Hi and thank you for this tutorial. May I ask if its possible to make a "Timed Connection" for each clients who are connected to the network? I would be nice if it limits them to connect like 1-2 hour(s) a day.
Thank you so much, brother, great content!! . Note: If someone is having issues make sure to also open the inbound firewall port UDP 1812 on your server, and if you have a network firewall also make sure it allows that same traffic from the wireless AP to the Radius Server.
BROTHER!! You are so awesome!! Your video is great! keep up the work! Perfectly edited, you made sure we dont waste time. I am a person who never comments on any video or likes or subscribes. But I have done all this because your work impressed me. The explanation is clear and precise.
Excellent Video!!! Thank you so much for making this, I’ve been trying to do this for years and all the videos I follow something doesn’t work. Follows the instructions In this video and now my wifi is using a fully functional radius server. Thanks so much
It would be beneficial to provide concise explanations for the addition of certain roles and features. This way, the audience can better understand the purpose of these steps. Additionally, some users may find it unclear how to establish connections or create another virtual machine linked to the server for testing its functionality. Anyways, thank you for creating this video.
man I really appreciate it, I spent hours trying to do it without on my own. I was missing the certificate part, I didn't know it was required. Even though that I have enabled all authentication methods. Thank you very much.
Very detailed and excellent video. Dear we have some quires will you please help us out. We have Multiple VLAN's for Multiple SSID's all VLAN's are in different IP pools. So kindly guide us if we define multiple IP scope for multiple SSID's how user can authenticate to their particular specific SSID ? Waiting for your response.
Thank you sir for the great video I have a query, If I follow this tutorial how could I achieve the requirement to setup Radius server for Wireless Users Authentication. I need to set up RADIUS for our Wireless Access Points (APs). The challenge I'm facing is RADIUS server is separate machine and I need guidance on how to properly link the AD with the RADIUS server which the requirement is to create on Separate machine. Could anyone help me understand the additional steps involved in configuring RADIUS server and how to integrate the AD and RADIUS? (Does the Radius Server could be the Domain User and then it integrate as well? What would be the configuration at AD and Radius for integration) I would appreciate a detailed breakdown of the additional configurations needed on both ends. If you have any documents, guidelines, or videos that could walk me through the process, that would be immensely helpful. I’ve been unable to find the right resources so far.
Great video. Can you please offer advice on how to install a certificate from a trusted CA so that mobile clients are not asked to Trust the CA when connecting?
I am sorry, it seems like I missed this comment. Yes, there is a way. However, you can create Wi-Fi profile and can be managed with any MDM solution. This is a bit complex and a lot is involved in it.
Thank you. You have to do that if your NPS server is different than the DC. In this case, I did not have to register because of TEST-CERT01 is a DC itself and it has the permission to read the dial-in properties of user accounts during the authorization process.
Hello, I have configured the radius server and it works. On the session I have the button to connect but I also have the possibility of entering another login / mdp how to prevent this? THANKS
it was in detailed video, thanks for sharing. what if i just want the laptops that are in domain only be able to connect in that case i think we will set the local computers group instead of users. but if we dont add user groups how the username and password will work to connect???
Thank you for the great tutorials! I am pretty green when it comes to certificates. So it looks like the GPO will automatically renew the certificate. But what about on the domain controller/CA? I assume when those certificates are close to expiring i'll have to manually go in and create/renew the certificate?
Normally you would create a Root CA on a laptop (OR cheap Raspberry PI) and Create a life Intermediate CA instead. The laptop (Raspberry Pi) should be shutdown put into a safe and only be used when renewing that intermediate CA.
Great video, I can get communication when I’m on the normal net but it doesn’t work on the enterprise net any tips? Also I had to put the router in bridge mode for communication to occur
Hi, this is a really great video. I was thinking of applying this a similar concept using username and password only for a College for Students to access resources with their personal machines, and not the domain computers. What would I have to change to make this happen. I'd prefer to not have to use certificates for the students' laptops.
Big Ric Than you. For Radius authentication you supposed to have a CA in action. It will be user auth for students BYODs and computer auth for domain joined devices.
@@TekNexSolutions Thanks for replying, but let me ask this, is there some issue(s) with Windows 10 clients requiring a certificate and causes problems to connect to these types of public Wi-Fi with RADIUS auth? I can see Android devices not having this issue, I'm asking as I have a college Wi-Fi network to deploy in the fairly distant future and smooth student connectivity is an area of contention for me.
@@hennessy6996 Android, IOS, macOS and Win 10 Client uses the Windows Radius Authentication in a similar fashion. As demonstrated in the video, when you connect the client and it prompts to trust the Certificate from your CA. Once you do that and connection works as it supposed to be. This method is widely deployed in different production environments that I know of personally, we are talking anywhere between 1500 to 60,000 end users. Have you faced any issues?
