Hi and thank you for this tutorial. May I ask if its possible to make a "Timed Connection" for each clients who are connected to the network? I would be nice if it limits them to connect like 1-2 hour(s) a day.
Excellent Video!!! Thank you so much for making this, I’ve been trying to do this for years and all the videos I follow something doesn’t work. Follows the instructions In this video and now my wifi is using a fully functional radius server. Thanks so much
BROTHER!! You are so awesome!! Your video is great! keep up the work! Perfectly edited, you made sure we dont waste time. I am a person who never comments on any video or likes or subscribes. But I have done all this because your work impressed me. The explanation is clear and precise.
man I really appreciate it, I spent hours trying to do it without on my own. I was missing the certificate part, I didn't know it was required. Even though that I have enabled all authentication methods. Thank you very much.
It would be beneficial to provide concise explanations for the addition of certain roles and features. This way, the audience can better understand the purpose of these steps. Additionally, some users may find it unclear how to establish connections or create another virtual machine linked to the server for testing its functionality. Anyways, thank you for creating this video.
I have a problem. We would like to allow only domain computers and when the NPS authenticates the computer it need toi asks for username and password, but when we add the group( Domain computers/Users in the same policy the NPS does not allow access. If we create 2 separate policies this one does not ask for password since the domain computer is already authenticated with cert. Any help
Hello, I have configured the radius server and it works. On the session I have the button to connect but I also have the possibility of entering another login / mdp how to prevent this? THANKS
Excellent guide! However, I - for whatever reason - cannot get mine to work. It is stuck on "Checking Network Requirements". Event viewer reveals repeated 802.1x authentication restarts. Our DHCP is currently running on our Meraki firewall, with the DNS running on DCs. Any idea what might be the cause?
What if my AD CS role wasn’t install in the domain controller but other server? Do I need to request the certificate in the DC but not my server, which got AD CS role? Thank you.
Thank you. You have to do that if your NPS server is different than the DC. In this case, I did not have to register because of TEST-CERT01 is a DC itself and it has the permission to read the dial-in properties of user accounts during the authorization process.
How can we specify which SSID The users from the Network group will be connecting? If I have multiple SSIDs but I do not want users from the Security group1(SSID1) to SSID2
Great video, I can get communication when I’m on the normal net but it doesn’t work on the enterprise net any tips? Also I had to put the router in bridge mode for communication to occur
Thank you for the great tutorials! I am pretty green when it comes to certificates. So it looks like the GPO will automatically renew the certificate. But what about on the domain controller/CA? I assume when those certificates are close to expiring i'll have to manually go in and create/renew the certificate?
Normally you would create a Root CA on a laptop (OR cheap Raspberry PI) and Create a life Intermediate CA instead. The laptop (Raspberry Pi) should be shutdown put into a safe and only be used when renewing that intermediate CA.
Great video. Can you please offer advice on how to install a certificate from a trusted CA so that mobile clients are not asked to Trust the CA when connecting?
I am sorry, it seems like I missed this comment. Yes, there is a way. However, you can create Wi-Fi profile and can be managed with any MDM solution. This is a bit complex and a lot is involved in it.
it was in detailed video, thanks for sharing. what if i just want the laptops that are in domain only be able to connect in that case i think we will set the local computers group instead of users. but if we dont add user groups how the username and password will work to connect???
Hello! I have a problem here. I have windows server 2012 and AD DNS DHCP install than I turn off dhcp on my wireless router, my pc get IP address from my dhcp server but my device can’t get IP address from WiFi! So any help pls thx.
Thanks for this! Quick querry, i have my mx84 act as dhcp server, i am able to authenticate from nps but not getting an IP, appreciate if you can give light on this, thanks!
Hey Jay, I'm getting the following message when connecting to the Wi-Fi: If you expect to find [wireless SSID name] in this location, go ahead and connect. Otherwise, it may be a different network with the same name. Do you know how I can remove this warning for my clients? Thank You.
brian b Hi Brian, Disregard my earlier message if you received. I checked this and even in production we get the same message, unless you use group policy to deploy the Wi-Fi profile for users/computers. However, I will look into this further and update you once I found if there is anything we can do without GPO. Of course GPO will only work with domain joined devices only. Jay
i follow step by step but does'nt work. i user radius server as server but not dc. In my enviornment, i have dc and member server radius server and unify network.
TheAmazeer Yes they can. I haven’t tried with the in-built file explorer. You might have to use a third party app which will allow you to enter the share name, credentials and other settings required to access share.
Hi, this is a great video. I appreciate your content. Question though, is there any way to avoid the prompting of the certificate notice during the authentication process?
Yes, there is. If you install the root cert on the machines. However, on BYO devices you won't be able to install the root cert since you don't manage those devices.
