Super tutorial! If I can add a little note here. During the creation of your GPO you added the AD group to the GPO, which is good. Authenticated users was still in there and it actually overrules your AD group because the GPO will automatically be applied to any authenticated user/computer in that OU. In order to prevent this and only apply the GPO to any computer within the AD group , you have to go to the "Delegate" tab in your GPO => Click "Advanced" (bottom right) => Click "Authenticated users" => Deselect "Apply Group Policy"
Nice tutorial but you should check your ports. 1812 is used for auth, 1813 is accounting. 1645 and 1646 are old ports (pre RFC standardization) which should not be used/needed.
Having less knowledge on networking, your tutorial gives me more understanding of where I need to click and look for my System Administration tasks. Thanks mate
I haven't had time to test this but I've built out a few RADIUS controlled wifi networks, but my first with Unifi this week. I'm used to only adding the controller of a wifi system to the RADIUS clients but I think that's what I was missing when my config wasn't working. This a great tutorial from start to finish. Thanks for taking the time to demonstrate and share this.
This video was very good, but there are a few things that I had to change. No, you don't need the Remote Access Server role installed. It won't keep it from working, but it's not related either. In the video, PEAP is chosen for authentication on the NPS role. If you choose this, users will be prompted for username / password. Instead, you want Smart Card or other certificate. I'm not sure how it worked in the demo unless Smart Card or other certificate was also in the list at a higher priority?? As others have shared, the ports are wrong for UniFi controller to connect to the NPS Server. Authentication is on port 1812 & 1645. Accounting is 1813 & 1646. Otherwise, great explainer and got me up and running on RADIUS. Thanks!
I have taken your advice here but are still having problems with the "Enter username & Password " dialogue box popping up even though i have selected " Smart card / certificate" in the NPS role ( and nothing else). just have no clue how to move this on. This computer based authentication is something i desperately need. I do not want to user authenticate as that will defeat the object of what i'm trying to achieve. ( get mobile phones off the corporate network without having to MAC filter everything) What Alexander described is exactly what i need just struggling to get it to work. All machines are win10 server 2019
@@imfuctifino did you verify the Windows 10 computers trying to authenticate have a cert issued by the domain certificate provider? There should be a machine cert under Personal --> Certificates
@@sethkilley Thank you so much , this has partially solved the problem for me. I really appreciate you pointing me in the right direction. The certificates are not being issued automatically I am having to request a new certificate on each client PC and i'm fairly confident doing that isn't something i should have to do but at least once its issued it works great.
I had to revert to PEAP for this to work. It did not work with Smart Card or other certificate even with certificates issued automatically. It gave error: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
No, you don't need the USG. I don't run a USG in my lab, currently I am running an ASA on my home network and pfSense in my lab. You just need the Unifi controller.
Alex, thank you for this video! My first watch through I overconfidently skipped the part at 5:04 and spent the next hour troubleshooting the RADIUS config. Thanks for highlighting all steps.
Thanks for the great video. Works like a champ. In the video you didn't configure the Remote Access role. Why do we need to install it anyways? Does the Radius need any services of this role?
Fantastic video - was having trouble getting this configured for a while. Super clear and easy to follow, thanks so much for saving me from any more headaches! :D
it's really nice video and allow me to ask one question, why you don't use smart card or certificates when you create NPS policy? I though that it's going to authenticate computer account with Certificate? I noticed that you just choose PEAP instead? why do we need remote access windows feature to install together with NPS and CA?
great video thanks to him I just configured authorization via RADIUS I have one question - can I configure a WIFI network for guests without a Unifi gateway?
I knew this was possible just couldn't figure it out! Thank you so much for taking the time and making this video super easy to follow along. I hope you keep it up. Best wishes!
You mentioned at 7:51 you mentioned jotting down a KEY. Where do you put this key for the cert? Or did you mean something related to the same key used for the Ubiquiti side?
Great video Alex...worked perfect! As you suggested, I would like to have Radius installed in a utility Win 19/22 server. Do I need to have the CA installed in the same server? I already have CA role installed in the Primary domain controller server.