@@TekNexSolutions About 9 months ago I tried this and had problems with the Win10 clients requesting credentials repeatedly without ever connecting, I'm picking this up again as I'll have to deploy soon. I'm even thinking of dynamic VLANS with some Aruba Networks switces for wired clients as the existing IT team is very inexperienced. I'll be labbing it out over the next 2 weeks.
Hi, this is a great video. I appreciate your content. Question though, is there any way to avoid the prompting of the certificate notice during the authentication process?
Yes, there is. If you install the root cert on the machines. However, on BYO devices you won't be able to install the root cert since you don't manage those devices.
Amazing Video with Smooth Process. Why td-w8980.test.local device level setup is missing in this video ? this device is windows server or a windows client machine ?
On which minute did you found that? The accesspoint is named “TD-W8980”. The Windows Server is named “TEST-CERT1” and the windows 10 client is named “Win10”. test.local is the local domain, so for example “TD-W8980.test.local” is the accesspoint inside the domain and “Win10.test.local” is the Windows 10 Client inside the domain. Have a nice weekend and greetings KeineChancee
Excellent guide! However, I - for whatever reason - cannot get mine to work. It is stuck on "Checking Network Requirements". Event viewer reveals repeated 802.1x authentication restarts. Our DHCP is currently running on our Meraki firewall, with the DNS running on DCs. Any idea what might be the cause?
How would guest connect their macOS when policy is computer based with certificate authentication? How would guest get/request certificate and where to place in macOS.
Hello Jay, Thank you for your video. I'm having issues connecting to the wifi network. Everytime i fill in my credentials it loads and sends me back to where i need to put in the credentials, without giving me an error message. When i test this with the built in authentication tester in my AP it does work... I'm using a Ruckus zoneflex r510.
Brian Boere Hi Brian, Have you triend another client, may be a phone could be a good test? Does the same problem occur on other devices as well? Tester checks the radius server only, which means there is no issue with the radius authentication. Once you hit connect from a client, server should offer a certificate. Let me know if the issue is same accross different devices.
Thanks for this! Quick querry, i have my mx84 act as dhcp server, i am able to authenticate from nps but not getting an IP, appreciate if you can give light on this, thanks!
I have a problem. We would like to allow only domain computers and when the NPS authenticates the computer it need toi asks for username and password, but when we add the group( Domain computers/Users in the same policy the NPS does not allow access. If we create 2 separate policies this one does not ask for password since the domain computer is already authenticated with cert. Any help
I see mostly tutorials on how to do authentication with a domain user. Is there a tutorial or an easy way to do this with a certificate by itself? I was reading about TLS authentication, which i think would work. We've got several thousand chromebooks, and a new wifi network we're deploying. I don't really want to have to explain to everyone how to log in. I just want it to be seamless.
How can we specify which SSID The users from the Network group will be connecting? If I have multiple SSIDs but I do not want users from the Security group1(SSID1) to SSID2
Hi. Good video, I have a problem specifying the type of installation of the CA, the CA enterprise mode appears disabled and I would like to know why ?. Thanks for the video best explained
@@TekNexSolutions Hello, at minute 17:56 you are shown two options: Enterprise CA and Standalone CA, both active, but in my case only Standalone CA shows active and Enterprise CA is disabled, that shows me when configuring in Windows Server 2012 R2 and in Windows Server 2016 and I do not know what the problem is, maybe the problem is that the operating system is virtualized ???, use VMWare 14.
I just figured out what is your issue here. Type of virtualization is not a problem. When I created fresh Windows Server 2016 > added role Active Directory Certificate Services > Tried to configure Certificate Authority as an Enterprise CA. It is greyed out same as yours. Reason: My server is not domain joined or it is not a Domain Controller itself. Solution 1: You need a domain in your network > domain join your server > Enterprise CA option will be available Solution 2: Follow exactly same steps in the above video (Create a DC and test the setup), you will not have any issues at all
TheAmazeer Yes they can. I haven’t tried with the in-built file explorer. You might have to use a third party app which will allow you to enter the share name, credentials and other settings required to access share.
Any one had problems getting this to work under Server 2K8 R2 with Windows 7 and/or Windows 10 clients? I believe I've followed all the steps clearly. Android mobile clients are authenticated, however my Windows clients keep asking for credentials over and over again. Any suggestions? As an FYI, none of the clients have ever joined the domain, but this is the same for the android devices. So I'm assuming I should not have any problems but I am unfortunately. Your video is very much detailed, thanks for the efforts and energies invested to create and publish.
You need to install Certificate manually in Win 7. As you can see in the video, Win 10 received the certificate as soon as I authenticated with the credentials.
@@TekNexSolutions Hi, is this approach confirmed? Is their not a way to have the certificate presented to the user automatically? I'm working on a solution to authenticate students via the Wi-Fi, with the accounts managed in AD.
So far to my knowledge this is confirmed. However, I can double check with someone who works with Server 2K8. In production (Server 2016), we have the same issue where we have to install certificate manually on Win 7 machines. Fortunately, we have few(1 in 500) machines which fall under this category. If Android devices connect to the Wi-Fi through Radius then there is nothing wrong with the set up you have.