Hello Jay, Thank you for your video. I'm having issues connecting to the wifi network. Everytime i fill in my credentials it loads and sends me back to where i need to put in the credentials, without giving me an error message. When i test this with the built in authentication tester in my AP it does work... I'm using a Ruckus zoneflex r510.
Brian Boere Hi Brian, Have you triend another client, may be a phone could be a good test? Does the same problem occur on other devices as well? Tester checks the radius server only, which means there is no issue with the radius authentication. Once you hit connect from a client, server should offer a certificate. Let me know if the issue is same accross different devices.
Hi Jay, I have some question about the certificate. For user authentication like this, does the certificate have to be installed on the client side or only on the server side?
Hi, We have configured the Radius Server (NPS) for Wi-Fi authentication. However, we are currently experiencing an issue: when an Active Directory user's password expires, the Wi-Fi connection is disconnected. Upon attempting to re-authenticate, the system indicates incorrect credentials. We have enabled the setting to reset the AD user password in the Radius Server Policy, but our attempts to reset the password have been unsuccessful. Could you please assist us in resolving this issue?
If my radius server is not a domain controller, how do I need to create the certificate? Do I create it on the domain controller, export it, and import it on the radius server? Or do I create a certificate locally on the radius server (the only cert option is 'Computer)'?
Here is a workaround they put in place techcommunity.microsoft.com/t5/windows-11/accessing-trials-and-kits-for-windows-eval-center-workaround/m-p/3361125.
hi it was a nice video. but i would like to know. if user is already part of domain then how to skip putting user/pass while connecting to wifi. it should be automated. any suggestion on it.
Care For You Hi there, just letting you know you can check this video deploying Wi-Fi profile through GPO. You can only deploy this profile to Windows devices. Here is the link ruclips.net/video/QSni2IP0QJM/видео.html
Amazing Video with Smooth Process. Why td-w8980.test.local device level setup is missing in this video ? this device is windows server or a windows client machine ?
On which minute did you found that? The accesspoint is named “TD-W8980”. The Windows Server is named “TEST-CERT1” and the windows 10 client is named “Win10”. test.local is the local domain, so for example “TD-W8980.test.local” is the accesspoint inside the domain and “Win10.test.local” is the Windows 10 Client inside the domain. Have a nice weekend and greetings KeineChancee
Any one had problems getting this to work under Server 2K8 R2 with Windows 7 and/or Windows 10 clients? I believe I've followed all the steps clearly. Android mobile clients are authenticated, however my Windows clients keep asking for credentials over and over again. Any suggestions? As an FYI, none of the clients have ever joined the domain, but this is the same for the android devices. So I'm assuming I should not have any problems but I am unfortunately. Your video is very much detailed, thanks for the efforts and energies invested to create and publish.
You need to install Certificate manually in Win 7. As you can see in the video, Win 10 received the certificate as soon as I authenticated with the credentials.
@@TekNexSolutions Hi, is this approach confirmed? Is their not a way to have the certificate presented to the user automatically? I'm working on a solution to authenticate students via the Wi-Fi, with the accounts managed in AD.
So far to my knowledge this is confirmed. However, I can double check with someone who works with Server 2K8. In production (Server 2016), we have the same issue where we have to install certificate manually on Win 7 machines. Fortunately, we have few(1 in 500) machines which fall under this category. If Android devices connect to the Wi-Fi through Radius then there is nothing wrong with the set up you have.
I have configured the radius and NPS services by following the same steps but when try to connect Wi-Fi a error showing "unable to connected" kindly guide how to resolve this problem
@@TekNexSolutions I checked all the steps from the video and reconfigure radius and NPS but the problem not resolve showing same error message when try to login
Hello! I have configured it as in your video, but it fails to connect to Enterprise WiFi. I entered the credentials and press connect and then it switches back to enter the credentials again? I tried to connect on my PC/laptop/Android device, but it fails on every device. How to fix this issue? Thanks.
Hi Luba, I would suggest you to go over the video again and check if everything is done according to the video. It seems like you might have missed one or two things. Double check the things like network policy, permissions for AD groups etc.
I see mostly tutorials on how to do authentication with a domain user. Is there a tutorial or an easy way to do this with a certificate by itself? I was reading about TLS authentication, which i think would work. We've got several thousand chromebooks, and a new wifi network we're deploying. I don't really want to have to explain to everyone how to log in. I just want it to be seamless.
thank you for sharing this video, how can we create the policy when mobile device user authenticates with ID and password, after admin approval they can get the access. Because when i was created SSID with AD authentication our all employee uses same on mobile devices also and it is not good our security perspective. pls help in this
Create a security group and give that group access to Wi-Fi. End users can log a service request and admins can add them to the security group on the requests basis to give Wi-Fi access.
