HP MSM Controller – Using RADIUS With Windows Server

KB ID 0000922 

Problem

I’m very disappointed with HP, theres next to no information on how to do this. My plan was to secure wireless access with certificates, so only clients with a valid digital certificate could authenticate and connect to the wireless. After spending nearly a whole day on the phone to various technical support departments at HP, this remained an impossible requirement!

In the end, as the client only had a few laptops for wireless access, we had to set NPS to allow access to domain users, then filter the devices that were allowed on the MSM controller via MAC address.

Solution

1. Launch Server Manager (Servermanager.msc) Roles > Add Roles > Network Policy and Access Services > Next.

Network Policy and Access Services

2. Accept the defaults, but on the Role Services page select ‘Network Policy Server’.

Install Network Policy Server

3. Expand Network Policy and Access Services > Right click NPS (Local) > Register in Active Directory > Accept the defaults.

Register NPS in AD

4. Expand RADIUS Client and Servers > RADIUS Clients > New.

New RADIUS Client

5. Specify a name > The IP address of the MSM controller > type in a shared secret and confirm it (this can be anything but remember it, as you need to enter it on the controller later > OK.

RADIUS Client HP MSM

6. Expand Policies > Network Policies > New.

New NPS Network Policy

7. Give it a name > Next.

NPS Wireless Policy

8. Add in Windows Groups and select the user group you wish to grant access to > OK > Add > Next.

RADIUS Domain Users

9. Add in ‘Microsoft Protected EAP (PEAP)’ > OK > Next.

HP MSM PEAP

10. Move your newly created policy to the top.

NPS Network Policies HP MSM

11. Now create a new ‘Connection Request Policy’.

Connection Request Policies MSM

12. Add in NAS Port Type > Select Ethernet and Wireless – IEEE 802.11 > OK > Next.

NAS Port Type

13. Move your new policy to the top.

connection request policies

14. Log into the MSM > Home > Authentication > RADIUS Profiles > Add New Profile.

MSM Setup RADIUS

15. Give the policy a name > Enter the IP address of the NPS server > Then type in the shared secret, (you created in step 5.) > Save.

msm radius profile

16. On the VSC for the wireless network you want to enable RADIUS for > Set Wireless protection to WPA > Mode to WPA2 (AES/CCMP) > Key source to Dynamic > Your RADIUS profile should be added automatically > Save.

vsc with radius

 

Related Articles, References, Credits, or External Links

NA

 

Author: Migrated

Share This Post On