Hi Jay, I have some question about the certificate. For user authentication like this, does the certificate have to be installed on the client side or only on the server side?
What if my AD CS role wasn’t install in the domain controller but other server? Do I need to request the certificate in the DC but not my server, which got AD CS role? Thank you.
thank you for sharing this video, how can we create the policy when mobile device user authenticates with ID and password, after admin approval they can get the access. Because when i was created SSID with AD authentication our all employee uses same on mobile devices also and it is not good our security perspective. pls help in this
Create a security group and give that group access to Wi-Fi. End users can log a service request and admins can add them to the security group on the requests basis to give Wi-Fi access.
Hi, We have configured the Radius Server (NPS) for Wi-Fi authentication. However, we are currently experiencing an issue: when an Active Directory user's password expires, the Wi-Fi connection is disconnected. Upon attempting to re-authenticate, the system indicates incorrect credentials. We have enabled the setting to reset the AD user password in the Radius Server Policy, but our attempts to reset the password have been unsuccessful. Could you please assist us in resolving this issue?
hi it was a nice video. but i would like to know. if user is already part of domain then how to skip putting user/pass while connecting to wifi. it should be automated. any suggestion on it.
Care For You Hi there, just letting you know you can check this video deploying Wi-Fi profile through GPO. You can only deploy this profile to Windows devices. Here is the link th-cam.com/video/QSni2IP0QJM/w-d-xo.html
Hello! I have a problem here. I have windows server 2012 and AD DNS DHCP install than I turn off dhcp on my wireless router, my pc get IP address from my dhcp server but my device can’t get IP address from WiFi! So any help pls thx.
Hello! I have configured it as in your video, but it fails to connect to Enterprise WiFi. I entered the credentials and press connect and then it switches back to enter the credentials again? I tried to connect on my PC/laptop/Android device, but it fails on every device. How to fix this issue? Thanks.
Hi Luba, I would suggest you to go over the video again and check if everything is done according to the video. It seems like you might have missed one or two things. Double check the things like network policy, permissions for AD groups etc.
Hey, Thanks for tutorial. Can I authenticate W-Fi(with certificate integrated) on a win 10 client present in Workgroup? Or is it a pre-requisite for the client to join a Domain?
Configuration requires either a user or machine authentication. User auth does not require the computer to be domain joined, but machine authentication needs the device to be domain joined.
I have configured the radius and NPS services by following the same steps but when try to connect Wi-Fi a error showing "unable to connected" kindly guide how to resolve this problem
@@TekNexSolutions I checked all the steps from the video and reconfigure radius and NPS but the problem not resolve showing same error message when try to login
Hey Jay, I'm getting the following message when connecting to the Wi-Fi: If you expect to find [wireless SSID name] in this location, go ahead and connect. Otherwise, it may be a different network with the same name. Do you know how I can remove this warning for my clients? Thank You.
brian b Hi Brian, Disregard my earlier message if you received. I checked this and even in production we get the same message, unless you use group policy to deploy the Wi-Fi profile for users/computers. However, I will look into this further and update you once I found if there is anything we can do without GPO. Of course GPO will only work with domain joined devices only. Jay
i follow step by step but does'nt work. i user radius server as server but not dc. In my enviornment, i have dc and member server radius server and unify network.
Hello thanks for your clear video.. I have a pb. I have installed every thing clean, but I want users to log via WiFi before they open a session on Windows... Clients are not logged with wire, they need to connect to WiFi first to have network, and then authenticate with Windows prompt login screen, which is 2 authentications... So bad idea.. Do you know how to connect to the Windows session through WiFi authentication? Thanks a lot if you have an answer dude 👍👍👍
Thank you for the tutorial. It's working fine with Dlink Ap and windiws srv 2012 standard. But the issue is not working for non domain pc.... Any help with that please?
Bagga caticoti abdou It should work for the non-domain pc’s. Check the following: 1. Have you tried the same user which you used for the domain joined pc? User has to be in the right group. 2. Try connecting any phone, your phone should connect to the wireless and it will get certificate from your CA. 3. If phone connects fine then re-install Wi-Fi driver on the non-domain join pc. Let me know how did you go.
Bagga caticoti abdou Also, use fully qualified domain name on the non-domain joined devices. For instance, if your domain is “test.com” and user is “user” then FQDN will be user@domain.com.
Hi Jay Maan Yes it is working fine with the smartphones but not for the laptops, I jave tried with two different laptops with win 10 installed but it did not work. I will try reinstalling the driver and check again. Thank you
Hello Finally it is working, 1- we have to Register NPS server on Active Directory 2-I did not use the wizard to create the policy, I have create it manually and specify the condition as "NAS port Type" and select "IEEE802.11 + Wireless Other" You don't have to use FQDN just type the username and the password Thank you again Jay
Thanks for this demonstration. A research a possibility to have mutiple SSID depending of groups in AD. I think i need multiple radius server on my server (if it's possible) but i'v not yet find a way. If anyone have a idea... thank for it
If my radius server is not a domain controller, how do I need to create the certificate? Do I create it on the domain controller, export it, and import it on the radius server? Or do I create a certificate locally on the radius server (the only cert option is 'Computer)'?
