How to configure the NPS to manage RADIUS authentication with Omada Controller

Omada Software Controller
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device, and check either the Datasheet or the firmware section for the latest improvements added to your product. Please note that product availability varies by region, and certain models may not be available in your region.
NPS on the Windows Server can work as RADIUS Server to manage RADIUS authentication with Omada Controller. As shown below, NPS can perform centralized authentication for wireless connections when acting as a RADIUS Server. This article will introduce you how to configure the NPS on the Windows Server 2012 R2 to work with Omada Controller.
By default, there are no network services in the Windows Server. So we need to add roles manually to implement the corresponding function. Besides NPS, we also need to install Active Directory Domain Services and Active Directory Certificate Services. Only in this way, NPS can authenticate user accounts. Therefore, we will describe it in the following steps:
· Install Active Directory Domain Service
· Install Active Directory Certificate Services
· Install Network Policy and Access services
· Create Group and User
· Configure RADIUS Clients and Network Policies
· Example of the External RADIUS Server.
I. Install Active Directory Domain Services
NPS must be registered in Active Directory so that it has permission to read the dial-in properties of user accounts during the authorization process. So we need to install Active Directory DS and promote it to a domain controller first.
II. Install Active Directory Certificate Services
Besides Active Directory DS, we need to install Active Directory Certificate Services. After installation, it will issue a certificate to Active Directory DC and Windows Server.
Note: If it doesn’t issue the certificate to Windows Server, we need to apply for a certificate for the Windows Server from the CA to ensure SSL encryption.
III. Install Network Policy and Access services
Go to Server Manager to install Network Policy and Access Services. After that, we should register the NPS in Active Directory DS so that it has permission to access user account and information while processing connection requests.
IV. Create Group and User
After installing Active Directory DS, please go to the Active Directory Administrative Center to create a group and add new users to this group. (These users are used to login and access the internet.)
Don’t forget to change the dial-in property to “Control access through Network Policy Server”, to allow users of this group to access the network through the NPS network policy.
V. Configure RADIUS Clients and Network Policies
RADIUS client can create RADIUS access request messages and forward them to the RADIUS server. To configure NPS as a RADIUS server, we must configure RADIUS clients and network policy.
To add the EAP as a client, enter the device’s IP address and give it the friendly name “tplink_nps” and manually enter a “Shared Secret”. The Shared Secret is used to verify that the RADIUS client is allowed to process auth-requests through the RADIUS server.
Note: The Radius Client role is transferred from EAP to Omada Controller since Controller 3.1.4.
To compatible with WPA-Enterprise and portal RADIUS, we should enable “Unencrypted authentication (PAP, SPAP)” when configuring the network policies.
VI. Example of the External RADIUS Server
After installed and configured on the Windows Server, NPS can work as a RADIUS Server. Here we take the External RADIUS Server portal as an example, use NPS to authenticate users who connect to the portal SSID.
· RADIUS Server IP: IP address of the Windows Server;
· RADIUS Port: The default port is 1812;
· RADIUS Password: It is the shared secret that we input the RADIUS Client page.
After configuring the portal, we can connect to the portal SSID, input the username and password, and then we will be able to access the internet.
Looking for More
Questa faq è utile?
Your feedback helps improve this site.
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
Grazie
We appreciate your feedback.
Click here to contact TP-Link technical support.
Recommend Products
Questo sito utilizza i cookies per migliorare l'esperienza di navigazione, analizzare le attività online e offrire agli utenti una migliore user experience. Puoi disattivare o rifiutare il loro utilizzo in qualunque momento. Per maggiori informazioni consulta la nostra privacy policy .
Questo sito utilizza i cookies per migliorare l'esperienza di navigazione, analizzare le attività online e offrire agli utenti una migliore user experience. Puoi disattivare o rifiutare il loro utilizzo in qualunque momento. Per maggiori informazioni consulta la nostra privacy policy .
Basic Cookies
Questi cookies sono necessari per il corretto funzionamento del sito e non possono essere disattivati nel tuo sistema.
TP-Link
SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Zendesk
OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance
Analytics e Marketing Cookies
I cookies analitici ci permettono di analizzare le tue attività sul nostro sito allo scopo di migliorarne le funzionalità.
I marketing cookies possono essere impostati sul nostro sito dai nostri partner pubblicitari allo scopo di creare un profilo di tuo interesse e proporti contenuti pubblicitari rilevanti su altri siti.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au