Windows 7 / Networking

Authentication Infrastructure

The authentication infrastructure exists to:

  • Authenticate the credentials of wireless clients
  • Authorize the wireless connection
  • Inform wireless APs of wireless connection restrictions
  • Record the wireless connection creation and termination for accounting purposes

The authentication infrastructure for protected wireless connections consists of:

  • Wireless APs
  • RADIUS servers
  • Active Directory domain controllers
  • Issuing CAs of a PKI (optional)

If you are using a Windows domain as the user account database for verification of user or computer credentials and for obtaining dial-in properties, use Network Policy Server (NPS) in Windows Server 2008. NPS is a full-featured RADIUS server and proxy that is tightly integrated with Active Directory.

NPS performs the authentication of the wireless connection by communicating with a domain controller over a protected remote procedure call (RPC) channel. NPS performs authorization of the connection attempt through the dial-in properties of the user or computer account and network policies configured on the NPS server.

By default, NPS logs all RADIUS accounting information in a local log file (%SystemRoot%\System32\Logfiles\Logfile.log by default) based on settings configured in the properties dialog box of the Local File Logging object in the Accounting node in the Network Policy Server snap-in.

Uses for Authentication Infrastructure

Best practices to follow for the authentication infrastructure are the following:

  • To better manage authorization for wireless connections, create a universal group in Active Directory for wireless access that contains global groups for the user and computer accounts that are allowed to make wireless connections. For example, create a universal group named WirelessAccounts that contains the global groups based on your organization's regions or departments. Each global group contains allowed user and computer accounts for wireless access. When you configure your network policy for wireless connections, specify the WirelessAccounts group name.
  • Use the NPS New Network Policy wizard to create a wireless-specific network policy to authorize wireless connections and specify connection constraints and requirements. For example, create a wireless network policy to grant access based on group membership and to require a specific authentication method.
[Previous] [Contents] [Next]

In this tutorial:

  1. IEEE 802.11 Wireless Networks
  2. Support for IEEE 802.11 Standards
  3. Wireless Security
  4. WPA
  5. Planning and Design Considerations
  6. Wireless Authentication Modes
  7. Intranet Infrastructure
  8. Wireless AP Placement
  9. Authentication Infrastructure
  10. Wireless Clients
  11. Windows Vista Wireless Policy
  12. Windows XP Wireless Policy
  13. Command-Line Configuration
  14. PKI
  15. 802.1X Enforcement with NAP
  16. Deploying Protected Wireless Access
  17. Configuring Active Directory for Accounts and Groups
  18. Deploying Wireless APs
  19. Configuring Wireless Clients
  20. Configuring and Deploying Wireless Profiles
  21. Maintenance for a Protected Wireless
  22. Troubleshooting Wireless Connections
  23. Network Diagnostics Framework Support for Wireless Connections
  24. Wireless Diagnostics Tracing
  25. NPS Event Logging
  26. Troubleshooting the Windows Wireless Client
  27. Troubleshooting the Wireless AP
  28. Common Wireless AP Problems
  29. Troubleshooting the Authentication Infrastructure
  30. Troubleshooting Certificate-Based Validation
  31. Troubleshooting Password-Based Validation