Here is a workaround they put in place techcommunity.microsoft.com/t5/windows-11/accessing-trials-and-kits-for-windows-eval-center-workaround/m-p/3361125.
So is the 'windows server 2016' (the thing on the right in your connection diagram in the beginning of the video) a physical machine connected via Ethernet or can you have this as a virtual one in a virtual box? fyi im a total noob
The way it is implemented it acts as a physical machine. However, it is a virtual machine in Hyper-V connected to a physical switch through External Network Adapter. Wi-Fi modem is connected to the same physical switch.
Hi Jay, Just another question if i plan AD in one server and NPS on another server what is the best practice to install CA? is it on AD server or NPS server ?
@@TekNexSolutions Hi Jay, in my scenario if i have a resources limitation what would be the best server to install CA . i only have server s for AD and NAS.
Hi Jay, if we have number of APs (around 10-15) working in a single cluster. do we have to add each as a client in NPS clients ? or only master AP would enough ?
how can i use the same setup but without the users having to enter username and password? Basically only have provided them the certificate to authenticate.
![How RADIUS Authentication Works [Step-by-Step Simplified]](http://i.ytimg.com/vi/LLrb3em-_po/mqdefault.jpg)
![[#2024MAMA] G-DRAGON - 무제(Untitled, 2014)+POWER+HOME SWEET HOME+뱅뱅뱅+FANTASTIC BABY | Mnet 241123 방송](http://i.ytimg.com/vi/Ox29z5Nf1Uk/mqdefault.jpg)
Checkout next part of this series here th-cam.com/video/QSni2IP0QJM/w-d-xo.html . Wi-Fi network settings deployment through GPO.
Thanks let me go through it.
ДЖЗ*33'333×2@= ПЕТРИЬІК**?°¿|©
Hi and thank you for this tutorial. May I ask if its possible to make a "Timed Connection" for each clients who are connected to the network? I would be nice if it limits them to connect like 1-2 hour(s) a day.
Thank you so much, brother, great content!! . Note: If someone is having issues make sure to also open the inbound firewall port UDP 1812 on your server, and if you have a network firewall also make sure it allows that same traffic from the wireless AP to the Radius Server.
Thank you for this precision, it helped me a lot.
BROTHER!! You are so awesome!! Your video is great! keep up the work! Perfectly edited, you made sure we dont waste time. I am a person who never comments on any video or likes or subscribes. But I have done all this because your work impressed me. The explanation is clear and precise.
Thanks for the amazing feedback and I am glad you enjoyed the video.
Finally got this to work, I knew it was a server config error, but this explained it very well, bravo!
Excellent Video!!! Thank you so much for making this, I’ve been trying to do this for years and all the videos I follow something doesn’t work. Follows the instructions In this video and now my wifi is using a fully functional radius server. Thanks so much
Perspective Thanks. I am glad it helped.
It would be beneficial to provide concise explanations for the addition of certain roles and features. This way, the audience can better understand the purpose of these steps. Additionally, some users may find it unclear how to establish connections or create another virtual machine linked to the server for testing its functionality. Anyways, thank you for creating this video.
man I really appreciate it, I spent hours trying to do it without on my own. I was missing the certificate part, I didn't know it was required. Even though that I have enabled all authentication methods. Thank you very much.
Thank you for the very super helpful and detailed guide, I used this today and it was most helpful.
Thank you for this great and direct guide towards RADIUS
Very detailed and excellent video.
Dear we have some quires will you please help us out. We have Multiple VLAN's for Multiple SSID's all VLAN's are in different IP pools. So kindly guide us if we define multiple IP scope for multiple SSID's how user can authenticate to their particular specific SSID ? Waiting for your response.
Hi Tahir,
This would be a sophisticated set up. Give me some time to think.
Jay
Thank you for the video, I tested this with a ubiquiti Wifi and it worked
Did you have a mix of Win7 and Win10 clients? Did you have to install any certs on any of the end clients for this to work?
Very cool and informative. Do ADCS and NPS need to be on the same server as DC?
Thank you sir for the great video I have a query, If I follow this tutorial how could I achieve the requirement to setup Radius server for Wireless Users Authentication. I need to set up RADIUS for our Wireless Access Points (APs). The challenge I'm facing is RADIUS server is separate machine and I need guidance on how to properly link the AD with the RADIUS server which the requirement is to create on Separate machine. Could anyone help me understand the additional steps involved in configuring RADIUS server and how to integrate the AD and RADIUS? (Does the Radius Server could be the Domain User and then it integrate as well? What would be the configuration at AD and Radius for integration)
I would appreciate a detailed breakdown of the additional configurations needed on both ends. If you have any documents, guidelines, or videos that could walk me through the process, that would be immensely helpful. I’ve been unable to find the right resources so far.
