Configuration of

windows server 2008

r2
 Configure Windows Server 2008 for Radius Authentication
Configure the Server

Configure Computer Name and IP Address

Step-by-Step Procedure
1. On Windows Server 2008, click Start > Computer, right-
click on Computer, and select Properties.
2. Click Change settings. The Computer Name/Domain
Changes page opens.
3. Enter the computer name in the Computer name field.
4. Select Workgroup and enter the workgroup name in the
Workgroup field.
5. Click OK to save the settings.
Configure ADDS
Step-by-Step Procedure
1. On Windows Server 2008, click Start > Administrative Tools >
Server Manager. The Server Manager page opens.
2. From the left navigation bar, click Roles > Add Roles and follow the
Add Roles Wizard.
3. On the Before You Begin page, click Next.
4. On the Select Server Roles page, select Active Directory Domain
Services and click Next.
5. On the Active Directory Domain Services page, click Next.
6. On the Confirmation Installation Selections page, click Install.
7. Click Close. The Active Directory Domain Services is installed.
Add DNS Server as Domain Controller

Step-by-Step Procedure
1.On Windows Server 2008, click Start, type dcpromo, press Enter, and
follow the Active Directory Domain Services Installation Wizard.
2.From the left navigation bar, click Roles > Add Roles and follow
the Add Roles Wizard.
3.Deselect the Use advanced mode installation check-box and click Next.
4.On the Select Server Roles page, select Active Directory Domain
Services and click Next.
5.On the Active Directory Domain Services page, click Next.
6. Click Next.
7. Select Create a new domain in a new forest and click Next.
8. Enter the domain name in the FQDN of the forest root domain field
and click Next.
9. From the Forest functional level drop-down list, select Windows
Server 2008 R2 and click Next.
10. Select DNS server and click Next.
11. Click Yes to continue.
12. Click Next.
13. Enter a password in the Password field, re-enter the password in the
Confirm password field, and click Next. Setting a password allows
you to restore your Active Directory.
14. Click Next. Installation begins and it takes a few minutes time to
complete the installation.
15. Click Finish.
16. Click Restart Now to restart the server for the changes to take effec
Configure Active Directory Certificate Services
Step-by-Step Procedure
1. On the Windows Server 2008, click Start > Administrative
Tools > Server Manager. The Server Manager page opens.
2. From the left navigation bar, click Roles > Add Roles and
follow the Add Roles Wizard.
3. On the Before You Begin page, click Next.
4. On the Select Server Roles page, select Active Directory
Certificate Services and click Next.
5. On the Introduction to Active Directory Certificate Services
page, click Next.
6. On the Select Role Services page, select Certification
Authority and click Next.
7. On the Specify Setup Type page, select Enterprise and click
Next.
8. On the Specify CA Type page, select Root CA and click Next.
9. On the Set Up Private Key page, select Create a new private
key and click Next.
10.On the Configure Cryptography for CA page, click Next.
11. On the Configure CA Name page, enter the CA name in the
Common name for this CA field, enter the name suffix in the
Distinguished name suffix field, and click Next.
12.On this page, click Next to use the computer name and domain
name as the default CA name.
13. On the Set Validity Period page, select the validity period from the Select
validity period for the certificate generated for this CA field and click
Next.
14. The default validity period for the root CA certificate is 5 years.
15. On the Configure Certificate Database page, click Next.
16. On the Web Server (IIS) page, click Next.
17. On the Select Role Services page, click Next.
18. On the Confirmation Installation Selections page, click Install.
19. Click Close. The Active Directory Certificate Services and Web Server
(IIS) are installed.
Install NPS
Step-by-Step Procedure
1. On Windows Server 2008, click Start > Administrative Tools > Server
Manager. The Server Manager page opens.
2. From the left navigation bar, click Roles > Add Roles and follow the Add
Roles Wizard.
3. On the Before You Begin page, click Next.
4. On the Select Server Roles page, select Network Policy and Access
Services and click Next.
5. On the Select Role Services page, select Network Policy Server and
click Next.
6. On the Confirmation Installation Selections page, click Install.
7. Click Close. The NPS is installed.
 Create Certificates
Use this section to create certificates.
Step-by-Step Procedure
1.On Windows Server 2008, click Start, type mmc, and press Enter. The Console1 page
opens.
2.From the File menu, select Add/Remove Snap-in.
3.On the Add/Remove Snap-in page, under Available snap-ins, select Certificates,
click Add, and click OK.
4.On the Certificates snap-in page, select Computer account and click Next.
5. On the Select Computer page, select Local computer and click Finish.
6. On the Add/Remove Snap-in page, click OK. The Console1 page opens.
7. On the left navigation bar, under Console Root > Certificates > Personal, select
Certificates to see all available computer certificates. The Intended Purposes tab on the
right side space lists the Client Authentication, Server Authentication certificate.
8. If you do not see the certificate listed under the Intended Purposes tab, you can create a
certificate. To create a certificate, right-click on the white space and select All Tasks >
Request New Certificate.
If you do not see a certificate under Selected snap-ins, you can create a certificate:
A. On the Add/Remove Snap-in page, under Selected snap-ins, right-click and select All
Tasks > Request New Certificate.
B. On the Certificate Enrollment page, click Next.
C. Under Select Certificate Enrollment Policy, select Active Directory Enrollment
Policy and click Next.
D. Click Finish. Certificate installation is complete.
 Configure NPS for EAP Authentication
Use this section to configure NPS for EAP authentication.