Hey, Thanks for tutorial. Can I authenticate W-Fi(with certificate integrated) on a win 10 client present in Workgroup? Or is it a pre-requisite for the client to join a Domain?
Configuration requires either a user or machine authentication. User auth does not require the computer to be domain joined, but machine authentication needs the device to be domain joined.
Hi, this is a really great video. I was thinking of applying this a similar concept using username and password only for a College for Students to access resources with their personal machines, and not the domain computers. What would I have to change to make this happen. I'd prefer to not have to use certificates for the students' laptops.
Big Ric Than you. For Radius authentication you supposed to have a CA in action. It will be user auth for students BYODs and computer auth for domain joined devices.
@@TekNexSolutions Thanks for replying, but let me ask this, is there some issue(s) with Windows 10 clients requiring a certificate and causes problems to connect to these types of public Wi-Fi with RADIUS auth? I can see Android devices not having this issue, I'm asking as I have a college Wi-Fi network to deploy in the fairly distant future and smooth student connectivity is an area of contention for me.
@@hennessy6996 Android, IOS, macOS and Win 10 Client uses the Windows Radius Authentication in a similar fashion. As demonstrated in the video, when you connect the client and it prompts to trust the Certificate from your CA. Once you do that and connection works as it supposed to be. This method is widely deployed in different production environments that I know of personally, we are talking anywhere between 1500 to 60,000 end users. Have you faced any issues?
@@TekNexSolutions About 9 months ago I tried this and had problems with the Win10 clients requesting credentials repeatedly without ever connecting, I'm picking this up again as I'll have to deploy soon. I'm even thinking of dynamic VLANS with some Aruba Networks switces for wired clients as the existing IT team is very inexperienced. I'll be labbing it out over the next 2 weeks.
how can i use the same setup but without the users having to enter username and password? Basically only have provided them the certificate to authenticate.
so now, how do you do this with windows domain account..? and once you connect once, having to put in username/password in the wifi connection, after authenticated, do you ever have to do it again?
how can i add another computer to connect the wifi? my laptop can connect coz i followed your steps but i tried add my mate Pc's and didnt work, he cant connect to wifi, i added him to 'Test Computers' and then to group 'Wlan Computers', should i generate another cartificate or something like that?
So is the 'windows server 2016' (the thing on the right in your connection diagram in the beginning of the video) a physical machine connected via Ethernet or can you have this as a virtual one in a virtual box? fyi im a total noob
The way it is implemented it acts as a physical machine. However, it is a virtual machine in Hyper-V connected to a physical switch through External Network Adapter. Wi-Fi modem is connected to the same physical switch.
Thank you for the tutorial. It's working fine with Dlink Ap and windiws srv 2012 standard. But the issue is not working for non domain pc.... Any help with that please?
Bagga caticoti abdou It should work for the non-domain pc’s. Check the following: 1. Have you tried the same user which you used for the domain joined pc? User has to be in the right group. 2. Try connecting any phone, your phone should connect to the wireless and it will get certificate from your CA. 3. If phone connects fine then re-install Wi-Fi driver on the non-domain join pc. Let me know how did you go.
Bagga caticoti abdou Also, use fully qualified domain name on the non-domain joined devices. For instance, if your domain is “test.com” and user is “user” then FQDN will be user@domain.com.
Hi Jay Maan Yes it is working fine with the smartphones but not for the laptops, I jave tried with two different laptops with win 10 installed but it did not work. I will try reinstalling the driver and check again. Thank you
Hello Finally it is working, 1- we have to Register NPS server on Active Directory 2-I did not use the wizard to create the policy, I have create it manually and specify the condition as "NAS port Type" and select "IEEE802.11 + Wireless Other" You don't have to use FQDN just type the username and the password Thank you again Jay
TekNex Solutions yes I do. I thought the certificate is not showing up. It did on windows 10 . I tested it on older windows beforehand. Anyway, thank you for doing this video. I easily learnt new things here
Hello Jay, We are currently moving from on premis to Azure only Cloud but there are still some resources where users need to access locally. Is there are any way I can integrate my Sonicwall TZ400 VPN to Azure AD so that users can use their Azure AD user credentials for logging into VPN? also we want to integrate Sonicwall Wireless Access Point with this VPN so that laptop users can get connected to Wireless Access Points.
pavan kistampally Hi Pavan, I haven’t worked on TZ400 but just check if it has Azure VPN authentication. If not then you can spin up a VM and configure onsite AD to sync with Azure. Then onsite AD can be added to TZ400. It would be interesting to know what is solution you deploy. Update here if you can.
Hi, I have a requirement to block company users personal devices via this. Could you please help me here? Only the company computer can access via the AD user name and password. whenever users bring their own devices like Mobile and laptops we want to block their AD user name password. We can use AD and Radius for this.