Great video, a very nice explanation of the components to achieve the goal, thanks, you've helped a lot today!
very well done bro. useful information with easy explanation and examples
As always...an excellent video. Thanks very much.
ninja2807 you are most welcome
Great video.
Can you please offer advice on how to install a certificate from a trusted CA so that mobile clients are not asked to Trust the CA when connecting?
I am sorry, it seems like I missed this comment. Yes, there is a way. However, you can create Wi-Fi profile and can be managed with any MDM solution. This is a bit complex and a lot is involved in it.
Somethings are incorrect. Like the thumbprint mentioned is different than the one showed... But that is because it is stitched together I think.
Thanks for the great content and it was really helpful as I was looking to learn more about servers
Excellent video. Thanks for posting.
Eldrinarr you’re welcome.
Hi,
Great video, did you register the NPS in Active Directory also?
Thank you.
You have to do that if your NPS server is different than the DC. In this case, I did not have to register because of TEST-CERT01 is a DC itself and it has the permission to read the dial-in properties of user accounts during the authorization process.
Well done demonstration, Jay Mann. Any plans on an upcoming video on SSO 802.1X GPO for WS2016/W10?
Thanks. Yes, it can be done but have not planned anything about it yet.
Here is the link th-cam.com/video/QSni2IP0QJM/w-d-xo.html
Nice video .. Just a quick question, how do you set up similarly for Guest Users? Please post me some steps, appreciate your help. Thanks
Excellent Video. Pls i need to know. If I have multiple Domain Controllers does requesting certificate on one DC replicate to the others?
Thank you for the very detailed instructions, sir! Very helpful!
Your welcome, glad it helped
Thank you for the great tutorials!
Glad you like them!
Thanks for this content, it is very helpful.
Glad it was helpful!
Nicely explained 👌
Hello, I have configured the radius server and it works. On the session I have the button to connect but I also have the possibility of entering another login / mdp how to prevent this? THANKS
Thank you so much this wonderful video..
it was in detailed video, thanks for sharing. what if i just want the laptops that are in domain only be able to connect in that case i think we will set the local computers group instead of users. but if we dont add user groups how the username and password will work to connect???
You are welcome.
Here is the video for computer based authentication th-cam.com/video/QSni2IP0QJM/w-d-xo.html
Hi bro, beautiful video, are you using vmware workstation or bare metal?
Thank you. This is on Hyper-V.
@@TekNexSolutions Hi bro. Thank you very much for your reply. Did you have any radius server videos with wired.
Great detailed guide!!
Excellent tutorial!!! Thanks!
Thank you for the great tutorials! I am pretty green when it comes to certificates. So it looks like the GPO will automatically renew the certificate. But what about on the domain controller/CA? I assume when those certificates are close to expiring i'll have to manually go in and create/renew the certificate?
Normally you would create a Root CA on a laptop (OR cheap Raspberry PI) and Create a life Intermediate CA instead. The laptop (Raspberry Pi) should be shutdown put into a safe and only be used when renewing that intermediate CA.
Great video, I can get communication when I’m on the normal net but it doesn’t work on the enterprise net any tips? Also I had to put the router in bridge mode for communication to occur
Hi, this is a really great video. I was thinking of applying this a similar concept using username and password only for a College for Students to access resources with their personal machines, and not the domain computers. What would I have to change to make this happen. I'd prefer to not have to use certificates for the students' laptops.
Big Ric Than you. For Radius authentication you supposed to have a CA in action.
It will be user auth for students BYODs and computer auth for domain joined devices.
@@TekNexSolutions Thanks for replying, but let me ask this, is there some issue(s) with Windows 10 clients requiring a certificate and causes problems to connect to these types of public Wi-Fi with RADIUS auth? I can see Android devices not having this issue, I'm asking as I have a college Wi-Fi network to deploy in the fairly distant future and smooth student connectivity is an area of contention for me.
@@hennessy6996 Android, IOS, macOS and Win 10 Client uses the Windows Radius Authentication in a similar fashion. As demonstrated in the video, when you connect the client and it prompts to trust the Certificate from your CA. Once you do that and connection works as it supposed to be. This method is widely deployed in different production environments that I know of personally, we are talking anywhere between 1500 to 60,000 end users.
Have you faced any issues?
@@TekNexSolutions About 9 months ago I tried this and had problems with the Win10 clients requesting credentials repeatedly without ever connecting, I'm picking this up again as I'll have to deploy soon. I'm even thinking of dynamic VLANS with some Aruba Networks switces for wired clients as the existing IT team is very inexperienced. I'll be labbing it out over the next 2 weeks.
@@hennessy6996 I don't see any issues moving forward with this. However, try it in your lab and it should work.
Hi, this is a great video. I appreciate your content.
Question though, is there any way to avoid the prompting of the certificate notice during the authentication process?