I think there's an error when creating the RADIUS server entries in Unifi. The second auth server at 1813 should not work since that's the accounting port. The first accounting server at 1812 should not work since that's the auth port. So auth should be fine but accounting may retry until it hits the second entry, depending how Unifi does failover.
I have a pair of Dell PowerEdge R420s. 64GB Ram each and dual Xeon E5-2430Ls. Both 420s have 4x 2tb hard drives in a RAID5 array. I have a Dell MD1200 that I am hoping to bring online soon as well.
Thanks! That is why I built this out at day job. We had too many people connecting their personal devices to the corporate network and no way to control it. Now they cannot do that. It works fairly well too.
Thank you sir for the great video I have a query, If I follow this tutorial how could I achieve the requirement to setup Radius server for Wireless Users Authentication. I need to set up RADIUS for our Wireless Access Points (APs). The challenge I'm facing is RADIUS server is separate machine and I need guidance on how to properly link the AD with the RADIUS server which the requirement is to create on Separate machine. Could anyone help me understand the additional steps involved in configuring RADIUS server and how to integrate the AD and RADIUS? (Does the Radius Server could be the Domain User and then it integrate as well? What would be the configuration at AD and Radius for integration) I would appreciate a detailed breakdown of the additional configurations needed on both ends. If you have any documents, guidelines, or videos that could walk me through the process, that would be immensely helpful. I’ve been unable to find the right resources so far.
Thanks for the video! It has helped me enormously. Could you show how it works with the certificate on the switches from Unifi? So the wired version instead of the wireless? I would like to allow or disallow clients the same way on the LAN on the switch. Unfortunately, my computer always tells me that it can't authenticate. I just can't get anywhere.
Great video! However, I did run into a roadblock. We aren't on-prem and are using Azure, therefore, I am unable to set group policies. Do you have a guide on doing this in Azure?
Have you ever tried this using UAPs at a different site and subnet than the RADIUS server (but connected via site-to-site VPN)? I'm finding that it doesn't work at the remote sites and I'm reading that the UAPs always send the packets over WAN and not the VPN... I've seen where people had this issue and only could get it to work by exposing the RADIUS ports publicly and using the public IP in the Unifi controller. Not crazy about that idea... hoping ubiquity fixes this in an update one day...
Hello, I have configured the radius server and it works. On the session I have the button to connect but I also have the possibility of entering another login / mdp how to prevent this? THANKS
Hi, nice tutorial, in this case your authenticating computers, but, is it the same to authenticate users over L2TP when logging from outside the premises?
Hi, I just followed your guide. It's great, thank you. However, the SSID is not showing up on my android. Haven't tried iphone yet. Only my 802.1X networks are not showing up. Do you by chance have a guide or any info on how to get that setup?
Awesome video! Could you do one for those of us who are using a windows server vm with aadds? I have a S2S vpn connection from a vnet in azure to my udm pro. Do I still need the remote access role for this?
Nice Video tx! How to you do for Smartphones since they wont' show up in AD? Also: you focus on "how to do it" but do not explaining why and what are things for... like - why a certificates : isn't the fact that the computer is in the right AD group enough? - and in Unifi you said "you need to activate "accounting" "... but why and what is that for? explainations like that tx!
Curious why you need RAS installed? working on setting up Unifi to use our existing PKI environment. it has been working previously with a Cisco WLC. we didn't need the RAS role for that in the past. Thanks!
@Alexander I have been fiddling around with this. We do have a UNIFI controller running and already an old RADIUS profile but I wanted to shift it to our application server (rather than the DC as you mentioned). Everything works fine up until the moment I want to register the NPS with the active directory. That option is greyed out. The server is member of the domain (duh) and member of the RAS and IAS Servers group in AD. I am logged in as Domain Admin. Am I missing something here? Greetz!
