
Go to Fileà Add/Remove Snap-ins
Add Certificate Template and Certificate Authority

Create a server certificate for the NPS server
Select Certificate Template
Right-click on the RAS and IAS Server and select Duplicate Template

Select "Windows Server 2008 Enterprise"
In the General tab, enter a name for this template and change Validity period if you want
In the Request Handling, check "Allow private key to be exported"
This setting is very important
This certificate needs to be exported with private key later to install to Aruba.

In the Security tab, allow "Autoenroll" for RAS and IAS Servers

Selecct Certificate Template of CA 
Right-click on the template created in previous steps 
Select "Certificate Template to Issue"

8. In DC, Create and Configure XP Wireless Network Group Policy
Create a new Group Policy called Wireles Network (IEEE 802.11x) and edit it
Computer Configuration --> Windows Settings --> Security Settings --> right-click on the Wireless Network Policy and select "Create A New Wireless Network Policy for XP
My configuration is for XP.

Right-click on New XP Wireless Network Policy and select Properties
Select the Preferred Networks tab

Click Add... and select your wireless networks SSID
Select the network you just added and cick Edit...
Confirm WPA2 and AES is selected for Authentication and Encryption respectively

              Select "Microsoft: Protected EAP (PEAP) and click Settings...
Check your Certificate Authorities. This should be in a format like%Mydomain%-%CAServerName%-CA where Mydomain is your domain name and CAServerName is the server name that holds the Certifiate Authority role
The Wireless Network (IEEE 802.1X) Group Policy has been created
Now add Wireless Group to the Wireless Network (IEEE 802.1X) Group Policy

9.       In NPS, export NPS Cert and CA cert so that they can be installed to Aruba
Start à Run à mmc à File menu à Add/remove Snap-ins
Add Certificates (Computer account, Local computer)

Select Personal and Certificates
Locate and right-click NPS_ServerCert
Select All Tasks à Export

Certificate Export Wizard will start
Make sure "Yes, export the private key" is selected
You need the password when you install the cert to Aruba

Remember the password you enter here.
You need it when you install the cert to Aruba

Put a name and select the location to export the cert

Now export CA Cert
Select Trusted Root Certification Authority and Certificates
Select the CA cert

Select "DER encoded binary X.509 (.CER)
Put a name and select the location to export

Once these two certs are imported to Aruba, the configuration completes.
You may need to run the gpupdate command on a test machine before testing.