Yes, there is. If you install the root cert on the machines. However, on BYO devices you won't be able to install the root cert since you don't manage those devices.
Amazing Video with Smooth Process.
Why td-w8980.test.local device level setup is missing in this video ? this device is windows server or a windows client machine ?
Its an accesspoint :)
@@keinechancee5361 Device: rs-w8980.test.local is a windows 10 or windows server device ?
@jay
On which minute did you found that?
The accesspoint is named “TD-W8980”.
The Windows Server is named “TEST-CERT1”
and the windows 10 client is named “Win10”.
test.local is the local domain, so for example “TD-W8980.test.local” is the accesspoint inside the domain and “Win10.test.local” is the Windows 10 Client inside the domain.
Have a nice weekend and greetings
KeineChancee
Excellent guide! However, I - for whatever reason - cannot get mine to work. It is stuck on "Checking Network Requirements". Event viewer reveals repeated 802.1x authentication restarts. Our DHCP is currently running on our Meraki firewall, with the DNS running on DCs. Any idea what might be the cause?
How would guest connect their macOS when policy is computer based with certificate authentication? How would guest get/request certificate and where to place in macOS.
il nostro prof. ci costringe a vedere sto video
Is it a good thing?
very nicely presented!
Thank you.
very nice ... Thanks
Hello Jay,
Thank you for your video.
I'm having issues connecting to the wifi network. Everytime i fill in my credentials it loads and sends me back to where i need to put in the credentials, without giving me an error message. When i test this with the built in authentication tester in my AP it does work... I'm using a Ruckus zoneflex r510.
Brian Boere Hi Brian,
Have you triend another client, may be a phone could be a good test? Does the same problem occur on other devices as well? Tester checks the radius server only, which means there is no issue with the radius authentication. Once you hit connect from a client, server should offer a certificate. Let me know if the issue is same accross different devices.
Jay Mann, I've also tried this on my phone. The same problem occurs.
Thank you budy it helped a lot
Thank you from France
You are welcome!
Thanks for this! Quick querry, i have my mx84 act as dhcp server, i am able to authenticate from nps but not getting an IP, appreciate if you can give light on this, thanks!
Hi, Please could you help me with using Microsoft NPS and setting up a test OU for machine-based wired and wireless authentication?
created an SSID on our cisco interface which points the wireless to the correct authentication server and perhaps the same on our switches.
I have a problem. We would like to allow only domain computers and when the NPS authenticates the computer it need toi asks for username and password, but when we add the group( Domain computers/Users in the same policy the NPS does not allow access. If we create 2 separate policies this one does not ask for password since the domain computer is already authenticated with cert. Any help
How to check existing configuration 802.11x ? Cause i have problem 1 group cannot connect to wifi
Amazing stuff!!
Brilliant!
Great Video!!!
I see mostly tutorials on how to do authentication with a domain user. Is there a tutorial or an easy way to do this with a certificate by itself? I was reading about TLS authentication, which i think would work. We've got several thousand chromebooks, and a new wifi network we're deploying. I don't really want to have to explain to everyone how to log in. I just want it to be seamless.
darthcircuit I can see where you coming from. In your case, you have to build a Wi-Fi profile and enroll each device to it.
That sounds awful. I guess we'll just stick with PSK for now lol. Thanks :)
How can we specify which SSID The users from the Network group will be connecting? If I have multiple SSIDs but I do not want users from the Security group1(SSID1) to SSID2
Hi.
Good video, I have a problem specifying the type of installation of the CA, the CA enterprise mode appears disabled and I would like to know why ?.
Thanks for the video best explained
Jose Luis Llampa Colque Strange issue. I never had that problem. Are you installing CA on a DC(like I did) or it is a different server?
@@TekNexSolutions Hello, at minute 17:56 you are shown two options: Enterprise CA and Standalone CA, both active, but in my case only Standalone CA shows active and Enterprise CA is disabled, that shows me when configuring in Windows Server 2012 R2 and in Windows Server 2016 and I do not know what the problem is, maybe the problem is that the operating system is virtualized ???, use VMWare 14.
I just figured out what is your issue here. Type of virtualization is not a problem. When I created fresh Windows Server 2016 > added role Active Directory Certificate Services > Tried to configure Certificate Authority as an Enterprise CA. It is greyed out same as yours.
Reason: My server is not domain joined or it is not a Domain Controller itself.
Solution 1: You need a domain in your network > domain join your server > Enterprise CA option will be available
Solution 2: Follow exactly same steps in the above video (Create a DC and test the setup), you will not have any issues at all
you are awesome bro ... i am getting an error "Unable to join wifi-sid". Can you help what should I have to checked. I am using server 2022
You are amazing!!
Do you know why Android device connecting the WiFi ask weird question beside the username and password. Question about certificate
Thanks. It is the OS, and it doesn’t pick the security requirements from the Wi-Fi.
Thank u sir
Have you configured NAT rule in your physical machine to enable connection for Hyper-V?
