Securing RADIUS with EAP-TLS [Windows Server 2019]
OsbornePro TV OsbornePro TV
2.27K subscribers
69,700 views
784

 Published On Mar 22, 2021

Securing RADIUS with EAP-TLS [Windows Server 2019]
I (tobor), cover how to set up RADIUS using EAP-TLS machine authentication on Windows Server 2019. (WPA2-Enterprise). If you like what you see please Subscribe!

FORGOT TO MENTION:
Default selected certificate should work. However you may need to set it manually. This can be done by going to "Tools" - "Network Policy Server" - "Policies" - "Network Policies". I called my Network Policy "EAP-TLS". Double click your policy to open it. In the "Constraints Tab" select "Authentication Methods". Under "EAP Types" select "Microsoft: Smart Card or other certificate" and click "EDIT". Select the certificate matching the "Expiration Date" value of your RADIUS Server certificate to ensure you RADIUS Server can successfully authenticate to the clients. Sorry I missed saying that.

FORCE DC REPLICATION TO ACCESS CERT TEMPLATES FASTER :
https://github.com/tobor88/PowerShell...

ENABLE NPS LOGGING COMMAND:
auditpol /set /subcategory:”Network Policy Server” /success:enable /failure:enable

CREATE RADIUS SERVER CERT: https://docs.microsoft.com/en-us/prev...

CREATE RADIUS CLIENT CERT: https://docs.microsoft.com/en-us/prev...


0:00 Intro Summary
1:14 Create Certificate Template for Client and Server Authentication
2:31 Define Cert Template Property Values
4:57 Import Certificate Template to Issue
5:29 Force AD Replication
6:31 Install Network Policy Service (NPS) Role on a Domain Controller (Best Practice)
7:11 Register NPS Server in AD to add it to RAS and IAS Group
8:08 Configure RADIUS Clients
11:25 Create Shared Secret Template
12:33 Configure RADIUS Server Group
17:55 Configure Connection Request Policy
21:26 Configure Network Policies
23:38 RADIUS Standard Attribute Values
26:33 Policy Processing Order
27:06 Configure Accounting
28:17 Configure Group Policy for Certificates
31:52 Configure Group Policy Wireless Profile
37:22 Older Windows OS Possible Issues
38:35 Network Policy Server Service Name
39:02 Thanks for watching!


View my Verified Certifications!
https://www.credly.com/users/robertho...

Follow us on GitHub!
https://github.com/tobor88
https://github.com/OsbornePro

Official Site
https://osbornepro.com/

Give Respect on HackTheBox!
https://www.hackthebox.eu/profile/52286

Like us on Facebook!
  / osborneprollc  

View PS Gallery Modules!
https://www.powershellgallery.com/pro...

The B.T.P.S. Security Package
https://btpssecpack.osbornepro.com/

show more

Share/Embed

Up next