Hi Jay, Just another question if i plan AD in one server and NPS on another server what is the best practice to install CA? is it on AD server or NPS server ?
@@TekNexSolutions Hi Jay, in my scenario if i have a resources limitation what would be the best server to install CA . i only have server s for AD and NAS.
@@TekNexSolutions thanks. I did everything in the tutorial but when i m trying to connect with my phone, the connection screen asks for a CA certificate , there are no options so I choose none, but it just hangs and fails to connect.. any help is appreciated please. Thanks
Dear sir how can i connect multiple wifi routers to the same server? you have configured the only router if i need another router at a different place with the same wifi login what should i do? i tried a lot but i have failed to do it
Depends what type of APs/Routers you have. You might have to add all of them individually as clients in the NPS. If you have a WLAN controller and you just add the controller as a client in NPS then it dictates the policy to APs.
Thanks for this demonstration. A research a possibility to have mutiple SSID depending of groups in AD. I think i need multiple radius server on my server (if it's possible) but i'v not yet find a way. If anyone have a idea... thank for it
I've a question. How can I create username and password for every distinct user? I mean I created a User following your video, but I can connect to internet using this username and password from every device. I want to create distinct username and password for one user only.
![[Wi-Fi] Cofigure RADIUS Server 2016 for Wireless Authentication | NETVN](http://i.ytimg.com/vi/MnNGqW8OpmQ/mqdefault.jpg)
Checkout next part of this series here ruclips.net/video/QSni2IP0QJM/видео.html . Wi-Fi network settings deployment through GPO.
Thanks let me go through it.
ДЖЗ*33'333×2@= ПЕТРИЬІК**?°¿|©
Hi and thank you for this tutorial. May I ask if its possible to make a "Timed Connection" for each clients who are connected to the network? I would be nice if it limits them to connect like 1-2 hour(s) a day.
Finally got this to work, I knew it was a server config error, but this explained it very well, bravo!
Excellent Video!!! Thank you so much for making this, I’ve been trying to do this for years and all the videos I follow something doesn’t work. Follows the instructions In this video and now my wifi is using a fully functional radius server. Thanks so much
Perspective Thanks. I am glad it helped.
BROTHER!! You are so awesome!! Your video is great! keep up the work! Perfectly edited, you made sure we dont waste time. I am a person who never comments on any video or likes or subscribes. But I have done all this because your work impressed me. The explanation is clear and precise.
Thanks for the amazing feedback and I am glad you enjoyed the video.
man I really appreciate it, I spent hours trying to do it without on my own. I was missing the certificate part, I didn't know it was required. Even though that I have enabled all authentication methods. Thank you very much.
Thank you for the video, I tested this with a ubiquiti Wifi and it worked
Did you have a mix of Win7 and Win10 clients? Did you have to install any certs on any of the end clients for this to work?
Thank you for this great and direct guide towards RADIUS
Great video, a very nice explanation of the components to achieve the goal, thanks, you've helped a lot today!
very well done bro. useful information with easy explanation and examples
As always...an excellent video. Thanks very much.
ninja2807 you are most welcome
Excellent video. Thanks for posting.
Eldrinarr you’re welcome.
Once a user has logged in using a an android phone, can they still share the internet connection using the QR_code on android?
It would be beneficial to provide concise explanations for the addition of certain roles and features. This way, the audience can better understand the purpose of these steps. Additionally, some users may find it unclear how to establish connections or create another virtual machine linked to the server for testing its functionality. Anyways, thank you for creating this video.
Thanks for the great content and it was really helpful as I was looking to learn more about servers
Thank you for the very detailed instructions, sir! Very helpful!
Your welcome, glad it helped
Thank you for the great tutorials!
Glad you like them!
Thanks for this content, it is very helpful.
Glad it was helpful!
Excellent tutorial!!! Thanks!
Nicely explained 👌
Very cool and informative. Do ADCS and NPS need to be on the same server as DC?
Great detailed guide!!
Hi bro, beautiful video, are you using vmware workstation or bare metal?
Thank you. This is on Hyper-V.
@@TekNexSolutions Hi bro. Thank you very much for your reply. Did you have any radius server videos with wired.
I have a problem. We would like to allow only domain computers and when the NPS authenticates the computer it need toi asks for username and password, but when we add the group( Domain computers/Users in the same policy the NPS does not allow access. If we create 2 separate policies this one does not ask for password since the domain computer is already authenticated with cert. Any help
Amazing stuff!!
Somethings are incorrect. Like the thumbprint mentioned is different than the one showed... But that is because it is stitched together I think.
very nicely presented!
Thank you.