Using external virtual switch in Hyper-V which is connected to a physical switch.
Hi..
If possible I need to get some help...
Setup made successfully but not able to connect Wi-Fi...
Hi Jay,
did you use your Wireless Router as Default-Gateway ?
Hamid Chendawoli Yes, for wireless clients.
Thanks dude.. Can Android clients Access their home folder via a file explorer ?
TheAmazeer Yes they can. I haven’t tried with the in-built file explorer. You might have to use a third party app which will allow you to enter the share name, credentials and other settings required to access share.
Any one had problems getting this to work under Server 2K8 R2 with Windows 7 and/or Windows 10 clients? I believe I've followed all the steps clearly. Android mobile clients are authenticated, however my Windows clients keep asking for credentials over and over again. Any suggestions? As an FYI, none of the clients have ever joined the domain, but this is the same for the android devices. So I'm assuming I should not have any problems but I am unfortunately.
Your video is very much detailed, thanks for the efforts and energies invested to create and publish.
You need to install Certificate manually in Win 7. As you can see in the video, Win 10 received the certificate as soon as I authenticated with the credentials.
@@TekNexSolutions Hi, is this approach confirmed? Is their not a way to have the certificate presented to the user automatically? I'm working on a solution to authenticate students via the Wi-Fi, with the accounts managed in AD.
@@TekNexSolutions Much thanks for the response thus far.
So far to my knowledge this is confirmed. However, I can double check with someone who works with Server 2K8. In production (Server 2016), we have the same issue where we have to install certificate manually on Win 7 machines. Fortunately, we have few(1 in 500) machines which fall under this category. If Android devices connect to the Wi-Fi through Radius then there is nothing wrong with the set up you have.
Hi Jay, I have some question about the certificate.
For user authentication like this, does the certificate have to be installed on the client side or only on the server side?
Server will offer the client a cert upon successful authentication. Only server side will be sufficient.
What if my AD CS role wasn’t install in the domain controller but other server? Do I need to request the certificate in the DC but not my server, which got AD CS role? Thank you.
Can you please make a video on Wired authentication?
thank you for sharing this video, how can we create the policy when mobile device user authenticates with ID and password, after admin approval they can get the access. Because when i was created SSID with AD authentication our all employee uses same on mobile devices also and it is not good our security perspective. pls help in this
Create a security group and give that group access to Wi-Fi. End users can log a service request and admins can add them to the security group on the requests basis to give Wi-Fi access.
do you have a guide on how to apply captive portal using this?
Hi,
We have configured the Radius Server (NPS) for Wi-Fi authentication. However, we are currently experiencing an issue: when an Active Directory user's password expires, the Wi-Fi connection is disconnected. Upon attempting to re-authenticate, the system indicates incorrect credentials.
We have enabled the setting to reset the AD user password in the Radius Server Policy, but our attempts to reset the password have been unsuccessful.
Could you please assist us in resolving this issue?
Are you using a cloud hosted VM as you radius server? like with Azure Domain Name Services?
Thanks for Sharing
Its greats. Tks
hi it was a nice video.
but i would like to know. if user is already part of domain then how to skip putting user/pass while connecting to wifi. it should be automated.
any suggestion on it.
Thank you.
Yes it can be done with the help of GPO. Nothing planned yet, may be I record another video for this.
@@TekNexSolutions oh great, if you could create quick video on this GPO will be helpful
Care For You Hi there, just letting you know you can check this video deploying Wi-Fi profile through GPO. You can only deploy this profile to Windows devices. Here is the link th-cam.com/video/QSni2IP0QJM/w-d-xo.html
Good job
Hello! I have a problem here. I have windows server 2012 and AD DNS DHCP install than I turn off dhcp on my wireless router, my pc get IP address from my dhcp server but my device can’t get IP address from WiFi! So any help pls thx.
Hello! I have configured it as in your video, but it fails to connect to Enterprise WiFi. I entered the credentials and press connect and then it switches back to enter the credentials again? I tried to connect on my PC/laptop/Android device, but it fails on every device. How to fix this issue? Thanks.
Hi Luba,
I would suggest you to go over the video again and check if everything is done according to the video. It seems like you might have missed one or two things. Double check the things like network policy, permissions for AD groups etc.
Hey, Thanks for tutorial. Can I authenticate W-Fi(with certificate integrated) on a win 10 client present in Workgroup?
Or is it a pre-requisite for the client to join a Domain?
Configuration requires either a user or machine authentication. User auth does not require the computer to be domain joined, but machine authentication needs the device to be domain joined.
Thank you!
I have configured the radius and NPS services by following the same steps but when try to connect Wi-Fi a error showing "unable to connected" kindly guide how to resolve this problem
Check the steps again, must have missed something simple. The guide hasn’t changed for years.
@@TekNexSolutions I checked all the steps from the video and reconfigure radius and NPS but the problem not resolve showing same error message when try to login
Hey Jay,
I'm getting the following message when connecting to the Wi-Fi: If you expect to find [wireless SSID name] in this location, go ahead and connect. Otherwise, it may be a different network with the same name.
