using windows 2008 with aruba2 - airheads...
TRANSCRIPT
![Page 1: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/1.jpg)
UsingWindows2008WithArubaControllersVersion1.0
TobiasRice
ThiswillbeabasicsetupusingWindows2008Servertoallowdot1xauthwithanArubacontroller.Stepstohaveabasicinstallationinclude:
1. Renametheserver2. SettingserverasDomainController3. InstallingCertificateServices4. RequestCertificates(optional)5. InstallingNetworkPolicyServices(previouslyIAS)6. CreatingGroupPolicies
RenameTheServerSomethingdifferentaboutWindows2008Serveristhattheservernameisauto‐generatedandyouarenotgivenachanceduringtheinstalltonametheserversoyoumustdobeforeinstallingActiveDirectoryorCertificateServices.
Inthe“InitialConfigurationTasks”window,clickthe“Providecomputernameanddomain”link.
![Page 2: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/2.jpg)
EnteraComputerdescriptionandclickthe“Change…”buttontochangethecomputername.I’llbeusingWLAN‐DCasmynameanddescription.
![Page 3: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/3.jpg)
EntertheComputernameandclick“OK”andrebootwhenprompted.
SettingServerasaDomainControllerForthisexamplewesetupanewforestforthewlan.netdomain.Server2008abstractsmostserverfunctioninto“Roles”sowe’llbeaddingtheActiveDirectoryDomainServicesRolewiththeServerManagerbyclicking“Roles”andclicking“AddRoles.”
![Page 4: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/4.jpg)
SelecttheActiveDirectoryDomainServicesRole.
![Page 5: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/5.jpg)
ClickthroughtheconfirmationscreensandclickInstall.Youshouldgetseeaninstallationprogressscreenandfinallyan“installationsuccess”messagethatasksyoutorunthecommand“dcpromo.exe”whichwillconfigureyourdomain.Soclickthelinktorun“dcpromo”orclickthe“Start”button,select“Run”andenter“dcpromo.exe”.Youshouldnowseethe“ActiveDirectoryDomainService”installwizard.Click“Next“tocontinue.
![Page 6: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/6.jpg)
Choose“Createanewdomaininanewforest”andclick“Next”.
![Page 7: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/7.jpg)
Forourexampledomainwe’lluse“wlan.net”.Click“Next”anditwillchecktoseeifthenameisalreadyusedonthenetwork.
![Page 8: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/8.jpg)
Whenaskedtosetwhich“ForestFunctionalLevel”Iusedthe2008level.
![Page 9: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/9.jpg)
Thenextscreenyou’llseeisawarningthattheDNSserviceisn’tinstallandwilloffertoinstallitforyou.Justclick“Next”toacceptandinstall.
![Page 10: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/10.jpg)
Itwilldisplaythefollowingwarning,justclick“Yes”tocontinue.
![Page 11: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/11.jpg)
Justacceptthedefaultsandclick“Next”.
Nowyou’llbepromptedtoentera“DirectoryServicesRestoreModeAdministrator
![Page 12: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/12.jpg)
Password”.Enterapasswordandclick“Next”.
![Page 13: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/13.jpg)
Click“Next”attheSummaryscreen.
You’llnowseetheInstallationWizardinstallDNSandActiveDirectory.Checkthe“Rebootoncompletion”boxandoncethewizardfinishesit’llrebootandbeready
![Page 14: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/14.jpg)
forthenextstep.
InstallingCertificateServices
ToenablePEAPorEAP‐TLSwe’llneedtoinstallCertificateServicestoenableaCertificateAuthority(CA)togenerateandsigncertificatesforourdomain.Again,addaRoleviatheServerManagerandselect“ActiveDirectoryCertificateServices”
![Page 15: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/15.jpg)
andclick“Next”.
Clickthroughtheconformationscreenandselect“CertificationAuthority”and“CertificateAuthorityWebEnrollment”whichwilltellyouthatyou’llneedIIStobeinstalledtousethe“CertificateAuthorityWebEnrollment”.Click“AddRequired
![Page 16: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/16.jpg)
RoleServices”andclick“Next”tocontinue.
![Page 17: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/17.jpg)
WhenpromptedforwhichtypeofCertificateAuthoritytoinstall,choose“Enterprise”.
![Page 18: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/18.jpg)
WhenpromptedforCAType,select“RootCA”andclick“Next”.
![Page 19: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/19.jpg)
WhenpromptedtoSetUpPrivateKeyselect“Createanewprivatekey”andclick“Next”.
![Page 20: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/20.jpg)
WhenpromptedtoConfigureCryptographyforCA,acceptthedefaultsandclick“Next”fortherestoftheconformationscreens.
RequestCertificates(optional)
NowthatwehaveourCertificateAuthority(CA)upandrunningwemaywanttorequestacertificateforourAuthenticationServer.
We’llcreateaMicrosoftManagementConsole(MMC)thatwillallowustorequestandinstallthecertificateforourserver.Pressthe“Start”buttonandenter“MMC”inthecommandfieldtoopentheMMC.Nextwe’lladdtheCertificate(ForLocalComputer)snap‐inbyclicking“File”andchoosing“Add/RemoveSnap‐in”.Select
![Page 21: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/21.jpg)
“Certificates”andclick“Add”.
![Page 22: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/22.jpg)
Nowbesuretoselect“ComputerAccount”andclick“Next”.
