Monday, March 3, 2025
Latest:
NETWORK ADMINISTRATIONSWindows server

Securing RADIUS with EAP-TLS (WPA2-Enterprise) [Windows Server 2019]

Alice AUSTIN

I (tobor), cover how to set up RADIUS using EAP-TLS machine authentication on Windows Server 2019. (WPA2-Enterprise)

FORGOT TO MENTION:
Default selected certificate should work. However you may need to set it manually. This can be done by going to “Tools” – “Network Policy Server” – “Policies” – “Network Policies”. I called my Network Policy “EAP-TLS”. Double click your policy to open it. In the “Constraints Tab” select “Authentication Methods”. Under “EAP Types” select “Microsoft: Smart Card or other certificate” and click “EDIT”. Select the certificate matching the “Expiration Date” value of your RADIUS Server certificate to ensure you RADIUS Server can successfully authenticate to the clients. Sorry I missed saying that.

FORCE DC REPLICATION TO ACCESS CERT TEMPLATES FASTER :
https://github.com/tobor88/PowerShell/blob/master/Invoke-DCReplication.ps1

ENABLE NPS LOGGING COMMAND:
auditpol /set /subcategory:”Network Policy Server” /success:enable /failure:enable

CREATE RADIUS SERVER CERT: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731363(v=ws.11)?redirectedfrom=MSDN

CREATE RADIUS CLIENT CERT: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754198(v=ws.11)?redirectedfrom=MSDN

0:00 Intro Summary
1:14 Create Certificate Template for Client and Server Authentication
2:31 Define Cert Template Property Values
4:57 Import Certificate Template to Issue
5:29 Force AD Replication
6:31 Install Network Policy Service (NPS) Role on a Domain Controller (Best Practice)
7:11 Register NPS Server in AD to add it to RAS and IAS Group
8:08 Configure RADIUS Clients
11:25 Create Shared Secret Template
12:33 Configure RADIUS Server Group
17:55 Configure Connection Request Policy
21:26 Configure Network Policies
23:38 RADIUS Standard Attribute Values
26:33 Policy Processing Order
27:06 Configure Accounting
28:17 Configure Group Policy for Certificates
31:52 Configure Group Policy Wireless Profile
37:22 Older Windows OS Possible Issues
38:35 Network Policy Server Service Name
39:02 Thanks for watching!

View my Verified Certifications!
https://www.youracclaim.com/users/roberthosborne/badges

Follow us on GitHub!
https://github.com/tobor88
https://github.com/OsbornePro

Read our blogs!
https://roberthosborne.com/

Give Respect on HackTheBox!
https://www.hackthebox.eu/profile/52286

Like us on Facebook!
https://www.facebook.com/osborneprollc

View PS Gallery Modules!
https://www.powershellgallery.com/profiles/tobor

The B.T.P.S. Security Package
https://www.btps-secpack.com/

source

windows server

Alice AUSTIN

Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

You May Also Like

How to prevent network outages caused by renewal of DHCP leasing?

Ubuntu Dev Environment LAMP with .Local domain setup | Ubuntu 20.04 | 21.04

Ejemplos de Openstack – Instalar CentOS 7

Leave a Reply

Your email address will not be published. Required fields are marked *