Very good video. I followed it but I get this error: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
Hello, Please I would like to know, when configuring the Radius Client in the AD DS server, in the video you add the IP address of the Unified Access Point. I want to know if instead of adding the APs, you add the IP of the unified controller that contains those APs. If this is possible, how do we proceed? What are the prerequisites?
So I was able to get RADIUS Auth working for VPN, but I have never gotten this to work, your video showed me what I was missing....However I have a question, can I run this on the same Policy server as the VPN Auth? or should I use a different server for this service>
It'll probably ask for a username and password, but with this exact config it won't work because there are no users that are part of the lab auth group
My azure certificate wizard does not have Enterprise CA as an option, only Standard CA (Enterprise CA is grayed out and I cannot select it). Do I have to join the new server VM to Azure AD first? I run my unifi controller on an Azure VM ubuntu server. I placed the new windows server in the same resource group on Azure.
Hi , yes is possible, instead of add computers to the auth group I added users and then just configure the policy in the GPO, I only configured inside User configuration>Policies>windows settings>security settings>public Key policies> Certificate Services Client-Auto-Enrollment as shown in the video. After all that , for connect to the wifi use the active directory credentials of each user added in the auth group.
i follow step by step but does'nt work. Problem is. i have firewall.. what we do in control panel whether i need firewall configuratiion. Normal unify network is working but via radius server not
Follow up. I tried selecting configuration options I thought seemed correct and the Unifi server became non-responsive. :) I removed my configuration and all is good again. My server keeps displaying a warning that I need to go through the 'Post-Deployment Configuration'. Would be nice to configure it in such a way that it works and satisfices Server 2019. Thx again, great video!
I got lost at 11:46 since I don't have active directory. Do you have a link that I can follow for workgroup servers? Also, would this method work to authenticate Android phones with EAP2-Enterprise too?
hi, thanks for sharing it. if i want to put my radius server in a perimeter network, whats port i need to forward? i want to put a radius server in a azure or aws and i did forward 1812 udp but it dont auth my wifi. could you help me please? tks again
Not really a Proxmox guy haha, have spent a ton of time in VMware. Although with them being acquired by Broadcom, who knows, that might change things for me.
So i need to apply Radius profile for each AP or Switch? Am I correct? Switch i mean Wired Auth. What if i would like to use dynamic Vlans for specific ADgroup, lets say ive got marketing, HR where there is totally different subnet assigned on each department.? Can solve it somehow?
Hi, I tried as VLAN but the result was unsuccessful, I couldn't find a source. I did not have a problem with the default network, I successfully installed it, but when I want to VLAN, RADIUS does not verify. I was able to do it with WPA password authentication as VLAN. Did you solve it?
![Securing RADIUS with EAP-TLS [Windows Server 2019]](http://i.ytimg.com/vi/SgAjEuCAFzE/mqdefault.jpg)
![BOWKYLION - วิงวอน (ex-change) [Official MV]](http://i.ytimg.com/vi/cLdnZWDaO-w/mqdefault.jpg)
Super tutorial!
If I can add a little note here.
During the creation of your GPO you added the AD group to the GPO, which is good. Authenticated users was still in there and it actually overrules your AD group because the GPO will automatically be applied to any authenticated user/computer in that OU. In order to prevent this and only apply the GPO to any computer within the AD group , you have to go to the "Delegate" tab in your GPO => Click "Advanced" (bottom right) => Click "Authenticated users" => Deselect "Apply Group Policy"
Awesome, after reconfiguring the GPO by your good point everything works well. Thanks
Nice tutorial but you should check your ports. 1812 is used for auth, 1813 is accounting. 1645 and 1646 are old ports (pre RFC standardization) which should not be used/needed.
Having less knowledge on networking, your tutorial gives me more understanding of where I need to click and look for my System Administration tasks. Thanks mate
This is how all tech videos should be done! 5/5. Keep up the good work. Thank you, Alex!
I haven't had time to test this but I've built out a few RADIUS controlled wifi networks, but my first with Unifi this week. I'm used to only adding the controller of a wifi system to the RADIUS clients but I think that's what I was missing when my config wasn't working. This a great tutorial from start to finish. Thanks for taking the time to demonstrate and share this.
