Shulou(Shulou.com)06/02 Report--

The company has an old Windows 2008 Server. On the weekend, I hung up on Monday because of the latest update patch for Windows. Beans tried to restore the snapshot but there was still a problem. This server is configured with NPS, which is mainly used for login authentication in wireless networks and some switches. It hasn't been restored for 2 hours, so the beans might as well reconfigure one. After all, Windows 2008 is also a system that should be eliminated.

Found a ready-made Windows 2008 R2 server, spent more than 2 hours to configure it, and tested the wireless network login successfully.

The basic steps are as follows. If it's too simple, just skip the basics. mark the areas you need to pay attention to so as not to forget:

Install and configure a server for issuing certificates within a domain (install IIS and ADCS)

Prepare a new NPS server and install the corresponding Feature

Configure certificate templates and issuance

Modify group policy automatic renew certificate

Configure the NPS server

Configure WLC

test

The first two steps are too simple, with a graphical interface all the way to Next installation, so skip it.

Step 3:

Log in to mmc, open the certificate server, and then manage certificate templates. Select RAS and IAS Server template copy, and name the new certificate NPS.

The properties of the NPS template can be set according to your needs. Pay attention to check Publish certificate in Active Directory

Check Autoenroll

If you are not sure about compatibility, use the default setting

Then in the CA interface, select Certificate Template to Issue and sign the template you just configured

Next, you need to configure some group policies to ensure that the certificate can be updated automatically.

Click Default Domain Policy, and select ComputerConfiguration, Policies, Windows Settings, SecuritySettings, Public Key Policies in order

The configuration is as follows

Next, switch to the NPS server and select Register Server in Active Directory

After a moment, execute gpupdate / force with administrator privileges on the NPS server

Switch back to CA to see if the certificate has been successfully issued. If it has been successfully issued, it means that the basic NPS server environment has been set up.

The basic environment is set up, and the next step is to configure it. I actually had a backup of the configuration file before, which can be imported directly, but here, for completeness, use the wizard to go over it again.

Configuring Radius consists of two parts. First, configure Radius Client, then configure the corresponding Policy.

The following client configuration

The following is how to generate Policy through the wizard

The final effect

The NPS configuration is complete, and the final step is to modify some WLC.

Log in to WLC and add a new Radius server

Then specify the new AAA server on the corresponding WLAN

test.

Log in to iPhone and prompt to install the certificate

Log in successfully

Limited by space, the screenshot above is limited to the most critical steps and the process of sorting out the entire configuration.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.