![Page 23: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/23.jpg)
Choose“LocalComputer”,click“Finish”and“OK”.
TIP:Whileyou’rehereyoumightaswelladdthe“CertificateAuthority”snap‐inandsavethisMMCtoyourdesktopbecauseyou’llneeditagaininthefuture.
Torequestacertificateforyourserver(ifyoudon’twanttousethedefaultcertificate)expand“Certificates(LocalComputerAccount)”,“Personal”,andright‐click“Certificates”andselect“AllTasks”,“RequestNewCertificate…”
![Page 24: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/24.jpg)
ClickthroughtheEnrollmentscreenschoosingthesettingsyoudesireforyourcertificate.
![Page 25: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/25.jpg)
InstallingNetworkPolicyandAccessServices
InWindows2008ServeryoucannolongerjustinstalltheInternetAuthenticationService(IAS)andhaveRADIUSfunctionality.YoumustnowinstallNetworkPolicyandAccessServices,whichnowincludeeverythingfromearlierversionsofWindowsserversuchasRRAS/IAS/etc,…butnowincludesNAP(thinkNACforWindows).WewillbeinstallingandconfiguringjustenoughtoenablePEAPandRADIUSfunctionalitywithourArubacontroller.SoonceagainheadtotheServerManagerand“AddaRole”selecting“NetworkPolicyandAccessServices”andclickthroughtheconfirmationscreen.
![Page 26: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/26.jpg)
Select“NetworkPolicyServer”,“RoutingandRemoteAccessServices”,“RemoteAccessService”and“Routing”.Click“Next”,clickthroughtheconfirmationscreen
![Page 27: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/27.jpg)
andclick“Install”.
Installationwilltakeacoupleofminutesandpresentyouwithaninstallsummery.Justclick“Close”.
NowthatNPSisinstalled,pressthe“Start”buttonandenter“nps.msc”inthecommandfield.TheNPSMMCshouldopenupallowingyoutoselectthe“RADIUSserverfor802.1XWirelessorWiredConnections”InstallationWizardfromthe
![Page 28: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/28.jpg)
“StandardConfiguration”pull‐downmenuandclick“Configure802.1X”.
![Page 29: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/29.jpg)
Fromthe“Select802.1XConnectionsType”page,select“SecureWirelessConnections”andclick“Next”.
![Page 30: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/30.jpg)
Fromthe“Specify802.1XSwitches”screenclick“Add…”andenterthesettingsforyourArubacontrollerandpress“OK”.
Forthe“ConfigureanAuthenticationMethod”screenselect“MicrosoftSmartCardorothercertificate”forEAP‐TLSor“MicrosoftProtectedEAP(PEAP)”forPEAP.I
![Page 31: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/31.jpg)
willbeselectingPEAPforthisexampleandclick“Configure…”
![Page 32: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/32.jpg)
Selecttheappropriatecertificatetouseforthisserver.Inthiscasewe’llusethe“WLAN‐DC.wlan.net”certificateandclick“OK”.
Forthe“SpecifyUserGroups”screenselecttheusersand/orgroupsyouwouldliketoallowwirelessaccess.ForthisexampleIamallowingallofmydomainusersbyselectingthe“DomainUsers”group.IfIwanttoenforceMachineAuthenticationIneedtoaddthe“DomainComputers”groupaswellascheckingthe“EnforceMachineAuth”optioninthedot1xpolicyonmyArubacontroller.Click“Next”tocontinue.
Note:GroupslistedhereareconsideredasanORstatement.
![Page 33: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/33.jpg)
![Page 34: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/34.jpg)
Forthenextscreenyoucanclick“Next”and“Finish”orclick“Configure…”toaddRADIUSattributesforServerDerivationrules.
Forexample,youmaywanttomapthe“DomainUsers”tothe“employee_role”onyourArubacontroller.Youcoulddothatherewiththe“Filter‐Id”attribute.
![Page 35: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/35.jpg)
Note:ThereseemstobeabuginWindowsifyoumesswiththeseattributestoomuchthe“Filter‐Id”attributevanishes.Ifthishappenscanceloutofthewizardandstartover.
Press“Next”and“Finish”tocompletethewizard.ThisshouldnowallowyoutoauthenticateusersagainstyourWindows2008Server.Totestyourconfiguration,sshtoyourArubacontrollerandconfigureittousethenewRADIUSserver.
(MC800)>en
Password:******
(MC800)#configureterminal
EnterConfigurationcommands,oneperline.EndwithCNTL/Z
![Page 36: Using Windows 2008 With Aruba2 - Airheads Communitycommunity.arubanetworks.com/aruba/attachments/aruba/115/6113/1/... · You’ll now see the Installation Wizard install DNS and Active](https://reader031.vdocument.in/reader031/viewer/2022030504/5ab135a97f8b9abc2f8c645c/html5/thumbnails/36.jpg)
(MC800)(config)#aaaauthentication‐serverradiusnps
(MC800)(RADIUSServer"nps")#host10.1.0.236
(MC800)(RADIUSServer"nps")#enable
(MC800)(RADIUSServer"nps")#keyp@ssw0rd
(MC800)(RADIUSServer"nps")#nas‐identifierAruba‐Master
(MC800)(RADIUSServer"nps")#nas‐ip10.1.0.250
Nowtesttoseeifeverythingisworkingproperly.(MC800)#aaatest‐servermschapv2npstobiasqwerty12!@
Authenticationsuccessful