Do you know how I can remove this warning for my clients?
Thank You.
brian b Hi Brian,
Disregard my earlier message if you received.
I checked this and even in production we get the same message, unless you use group policy to deploy the Wi-Fi profile for users/computers. However, I will look into this further and update you once I found if there is anything we can do without GPO. Of course GPO will only work with domain joined devices only.
Jay
@@TekNexSolutions I'd really like an answer to this question if you have one. Thanks.
The Radius server use user and password to sincronize with LDAP?
How about for wired connection authentication with Windows Server?
i follow step by step but does'nt work. i user radius server as server but not dc. In my enviornment, i have dc and member server radius server and unify network.
Must have missed something. I have added Unifi with same setup and works fine.
what should i do if i already have DHCP from my firewall
If I change WPA password into radius password now I not able to connecting what I should do
Hello thanks for your clear video.. I have a pb. I have installed every thing clean, but I want users to log via WiFi before they open a session on Windows... Clients are not logged with wire, they need to connect to WiFi first to have network, and then authenticate with Windows prompt login screen, which is 2 authentications... So bad idea.. Do you know how to connect to the Windows session through WiFi authentication? Thanks a lot if you have an answer dude 👍👍👍
You have to create a gpo. Allow user login only when DC is available. DC will only be available when device is connected to the network.
Thank you for the tutorial. It's working fine with Dlink Ap and windiws srv 2012 standard. But the issue is not working for non domain pc.... Any help with that please?
Bagga caticoti abdou It should work for the non-domain pc’s. Check the following:
1. Have you tried the same user which you used for the domain joined pc? User has to be in the right group.
2. Try connecting any phone, your phone should connect to the wireless and it will get certificate from your CA.
3. If phone connects fine then re-install Wi-Fi driver on the non-domain join pc.
Let me know how did you go.
Bagga caticoti abdou Also, use fully qualified domain name on the non-domain joined devices. For instance, if your domain is “test.com” and user is “user” then FQDN will be user@domain.com.
Hi Jay Maan
Yes it is working fine with the smartphones but not for the laptops, I jave tried with two different laptops with win 10 installed but it did not work.
I will try reinstalling the driver and check again.
Thank you
Hello Finally it is working,
1- we have to Register NPS server on Active Directory
2-I did not use the wizard to create the policy, I have create it manually and specify the condition as "NAS port Type" and select "IEEE802.11 + Wireless Other"
You don't have to use FQDN just type the username and the password
Thank you again Jay
Bagga caticoti abdou sounds good. I am happy that it is working now.
What if your DHCP server is elsewhere ?
Thanks for this demonstration. A research a possibility to have mutiple SSID depending of groups in AD. I think i need multiple radius server on my server (if it's possible) but i'v not yet find a way. If anyone have a idea... thank for it
If my radius server is not a domain controller, how do I need to create the certificate? Do I create it on the domain controller, export it, and import it on the radius server? Or do I create a certificate locally on the radius server (the only cert option is 'Computer)'?
Here is a workaround they put in place techcommunity.microsoft.com/t5/windows-11/accessing-trials-and-kits-for-windows-eval-center-workaround/m-p/3361125.
So is the 'windows server 2016' (the thing on the right in your connection diagram in the beginning of the video) a physical machine connected via Ethernet or can you have this as a virtual one in a virtual box? fyi im a total noob
The way it is implemented it acts as a physical machine. However, it is a virtual machine in Hyper-V connected to a physical switch through External Network Adapter. Wi-Fi modem is connected to the same physical switch.
Same thing can be achieved through Virtual Box as well with understanding of how the virtual network adapters work.
Thanks, first clarification on that on the internet.
Hello I am not able to connect when i enter user name and password. Please help me.. I followed all the steps.
Hi Jay, Just another question if i plan AD in one server and NPS on another server what is the best practice to install CA?
is it on AD server or NPS server ?
It is recommended to use a dedicated server for CA. Not recommended it to be a DC.
@@TekNexSolutions Hi Jay, in my scenario if i have a resources limitation what would be the best server to install CA . i only have server s for AD and NAS.
I would install CA on NPS Server.
i was able to get it to ask for user and password, but it will not authenitcate to get wifi access :(
I cannot get this to work with my Fortigate device at all.
Hi Jay, if we have number of APs (around 10-15) working in a single cluster. do we have to add each as a client in NPS clients ? or only master AP would enough ?
It depends on the capability of APs, if they can afford to do that. Otherwise, you might have to add one by one.
Do you already have those APs on hand or are you planning to do something like that?
Yes. I do already have Ruckus APs.
Oh nice.
What model in particular?
R500.
Can we authenticate users with radius coming as visitor and connect our wifi ?
how to bind mac address for the users in AD
how can i use the same setup but without the users having to enter username and password? Basically only have provided them the certificate to authenticate.
What type of end users and devices we are looking at?