Hello, I have configured the radius server and it works. On the session I have the button to connect but I also have the possibility of entering another login / mdp how to prevent this? THANKS
Thank you budy it helped a lot
Excellent guide! However, I - for whatever reason - cannot get mine to work. It is stuck on "Checking Network Requirements". Event viewer reveals repeated 802.1x authentication restarts. Our DHCP is currently running on our Meraki firewall, with the DNS running on DCs. Any idea what might be the cause?
very nice ... Thanks
What if my AD CS role wasn’t install in the domain controller but other server? Do I need to request the certificate in the DC but not my server, which got AD CS role? Thank you.
Great Video!!!
Hi,
Great video, did you register the NPS in Active Directory also?
Thank you.
You have to do that if your NPS server is different than the DC. In this case, I did not have to register because of TEST-CERT01 is a DC itself and it has the permission to read the dial-in properties of user accounts during the authorization process.
How can we specify which SSID The users from the Network group will be connecting? If I have multiple SSIDs but I do not want users from the Security group1(SSID1) to SSID2
Hi, Please could you help me with using Microsoft NPS and setting up a test OU for machine-based wired and wireless authentication?
created an SSID on our cisco interface which points the wireless to the correct authentication server and perhaps the same on our switches.
How to check existing configuration 802.11x ? Cause i have problem 1 group cannot connect to wifi
Well done demonstration, Jay Mann. Any plans on an upcoming video on SSO 802.1X GPO for WS2016/W10?
Thanks. Yes, it can be done but have not planned anything about it yet.
Here is the link ruclips.net/video/QSni2IP0QJM/видео.html
Thanks for Sharing
Great video, I can get communication when I’m on the normal net but it doesn’t work on the enterprise net any tips? Also I had to put the router in bridge mode for communication to occur
il nostro prof. ci costringe a vedere sto video
Is it a good thing?
Thank you!
Thank you for the great tutorials! I am pretty green when it comes to certificates. So it looks like the GPO will automatically renew the certificate. But what about on the domain controller/CA? I assume when those certificates are close to expiring i'll have to manually go in and create/renew the certificate?
Normally you would create a Root CA on a laptop (OR cheap Raspberry PI) and Create a life Intermediate CA instead. The laptop (Raspberry Pi) should be shutdown put into a safe and only be used when renewing that intermediate CA.
Great video.
Can you please offer advice on how to install a certificate from a trusted CA so that mobile clients are not asked to Trust the CA when connecting?
I am sorry, it seems like I missed this comment. Yes, there is a way. However, you can create Wi-Fi profile and can be managed with any MDM solution. This is a bit complex and a lot is involved in it.
Excellent Video. Pls i need to know. If I have multiple Domain Controllers does requesting certificate on one DC replicate to the others?
Thank u sir
it was in detailed video, thanks for sharing. what if i just want the laptops that are in domain only be able to connect in that case i think we will set the local computers group instead of users. but if we dont add user groups how the username and password will work to connect???
You are welcome.
Here is the video for computer based authentication ruclips.net/video/QSni2IP0QJM/видео.html
Hello! I have a problem here. I have windows server 2012 and AD DNS DHCP install than I turn off dhcp on my wireless router, my pc get IP address from my dhcp server but my device can’t get IP address from WiFi! So any help pls thx.
Hi..
If possible I need to get some help...
Setup made successfully but not able to connect Wi-Fi...
Nice video .. Just a quick question, how do you set up similarly for Guest Users? Please post me some steps, appreciate your help. Thanks
Thank you from France
You are welcome!
Thanks for this! Quick querry, i have my mx84 act as dhcp server, i am able to authenticate from nps but not getting an IP, appreciate if you can give light on this, thanks!
i was able to get it to ask for user and password, but it will not authenitcate to get wifi access :(
Hey Jay,
I'm getting the following message when connecting to the Wi-Fi: If you expect to find [wireless SSID name] in this location, go ahead and connect. Otherwise, it may be a different network with the same name.
Do you know how I can remove this warning for my clients?
Thank You.
brian b Hi Brian,
Disregard my earlier message if you received.
I checked this and even in production we get the same message, unless you use group policy to deploy the Wi-Fi profile for users/computers. However, I will look into this further and update you once I found if there is anything we can do without GPO. Of course GPO will only work with domain joined devices only.
Jay
@@TekNexSolutions I'd really like an answer to this question if you have one. Thanks.
i follow step by step but does'nt work. i user radius server as server but not dc. In my enviornment, i have dc and member server radius server and unify network.
Must have missed something. I have added Unifi with same setup and works fine.
Thanks dude.. Can Android clients Access their home folder via a file explorer ?
TheAmazeer Yes they can. I haven’t tried with the in-built file explorer. You might have to use a third party app which will allow you to enter the share name, credentials and other settings required to access share.
Hi, this is a great video. I appreciate your content.
Question though, is there any way to avoid the prompting of the certificate notice during the authentication process?