Step-by-Step Procedure
1. On Windows Server 2008, click Start > Administrative Tools > Network Policy Server.
The Network Policy Server page opens.
2. Click NPS (Local) and select Register Server in Active Directory.
3. Click OK.
4. Click OK.
 Add Radius Authenticator Details
Use this section to add the IP address and the shared secret that are configured on the EX4300
switch.

Step-by-Step Procedure
1. On Windows Server 2008, click Start > Administrative Tools > Network Policy Server. The
Network Policy Server page opens.
2. Click NPS (Local), expand RADIUS Clients and Servers, right-click on RADIUS Clients,
and select New.
3. On the New RADIUS Client page, under Settings, enter a name in the Friendly name field
and IP or DNS address in the Address field. Enter a password in the Shared secret field and
re-enter the password in the Confirm shared secret field. The Radius client is added.
 Create Network Policies for Users
Use this section to create network policies for users.

Step-by-Step Procedure
1. On Windows Server 2008, click Start > Administrative Tools > Network Policy Server. The
Network Policy Server page opens.
2. Click NPS (Local), expand Policies, right-click on Network Policies, and select New.
3. On the New Network Policy page, enter a policy name in the Policy name field, select Type
of network access server, select Unspecified from the drop-down list, and click Next.
4. On the Specify Conditions page, click Next.
5. On the Specify Access Permission page, select Access granted and click Next.
6. On the Configure Authentication Methods page, under EAP Types, click Add.
7. On the Add EAP page, under Authentication methods, select Microsoft: Protected EAP
(PEAP), and click OK.
8. Under EAP Types, select Microsoft: Protected EAP (PEAP), click Edit, and click Next.
9. On the Edit Protected EAP Properties page, select the certificate from the Certificate
Issued drop-down list, select the required certificate, and click OK.
10.On the Configure Authentication Methods page, click Next.
11.On the Configure Constraints page, under Constraints, select Idle Timeout, and click
Next.
12.On the Configure Settings page, under Settings > RADIUS Attributes, select Standard,
and click Next.
13.Click Finish. The policy for user is created.
 Add Users to the Active Directory
Use this section to add users to the active directory.