This video was very good, but there are a few things that I had to change. No, you don't need the Remote Access Server role installed. It won't keep it from working, but it's not related either. In the video, PEAP is chosen for authentication on the NPS role. If you choose this, users will be prompted for username / password. Instead, you want Smart Card or other certificate. I'm not sure how it worked in the demo unless Smart Card or other certificate was also in the list at a higher priority?? As others have shared, the ports are wrong for UniFi controller to connect to the NPS Server. Authentication is on port 1812 & 1645. Accounting is 1813 & 1646. Otherwise, great explainer and got me up and running on RADIUS. Thanks!
I have taken your advice here but are still having problems with the "Enter username & Password " dialogue box popping up even though i have selected " Smart card / certificate" in the NPS role ( and nothing else). just have no clue how to move this on. This computer based authentication is something i desperately need. I do not want to user authenticate as that will defeat the object of what i'm trying to achieve. ( get mobile phones off the corporate network without having to MAC filter everything) What Alexander described is exactly what i need just struggling to get it to work. All machines are win10 server 2019
@@imfuctifino did you verify the Windows 10 computers trying to authenticate have a cert issued by the domain certificate provider? There should be a machine cert under Personal --> Certificates
@@sethkilley Thank you so much , this has partially solved the problem for me. I really appreciate you pointing me in the right direction. The certificates are not being issued automatically I am having to request a new certificate on each client PC and i'm fairly confident doing that isn't something i should have to do but at least once its issued it works great.
I had to revert to PEAP for this to work. It did not work with Smart Card or other certificate even with certificates issued automatically. It gave error: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
Thanks for this, I changed to smart card or other certificate and works now!!!!
First video showing that USG is not mandatory when configuring UniFi APs with RADIUS server. Very helpful.
No, you don't need the USG. I don't run a USG in my lab, currently I am running an ASA on my home network and pfSense in my lab. You just need the Unifi controller.
@@thecybersecuritymindset Do I setup with the ip addresses of each UAP I have in the building or just the address of the controller?
@@moondawson2165 all APs
Alex, thank you for this video! My first watch through I overconfidently skipped the part at 5:04 and spent the next hour troubleshooting the RADIUS config. Thanks for highlighting all steps.
Glad it was helpful!
Than kyou, this went over a lot of prerequisites that a lot of other guides fail to mention
Thanks for the great video. Works like a champ. In the video you didn't configure the Remote Access role. Why do we need to install it anyways? Does the Radius need any services of this role?
good question, any answer to this?
Fantastic video - was having trouble getting this configured for a while. Super clear and easy to follow, thanks so much for saving me from any more headaches! :D
it's really nice video and allow me to ask one question, why you don't use smart card or certificates when you create NPS policy? I though that it's going to authenticate computer account with Certificate? I noticed that you just choose PEAP instead? why do we need remote access windows feature to install together with NPS and CA?
Thanks for this. I'm going to be setting the same up at home and since I haven't installed in radius for 15 odd years it's a good refresh.
Glad I could help
great video thanks to him I just configured authorization via RADIUS I have one question - can I configure a WIFI network for guests without a Unifi gateway?
Great video, just what I needed. Still I have a question, why do you need Remote Access role in this case? You left that one unconfigured. Thanks!
I was wondering this too as don't see why it's needed.
I knew this was possible just couldn't figure it out! Thank you so much for taking the time and making this video super easy to follow along. I hope you keep it up. Best wishes!
You're so welcome!
hi,
perfect video.
So only the certificate on the system and then the Clients can connect to the wifi without any password?
Hi Alexander, this video helped me a lot configuring RADIUS with Unifi network for our enterprise. Thank you for the instruction. Grts Lars
Glad to hear it!
You mentioned at 7:51 you mentioned jotting down a KEY. Where do you put this key for the cert? Or did you mean something related to the same key used for the Ubiquiti side?