Yes, there is. If you install the root cert on the machines. However, on BYO devices you won't be able to install the root cert since you don't manage those devices.
Hello Jay,
Thank you for your video.
I'm having issues connecting to the wifi network. Everytime i fill in my credentials it loads and sends me back to where i need to put in the credentials, without giving me an error message. When i test this with the built in authentication tester in my AP it does work... I'm using a Ruckus zoneflex r510.
Brian Boere Hi Brian,
Have you triend another client, may be a phone could be a good test? Does the same problem occur on other devices as well? Tester checks the radius server only, which means there is no issue with the radius authentication. Once you hit connect from a client, server should offer a certificate. Let me know if the issue is same accross different devices.
Jay Mann, I've also tried this on my phone. The same problem occurs.
Brilliant!
Hi Jay, I have some question about the certificate.
For user authentication like this, does the certificate have to be installed on the client side or only on the server side?
Server will offer the client a cert upon successful authentication. Only server side will be sufficient.
Hello I am not able to connect when i enter user name and password. Please help me.. I followed all the steps.
Hi,
We have configured the Radius Server (NPS) for Wi-Fi authentication. However, we are currently experiencing an issue: when an Active Directory user's password expires, the Wi-Fi connection is disconnected. Upon attempting to re-authenticate, the system indicates incorrect credentials.
We have enabled the setting to reset the AD user password in the Radius Server Policy, but our attempts to reset the password have been unsuccessful.
Could you please assist us in resolving this issue?
Are you using a cloud hosted VM as you radius server? like with Azure Domain Name Services?
you are awesome bro ... i am getting an error "Unable to join wifi-sid". Can you help what should I have to checked. I am using server 2022
If my radius server is not a domain controller, how do I need to create the certificate? Do I create it on the domain controller, export it, and import it on the radius server? Or do I create a certificate locally on the radius server (the only cert option is 'Computer)'?
Here is a workaround they put in place techcommunity.microsoft.com/t5/windows-11/accessing-trials-and-kits-for-windows-eval-center-workaround/m-p/3361125.
hi it was a nice video.
but i would like to know. if user is already part of domain then how to skip putting user/pass while connecting to wifi. it should be automated.
any suggestion on it.
Thank you.
Yes it can be done with the help of GPO. Nothing planned yet, may be I record another video for this.
@@TekNexSolutions oh great, if you could create quick video on this GPO will be helpful
Care For You Hi there, just letting you know you can check this video deploying Wi-Fi profile through GPO. You can only deploy this profile to Windows devices. Here is the link ruclips.net/video/QSni2IP0QJM/видео.html
Amazing Video with Smooth Process.
Why td-w8980.test.local device level setup is missing in this video ? this device is windows server or a windows client machine ?
Its an accesspoint :)
@@keinechancee5361 Device: rs-w8980.test.local is a windows 10 or windows server device ?
@jay
On which minute did you found that?
The accesspoint is named “TD-W8980”.
The Windows Server is named “TEST-CERT1”
and the windows 10 client is named “Win10”.
test.local is the local domain, so for example “TD-W8980.test.local” is the accesspoint inside the domain and “Win10.test.local” is the Windows 10 Client inside the domain.
Have a nice weekend and greetings
KeineChancee
Any one had problems getting this to work under Server 2K8 R2 with Windows 7 and/or Windows 10 clients? I believe I've followed all the steps clearly. Android mobile clients are authenticated, however my Windows clients keep asking for credentials over and over again. Any suggestions? As an FYI, none of the clients have ever joined the domain, but this is the same for the android devices. So I'm assuming I should not have any problems but I am unfortunately.
Your video is very much detailed, thanks for the efforts and energies invested to create and publish.
You need to install Certificate manually in Win 7. As you can see in the video, Win 10 received the certificate as soon as I authenticated with the credentials.
@@TekNexSolutions Hi, is this approach confirmed? Is their not a way to have the certificate presented to the user automatically? I'm working on a solution to authenticate students via the Wi-Fi, with the accounts managed in AD.
@@TekNexSolutions Much thanks for the response thus far.
So far to my knowledge this is confirmed. However, I can double check with someone who works with Server 2K8. In production (Server 2016), we have the same issue where we have to install certificate manually on Win 7 machines. Fortunately, we have few(1 in 500) machines which fall under this category. If Android devices connect to the Wi-Fi through Radius then there is nothing wrong with the set up you have.
I cannot get this to work with my Fortigate device at all.
I have configured the radius and NPS services by following the same steps but when try to connect Wi-Fi a error showing "unable to connected" kindly guide how to resolve this problem
Check the steps again, must have missed something simple. The guide hasn’t changed for years.
