Guide: How to setup a RADIUS Server on Windows Server 2012 R2

In this guide, I will explain how to set up a RADIUS server on Windows Server 2012 R2 and get it to work with a wireless access point for authentication with Active Directory.

Remote Authentication Dial-In User Service, RADIUS is a network protocol that’s designed to centralize authentication and administration for users to connect and use a network.

How to install and configure?

In this guide, I assume that you have a basic understanding of Windows Server and already have Active Directory installed.

Begin by opening the Server Manager and click “Manage”, then “Add Roles and Features”.
Install “Network Policy and Access Services” and select NPS (Network Policy Server).
Install “Active Directory Certificate Services” and select “Certification Authority”.
After installation, you must configure the “AD CS – Certification Authority”:

The next thing to do is to request a Certificate that will be “pushed” out to the users connecting to the network.
Start MMC (Microsoft Management Console) by searching for MMC in the Start menu and do the following:

Now that you’ve requested a certificate, it is time to configure the RADIUS server.
Begin by opening the “Network Policy Server” and do the following:

What remains now is to configure your Wireless Access Point.
I am using DD-WRT router firmware.

I am using DD-WRT router firmware.

Under Wireless security settings on your router, you must choose WPA2 Enterprise and WPA Algorithms: AES. Then you need to fill in the IP address of the RADIUS server (default port is 1812) and your “Shared Secret”.
Now that you’ve done all this, you are now able to connect to your wireless network with a user from Active Directory. If you run into problems, you may want to check the “Event Viewer” where you can see any error messages coming from the Network Policy Server.

Leave a Reply