Great video Alex...worked perfect! As you suggested, I would like to have Radius installed in a utility Win 19/22 server. Do I need to have the CA installed in the same server? I already have CA role installed in the Primary domain controller server.
I think there's an error when creating the RADIUS server entries in Unifi. The second auth server at 1813 should not work since that's the accounting port. The first accounting server at 1812 should not work since that's the auth port. So auth should be fine but accounting may retry until it hits the second entry, depending how Unifi does failover.
great video, thanks for sharing!!. trying to set this up but on user accounts, how do set up the auto enrollment bits for the user accounts?
Worked perfectly! Saved me hours of work! Thank you for doing this Alex
Hello Alexander, thank you for the video. it worked for me ! I have one question please, can i use a users group instead of using group of PCs ?
worked like a charm, thank you.. but why did you install Remote Access Role, you never touched on it or configured it.
Hello There. Thank you for the video. Really helpful. Just curious to know what hardware are you using for your lab to host VM's?
I have a pair of Dell PowerEdge R420s. 64GB Ram each and dual Xeon E5-2430Ls. Both 420s have 4x 2tb hard drives in a RAID5 array. I have a Dell MD1200 that I am hoping to bring online soon as well.
Very useful video, extremely useful to prevent personal devices connecting to the WiFi eating bandwidth.
Thanks! That is why I built this out at day job. We had too many people connecting their personal devices to the corporate network and no way to control it. Now they cannot do that. It works fairly well too.
Great video, Is there a way you can use this for mobile phones? e.g adding a mac to a radius server?
Excellent!! but i can't use this way in my company, because we has 40% Macintosh for UI/UX.
Well done mate! Straight forward & to the point. Keep up the good work!
Thank you sir for the great video I have a query, If I follow this tutorial how could I achieve the requirement to setup Radius server for Wireless Users Authentication. I need to set up RADIUS for our Wireless Access Points (APs). The challenge I'm facing is RADIUS server is separate machine and I need guidance on how to properly link the AD with the RADIUS server which the requirement is to create on Separate machine. Could anyone help me understand the additional steps involved in configuring RADIUS server and how to integrate the AD and RADIUS? (Does the Radius Server could be the Domain User and then it integrate as well? What would be the configuration at AD and Radius for integration)
I would appreciate a detailed breakdown of the additional configurations needed on both ends. If you have any documents, guidelines, or videos that could walk me through the process, that would be immensely helpful. I’ve been unable to find the right resources so far.
GREAT VIDEO , I WANTED TO SET THE Wi-Fi authentication to prompt for a username and password of users on the domain
Were you able to do this?
@@JohnGroninga oh yeah 😎
Thanks for the video! It has helped me enormously. Could you show how it works with the certificate on the switches from Unifi? So the wired version instead of the wireless?
I would like to allow or disallow clients the same way on the LAN on the switch. Unfortunately, my computer always tells me that it can't authenticate. I just can't get anywhere.
This was wonderful and easy to follow. Thank you!
Great video! However, I did run into a roadblock. We aren't on-prem and are using Azure, therefore, I am unable to set group policies. Do you have a guide on doing this in Azure?
Awesome Video. Thanks for this. This was exactly what I was looking for.
The certificate you created and used it through gpo for windows clients.. can it be for smartphones without any huddles ?
Smartphones automatically pull the certificate and ask you to accept it, on the Android side, you need to select the certificate type as verification.
Have you ever tried this using UAPs at a different site and subnet than the RADIUS server (but connected via site-to-site VPN)? I'm finding that it doesn't work at the remote sites and I'm reading that the UAPs always send the packets over WAN and not the VPN... I've seen where people had this issue and only could get it to work by exposing the RADIUS ports publicly and using the public IP in the Unifi controller. Not crazy about that idea... hoping ubiquity fixes this in an update one day...
Wow. Very impressive. Very good tutorial with all the steps that are really understandable.
Sir Alexander the video is excellent. Hower, Can we use this gpo on users??
This video is very good. I have a question, will work if I don’t install AD CS service?