@@TekNexSolutions I checked all the steps from the video and reconfigure radius and NPS but the problem not resolve showing same error message when try to login
Hello! I have configured it as in your video, but it fails to connect to Enterprise WiFi. I entered the credentials and press connect and then it switches back to enter the credentials again? I tried to connect on my PC/laptop/Android device, but it fails on every device. How to fix this issue? Thanks.
Hi Luba,
I would suggest you to go over the video again and check if everything is done according to the video. It seems like you might have missed one or two things. Double check the things like network policy, permissions for AD groups etc.
I see mostly tutorials on how to do authentication with a domain user. Is there a tutorial or an easy way to do this with a certificate by itself? I was reading about TLS authentication, which i think would work. We've got several thousand chromebooks, and a new wifi network we're deploying. I don't really want to have to explain to everyone how to log in. I just want it to be seamless.
darthcircuit I can see where you coming from. In your case, you have to build a Wi-Fi profile and enroll each device to it.
That sounds awful. I guess we'll just stick with PSK for now lol. Thanks :)
Thank you for the very super helpful and detailed guide, I used this today and it was most helpful.
what should i do if i already have DHCP from my firewall
do you have a guide on how to apply captive portal using this?
The Radius server use user and password to sincronize with LDAP?
If I change WPA password into radius password now I not able to connecting what I should do
Can we authenticate users with radius coming as visitor and connect our wifi ?
thank you for sharing this video, how can we create the policy when mobile device user authenticates with ID and password, after admin approval they can get the access. Because when i was created SSID with AD authentication our all employee uses same on mobile devices also and it is not good our security perspective. pls help in this
Create a security group and give that group access to Wi-Fi. End users can log a service request and admins can add them to the security group on the requests basis to give Wi-Fi access.
Hi Jay,
did you use your Wireless Router as Default-Gateway ?
Hamid Chendawoli Yes, for wireless clients.
Hey, Thanks for tutorial. Can I authenticate W-Fi(with certificate integrated) on a win 10 client present in Workgroup?
Or is it a pre-requisite for the client to join a Domain?
Configuration requires either a user or machine authentication. User auth does not require the computer to be domain joined, but machine authentication needs the device to be domain joined.
Its greats. Tks
Have you configured NAT rule in your physical machine to enable connection for Hyper-V?
Using external virtual switch in Hyper-V which is connected to a physical switch.
Your "hech" scratches my brain.
Hi, this is a really great video. I was thinking of applying this a similar concept using username and password only for a College for Students to access resources with their personal machines, and not the domain computers. What would I have to change to make this happen. I'd prefer to not have to use certificates for the students' laptops.
Big Ric Than you. For Radius authentication you supposed to have a CA in action.
It will be user auth for students BYODs and computer auth for domain joined devices.
@@TekNexSolutions Thanks for replying, but let me ask this, is there some issue(s) with Windows 10 clients requiring a certificate and causes problems to connect to these types of public Wi-Fi with RADIUS auth? I can see Android devices not having this issue, I'm asking as I have a college Wi-Fi network to deploy in the fairly distant future and smooth student connectivity is an area of contention for me.
@@hennessy6996 Android, IOS, macOS and Win 10 Client uses the Windows Radius Authentication in a similar fashion. As demonstrated in the video, when you connect the client and it prompts to trust the Certificate from your CA. Once you do that and connection works as it supposed to be. This method is widely deployed in different production environments that I know of personally, we are talking anywhere between 1500 to 60,000 end users.
Have you faced any issues?
@@TekNexSolutions About 9 months ago I tried this and had problems with the Win10 clients requesting credentials repeatedly without ever connecting, I'm picking this up again as I'll have to deploy soon. I'm even thinking of dynamic VLANS with some Aruba Networks switces for wired clients as the existing IT team is very inexperienced. I'll be labbing it out over the next 2 weeks.
@@hennessy6996 I don't see any issues moving forward with this. However, try it in your lab and it should work.
how can i use the same setup but without the users having to enter username and password? Basically only have provided them the certificate to authenticate.
What type of end users and devices we are looking at?
so now, how do you do this with windows domain account..? and once you connect once, having to put in username/password in the wifi connection, after authenticated, do you ever have to do it again?
Device from where you connect should remember the credentials for that specific SSID. So you do not have to provide credentials everytime you connect.
Good job
how can i add another computer to connect the wifi? my laptop can connect coz i followed your steps but i tried add my mate Pc's and didnt work, he cant connect to wifi, i added him to 'Test Computers' and then to group 'Wlan Computers', should i generate another cartificate or something like that?
Which OS your mate's PC has?
@@TekNexSolutions i tied on diffrent laptop and it works fine, so i guess it was problem with the software on something like that, thanks
So is the 'windows server 2016' (the thing on the right in your connection diagram in the beginning of the video) a physical machine connected via Ethernet or can you have this as a virtual one in a virtual box? fyi im a total noob
The way it is implemented it acts as a physical machine. However, it is a virtual machine in Hyper-V connected to a physical switch through External Network Adapter. Wi-Fi modem is connected to the same physical switch.
