Skip to content
Tech Shizz Logo

An Engineers Blog

  • TechShizz
  • blog

Setting up WPA2-Enterprise Authenticated WiFi (Connect to WiFi with AD Credentials)

Posted on February 23, 2021 By rich No Comments on Setting up WPA2-Enterprise Authenticated WiFi (Connect to WiFi with AD Credentials)

1. Set up Radius Server as a DC
 a. Make server a DC
2. Create a Security Group to Add users to. “WiFi – CorporateUsers”
3. Install a Certification Authority
 a. Install the role
 b. Configure the ADCS
 Choose Enterprise CA
 Keep all defaults (Choose Root CA)
 Set Certificate to 2 years and create a scheduled task somewhere to replace this certificate before it expires.
 c. Request computer certificate for the Domain Controller Certificate on the RADIUS Server.
4. Install NPS
 a. –
 b. Configure RADIUS server in FortiCloud / (Your Access Points)
 c. Authentication on WPA2-Enterprise
    Port 1812
    Enter a the “Secret” PSK.
 d. In the NPS config, change from NPS to RADIUS 802.1x
 e. Add a RADIUS client (the AP)
 f. For Auth Method, choose EAP.
 g. Add the “WiFi – CorporateUsers” group.
 h. Click on the NPS(Local) root node in the NPS Snap in, then click the Action > Register Server in Active Directory.
5. Export the DC Certificate, and deploy it to all devices that can join WiFi
6. Deploy WiFi Settings and certificate via Group Policy
 a. Put the exported certificate in SYSVOLDOMAINScripts
 b. Create Group policy, ComputerConfiguration > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Publishers
 c. Import the certificate
 d. Next in the same policy go to ComputerConfiguration > Policies > Windows Settings > Security Settings > Public Key Policies > Wireless Network (IEEE 802.11) Polices
 e . Create a new Network Connection
 f . Enter to Policy Name, Click Add and then “Infrastructure”.
 g. Enter Profile Name, SSID for the Netowrk. On the Security tab choose WPA2-Enterprise/AES, EAP(PEAP).
 h. In the same window, click properties, TICK:”Connect to these servers” and enter the FQDN of the RADIUS Server e.g. HVDC2.DOMAIN.local
 i. From the Trusted Root Certification Authorities window, find and tick your certificate you imported earlier.
 j. Next Click “Configure” – Here you can untick this to make users enter their password, or leave it ticked to have a Pass Thru style authentication.
7. Test
 a. Connect to a laptop (With LAN connection if remote) and try to login with AD credentials. (If you opted for Pass Thru it should just connect).

Post navigation

❮ Previous Post: How to RDP to an AzureAD Joined Client PC
Next Post: Disable Copy and Paste and Right Mouse Click ❯

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to our newsletter!

Recent Posts

  • How to implement a lightning-fast ransomware playbook
  • How to achieve defence in depth in your business
  • How to implement a SecOps team phishing response plan
  • How to block an Office 365 Sign-in correctly
  • Microsoft finally patched serious Exchange 0-day over a month old!

Recent Comments

    Archives

    • November 2022
    • July 2021
    • March 2021
    • February 2021

    Categories

    • Cyber Security
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2023 .

    Theme: Oceanly News Dark by ScriptsTown