Configure RADIUS Server Authentication with Active Directory for Wireless Users
Before you configure your Firebox to use your Active Directory and RADIUS servers to authenticate wireless users, make sure that the settings described in this section are configured on your RADIUS and Active Directory servers. Windows Server 2016 and 2012 R2 are the supported RADIUS server platforms.
For complete instructions to configure your RADIUS server or Active Directory server, see the vendor documentation for each server.
Configure NPS for Windows Server 2016 or 2012 R2
- In Windows Server Manager, make sure NPS is installed with a Network Policy and Access Service role that uses the Network Policy Server role service.
- Add a New Radius Client to NPS that includes the IP address of your Firebox, uses the RADIUS Standard vendor, and set a manual shared secret for the RADIUS client and Firebox.
- Add a network policy with these settings:
- Select the Active Directory user group that includes the wireless users you want to authenticate.
- Specify Access granted as the access permissions for the policy, and do not specify an EAP type.
- Add the attribute Filter-ID to the policy and specify the wireless user groups as the value. Make sure to remove Framed Protocol and Service-Type from the Attributes list.
Configure Active Directory Settings
When you configure these settings for your Active Directory server, you enable your RADIUS server to contact your Active Directory server for the user credentials and group information stored in your Active Directory database.
- In Active Directory Users and Computers on your Active Directory server, make sure that the remote access permissions are configured to Allow access to users.
- Register NPS or IAS to your Active Directory server.
About RADIUS Single Sign-On
In Fireware v11.11 and higher, you can use RADIUS Single Sign-On for wireless clients when you use WPA and WPA2 Enterprise authentication. For more information on RADIUS Single Sign-On, see About RADIUS Single Sign-on.