Hello, I have configured the radius server and it works. On the session I have the button to connect but I also have the possibility of entering another login / mdp how to prevent this? THANKS
appeciate your efforts , the linux pc is the unifi wireless ap kindly update , there is not require any physical AP
You sir .... are a legend. Take that W bro.
Thanks!
Hi, nice tutorial, in this case your authenticating computers, but, is it the same to authenticate users over L2TP when logging from outside the premises?
Hi, I just followed your guide. It's great, thank you. However, the SSID is not showing up on my android. Haven't tried iphone yet. Only my 802.1X networks are not showing up. Do you by chance have a guide or any info on how to get that setup?
Can you make a video on how to set up 802.1X with Unify switches?
Thank you for the video! How would I authenticate domain user instead of domain computer? Would I need a different type to certificate?
Yeah I'm wondering this. Or a mobile device.
Did you try this solution please?
Any updates here?
Thanks for the video. what about devices that are Azure AD joined only?
Cool! Now with dynamic vlans please...
Awesome video! Could you do one for those of us who are using a windows server vm with aadds? I have a S2S vpn connection from a vnet in azure to my udm pro. Do I still need the remote access role for this?
Very well done! Thanks for the good work.
Nice Video tx!
How to you do for Smartphones since they wont' show up in AD?
Also: you focus on "how to do it" but do not explaining why and what are things for... like
- why a certificates : isn't the fact that the computer is in the right AD group enough?
- and in Unifi you said "you need to activate "accounting" "... but why and what is that for?
explainations like that
tx!
Curious why you need RAS installed? working on setting up Unifi to use our existing PKI environment. it has been working previously with a Cisco WLC. we didn't need the RAS role for that in the past. Thanks!
I curious as well. Also he didn't cover the RAS setup in this video
@Alexander
I have been fiddling around with this.
We do have a UNIFI controller running and already an old RADIUS profile but I wanted to shift it to our application server (rather than the DC as you mentioned).
Everything works fine up until the moment I want to register the NPS with the active directory. That option is greyed out.
The server is member of the domain (duh) and member of the RAS and IAS Servers group in AD.
I am logged in as Domain Admin.
Am I missing something here?
Greetz!
I think what registering only does is adding the NPS server to that group.
can you show what certificates are installed on radius server and the client (manually with csr request)....and what certificates does gpolicy push?
Very good video. I followed it but I get this error: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
I dont usually comments but man u r too good
Hi just one Question, what if the domain has a CA Authority Root already...?
Kind Regards!
Nice tutorial. What if I'll use same server for RADIUS and for Unifi controller? Is it Possible?
Firewall rules are already added automatically for NPS. But I had to add them manually again for some reason.
Hello, Please
I would like to know, when configuring the Radius Client in the AD DS server, in the video you add the IP address of the Unified Access Point.
I want to know if instead of adding the APs, you add the IP of the unified controller that contains those APs.
If this is possible, how do we proceed? What are the prerequisites?
So I was able to get RADIUS Auth working for VPN, but I have never gotten this to work, your video showed me what I was missing....However I have a question, can I run this on the same Policy server as the VPN Auth? or should I use a different server for this service>
Hi Thanks for great tutorial.
Why are you creating the GPO (12:21)?
Do I have to do that?
BR
What about non domain-bound devices, like connecting an iPhone to the WiFi?
Hi there, is there anyways to add printers under the LDAP in Windows Server 2016?. Your reply is very much appreciated
How does this work with non-windows clients, like Chromebooks that may not have a computer account in AD?
It'll probably ask for a username and password, but with this exact config it won't work because there are no users that are part of the lab auth group
Love this, thank you so much helped out alot.
very good explanation, thank you
How do I configure it for user account instead of computer account
My azure certificate wizard does not have Enterprise CA as an option, only Standard CA (Enterprise CA is grayed out and I cannot select it). Do I have to join the new server VM to Azure AD first? I run my unifi controller on an Azure VM ubuntu server. I placed the new windows server in the same resource group on Azure.