Step-by-Step Procedure
1. On Windows Server 2008, click Start > Administrative Tools > Active Directory Users
and Computers. The Active Directory Users and Computers page opens.
2. Under Active Directory Users and Computers > Domain-name, right-click on Users, and
select New > User.
3. Enter username and password.
4. Create user and click Finish. Users are added to the active directory.
 Export CA Root Certificate from the server
Use this section to export CA root certificate from the server.
Step-by-Step Procedure
1.On Windows Server 2008, click Start, type mmc, and press Enter. The
Console1 page opens.
2.From the File menu, select Add/Remove Snap-in.
3.On the Add/Remove Snap-in page, under Available snap-ins,
select Certificates, click Add, and click OK.
4.On the Certificates snap-in page, select Computer account and click Next.
5.On the Select Computer page, select Local computer > Trusted Root
Certification Authorities > Certificates . On the right-side space, your root
CA certificate is listed.
6. Right-click on your root CA certificate and select All Tasks >
Export. Follow the Certificate Export Wizard and click Next.
7. On the Export Private Key page, select No, do not export the
private key and click Next.
8. Select the DER encoded binary X.509 (CER) file format and
click Next.
9. Choose a folder and file name and click Next and click Finish to
complete the export.
10. Copy the certificate that you have exported to a USB drive or
any other storage device and transfer the certificate to your
Windows client.
 Import CA Root Certificate to Windows 7
Use this section to import CA root certificate to Windows 7.

Step-by-Step Procedure
1. Double-click on the certificate file that you exported on your
Windows 7 computer and click Install Certificate.
2. Click Next.
3. Select the Trusted Root Certification Authorities tab and click
Import.
4. In the Certificate Import Wizard, click Finish. A security
warning message is displayed that you are about to trust a new
root certificate. Click Yes to continue. The CA root certificate is
imported on Windows 7.
5. Add this certificate in the Windows registry.
a. On Windows Server 2008, click Start, type cmd, and
press Ctrl+Shift+Enter. A command prompt with administrative rights
opens.
b. Enter Desktop>certutil -f -enterprise -addstore NTAuth <certificate-
name>
 Configure EX Switch for the Authenticator Role
Use this section to configure EX switch as an authenticator.

User facing interfaces should be enabled for dot1x. The

device being authenticated must be reachable by the
RADIUS server so that EAP frames can be processed.
Step-by-Step Procedure
1. Configure the EX switch:
user@host# set access radius-server server-ip port 1812 secret secret-password
user@host# set access profile dot1x authentication-order radius
user@host# set access profile dot1x radius authentication-server 192.0.2.1/24
user@host# set protocols dot1x authenticator interface ge-0/0/46 supplicant
single
user@host# set interfaces ge-0/0/0 unit 0 family inet address 192.0.2.1/24
2.Verify the configuration:
user@host# run show dot1x interface
For example:
root@EX4300# run show dot1x interface
 Enable dot1x client for Dot1x

Step-by-Step Procedure
1.On the user device, click Start, type services.msc, and press Enter. The Wired
AutoConfig page opens.
2.Right-click on Wired AutoConfig and select Properties. The Wired
AutoConfig Properties page opens.
3.From the Startup type drop-down list, select Automatic, click Start, and
click OK.
4.On the user device, click Start > Control Panel.
5.Double click on Network and Sharing Center and click Change adapter
settings.
6.Right-click on Local Area Connection and select Properties. The Local Area
Connection Properties page opens.
7. Click Authentication tab and complete the following:
a. Select the Enable IEEE 802.1x authentication check-box.
b. From the Choose a network authentication method drop-down list, select
Microsoft Protected EAP (PEAP).
c. Click Settings. The Protected EAP Properties page opens.
d. Select the Verify the server’s identity by validating the certificate check-
box, select Secured password (EAP-MSCHAP v2) from the Select
Authentication Method drop-down list, and click Configure.
e. If this is a Domain Computer, select the Automatically use my Windows
logon name and password (and domain if any) check-box.
Click OK to return to the Ethernet Properties page and click Settings.
Click OK to return to the Ethernet Properties page and click Additional
Settings.
Select the Specify authentication mode check-box and select User
authentication from the User or computer authentication drop-down list. Click
OK.
8. Click OK on the Ethernet Properties page to finish the dotx configuration.
You are now ready to connect to the network using PEAP.
Thank
you