Same thing can be achieved through Virtual Box as well with understanding of how the virtual network adapters work.
Thanks, first clarification on that on the internet.
Thank you for the tutorial. It's working fine with Dlink Ap and windiws srv 2012 standard. But the issue is not working for non domain pc.... Any help with that please?
Bagga caticoti abdou It should work for the non-domain pc’s. Check the following:
1. Have you tried the same user which you used for the domain joined pc? User has to be in the right group.
2. Try connecting any phone, your phone should connect to the wireless and it will get certificate from your CA.
3. If phone connects fine then re-install Wi-Fi driver on the non-domain join pc.
Let me know how did you go.
Bagga caticoti abdou Also, use fully qualified domain name on the non-domain joined devices. For instance, if your domain is “test.com” and user is “user” then FQDN will be user@domain.com.
Hi Jay Maan
Yes it is working fine with the smartphones but not for the laptops, I jave tried with two different laptops with win 10 installed but it did not work.
I will try reinstalling the driver and check again.
Thank you
Hello Finally it is working,
1- we have to Register NPS server on Active Directory
2-I did not use the wizard to create the policy, I have create it manually and specify the condition as "NAS port Type" and select "IEEE802.11 + Wireless Other"
You don't have to use FQDN just type the username and the password
Thank you again Jay
Bagga caticoti abdou sounds good. I am happy that it is working now.
Hi, I have an issue with the certificate. The user connected just fine and have internet connection. But, the certificate is not showing up.
Hi Zedd,
Sorry somehow I missed your question.
Have you resolved this issue in question?
TekNex Solutions yes I do. I thought the certificate is not showing up. It did on windows 10 . I tested it on older windows beforehand. Anyway, thank you for doing this video. I easily learnt new things here
Hello Jay, We are currently moving from on premis to Azure only Cloud but there are still some resources where users need to access locally. Is there are any way I can integrate my Sonicwall TZ400 VPN to Azure AD so that users can use their Azure AD user credentials for logging into VPN? also we want to integrate Sonicwall Wireless Access Point with this VPN so that laptop users can get connected to Wireless Access Points.
pavan kistampally Hi Pavan, I haven’t worked on TZ400 but just check if it has Azure VPN authentication. If not then you can spin up a VM and configure onsite AD to sync with Azure. Then onsite AD can be added to TZ400. It would be interesting to know what is solution you deploy. Update here if you can.
You are amazing!!
Do you know why Android device connecting the WiFi ask weird question beside the username and password. Question about certificate
Thanks. It is the OS, and it doesn’t pick the security requirements from the Wi-Fi.
Hi, I have a requirement to block company users personal devices via this. Could you please help me here?
Only the company computer can access via the AD user name and password. whenever users bring their own devices like Mobile and laptops we want to block their AD user name password.
We can use AD and Radius for this.
Did you got this done , because i’m facing the same and want only domain joined devices to connect
Hi Jay, Just another question if i plan AD in one server and NPS on another server what is the best practice to install CA?
is it on AD server or NPS server ?
It is recommended to use a dedicated server for CA. Not recommended it to be a DC.
@@TekNexSolutions Hi Jay, in my scenario if i have a resources limitation what would be the best server to install CA . i only have server s for AD and NAS.
I would install CA on NPS Server.
how to bind mac address for the users in AD
i thought this method only allowed known machines to connect . how come you could connect your phone to it?
This is a user based policy not a computer based.
@@TekNexSolutions thanks. I did everything in the tutorial but when i m trying to connect with my phone, the connection screen asks for a CA certificate , there are no options so I choose none, but it just hangs and fails to connect.. any help is appreciated please. Thanks
Dear sir how can i connect multiple wifi routers to the same server? you have configured the only router if i need another router at a different place with the same wifi login what should i do? i tried a lot but i have failed to do it
Depends what type of APs/Routers you have. You might have to add all of them individually as clients in the NPS.
If you have a WLAN controller and you just add the controller as a client in NPS then it dictates the policy to APs.
@@TekNexSolutions i did it but it isn't work.
What is the brand of your APs?
@@TekNexSolutions What is APs stand for
AP - Access Point
Thanks for this demonstration. A research a possibility to have mutiple SSID depending of groups in AD. I think i need multiple radius server on my server (if it's possible) but i'v not yet find a way. If anyone have a idea... thank for it
I've a question.
How can I create username and password for every distinct user? I mean I created a User following your video, but I can connect to internet using this username and password from every device. I want to create distinct username and password for one user only.
Sorry, it took me a while to respond to your comment. Have you solved your issue?
how can your router get dhcp from the server