Is there anyway to create a GPO that I can apply to users instead of computers?
Hey
I can manege to fix 902 but not with VPN at the same time. I dont understand what im doing wrong
Is it possible to authenticate domain users without adding the computer as member of the group, but instead, users within the domain controller?
Thanks for the video Alex. Is it possible to perform the authentication by username instead of by computername?
Hi , yes is possible, instead of add computers to the auth group I added users and then just configure the policy in the GPO, I only configured inside User configuration>Policies>windows settings>security settings>public Key policies> Certificate Services Client-Auto-Enrollment as shown in the video. After all that , for connect to the wifi use the active directory credentials of each user added in the auth group.
@@ataron123 are you using it ?
i follow step by step but does'nt work. Problem is. i have firewall.. what we do in control panel whether i need firewall configuratiion. Normal unify network is working but via radius server not
i have issue with radius server, client not reconnecting after restart
I can't seem to find the part where you configure the 'Direct Access and VPN (RAS)' after adding the 3 services. What options should be selected? Thx!
Follow up. I tried selecting configuration options I thought seemed correct and the Unifi server became non-responsive. :) I removed my configuration and all is good again. My server keeps displaying a warning that I need to go through the 'Post-Deployment Configuration'. Would be nice to configure it in such a way that it works and satisfices Server 2019. Thx again, great video!
I got lost at 11:46 since I don't have active directory. Do you have a link that I can follow for workgroup servers? Also, would this method work to authenticate Android phones with EAP2-Enterprise too?
Apart from the fact that I have smoke coming out of my ears, great video! BTW I emailed you yesterday. Please can you reply on way or t'other? Thanks
Thanks Nick! I received your email and replied last night.
hi, thanks for sharing it. if i want to put my radius server in a perimeter network, whats port i need to forward? i want to put a radius server in a azure or aws and i did forward 1812 udp but it dont auth my wifi. could you help me please? tks again
Excellent, very useful
what about setting multisite authentication for sites having their own authentication server but fail over
Can you set this up to use Azure AD auth via the NPS server for a VPN in Ubuiqiti
will this worn on phones to connect to wifi?
How do I install the certificate on a tablet ? or MAC?
Well done. Thank you
Thanks!
FYI, you do not need the remote access role installed. Just NPS. I am not sure why every guide is adding this unnecessary step.
You isntall RAD and not configure it. Why its installed?
Are you adding the IP of each Ubiquity Access Point in the RADIUS Clients or are you adding the IP of the UniFi Controller?
No!... I think he added only the IP of the Unifi Controller, since that controls all the access points
@@ernestmensah727 i guess he added both
How does client get to connect if they don't have the certificate?
Thank you so much
You're most welcome
I did everything step by step but the WiFi clients are unable to connect to the WiFi.
Cmon mate atleast use Proxmox over ESX..
I liked and subbed btw cheers for video.
Not really a Proxmox guy haha, have spent a ton of time in VMware. Although with them being acquired by Broadcom, who knows, that might change things for me.
I think It should ask to enter the username and password (from AD account) before you can get in to the WIFI
Great video thanks
Thanks!
Can I just use a self generated cert from Powershell or do I need a CA?
what's the diff ?
Why puting same server 2 times on diferente ports ? It not enough first port?
2 different ports, for two different protocols if I recall. Have to back and re-watch the video, this was a while ago.
So i need to apply Radius profile for each AP or Switch? Am I correct? Switch i mean Wired Auth. What if i would like to use dynamic Vlans for specific ADgroup, lets say ive got marketing, HR where there is totally different subnet assigned on each department.? Can solve it somehow?
Hi, I tried as VLAN but the result was unsuccessful, I couldn't find a source. I did not have a problem with the default network, I successfully installed it, but when I want to VLAN, RADIUS does not verify. I was able to do it with WPA password authentication as VLAN. Did you solve it?
@Barış SAKIZLI yeap i did solve it. So ive got dynamic vlans with cert authentication :)
Top!
you helped me a lot! tnaks!
Very welcome!