Windows NPS Server Integration for 802.1X authentication with cnMaestro as Proxy

cnPilot APs do not provide any option to authenticate wireless users directly with Windows Active Directory server. We can make it happen through the Windows NPS policy. The solution work flow involves following steps:

1. Configure Windows AD


2. Configure NPS Policy


3. Integrate NPS with Windows AD


4. On cnPilot AP SSID configure external AAA pointing to NPS server


5. Wireless clients shall be configured with WPA2-Enterprise authentication, the EAP method can be one of the below supported protocols

1. EAP-PEAP (user name and password based authentication)
2. EAP-TLS (certificate based authentication)

Configuration:

User & Group Configuration on Active Directory:

USER:

Group:


Add Group to the User:

Network Policy Server Configuration:

RADIUS Client:

Network Policies:

a) USER Group

b)NAS Port Type

c) Add required Authentication Methods

d) Select supported Encryption:

Configuration on cnMaestro:

Create a WLAN:

Map NPS Server IP with correct shared secret used while creating RADIUS Client on NPS Server.

Map the WLAN to the required AP Group.

4 Likes

If I use cnMaestro Claoud, which IP address or DNS should I use when enabling RADIUS client?