This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Zone Director and NPS/Radius for Admin authentication

dave_bauman
New Contributor III

‎01-19-2019 08:26 AM

I am trying to find documentation on how to properly configure Windows(2016) Server with AD/NPS/Radius to authenticate administrators on our ZD (and eventually SZ) controllers.  We are NOT looking to authenticate WiFi users.

Are there any special attributes we need to add?  Assuming Service-Type:Login and removing any Framed statements(PPP) Anything else?  
15 REPLIES 15

gordon_taylor_6
New Contributor III
In response to dave_bauman

‎02-14-2019 06:57 AM

ok i got that if you want to delete it
0 Kudos

gordon_taylor_6
New Contributor III
In response to dave_bauman

‎02-14-2019 07:48 AM

Dave Bauman, you do ideally need an internal AD CA that issues certificates to your  NPS servers and probably your workstations and DCs too.  and the CA is in Trusted Root Certificate Authority on the connecting workstations ( which an AD CA Cert is automatically added to by AD to all domain joined workstations.)

to issue to workstations... 
GPO Computer Config > Policies >Windows Settings> Security Settings > Public Key Policies/Automatic Certificate Request Settings >  Automatic Certificate Request > Computer... 
0 Kudos

dave_bauman
New Contributor III
In response to dave_bauman

‎02-14-2019 07:52 AM

We don't really use AD for workstations or at all at this time.  We have a lot of gear in the field and are moving away from a single admin login/password as it has become unmanageable.  The only purpose for AD/Radius at this time is to authenticate our admins in the field.
0 Kudos

gordon_taylor_6
New Contributor III
In response to dave_bauman

‎02-14-2019 07:58 AM

fair enough i do use 802.1X for BYOD but the devices complain about the cert and windows PCs wont even connect unless you put the Root ADCA in the trusted root or use a publicly trusted cert (but not a wildcard) but then it complains about the name miss match... but it does work.... just a bit clunky on first connect.
0 Kudos

gordon_taylor_6
New Contributor III
In response to dave_bauman

‎02-14-2019 08:39 AM

thats my byod radius setup... not perfect but does work i don't think the vendor specific bit isnt needed i think that was me trying to use one NPS server for both computer auth and byod user auth in the end i split them
Image_ images_messages_5f91c46e135b77e247a833a3_61e0043dde9cdee0454f8154aa303956_RackMultipart2019021430233hwln-0e856a13-b8bc-445f-8394-adbd11ccb18a-2016717984.PNG1550162288
0 Kudos
Copyright © 2024 Khoros, LLC