1. Add valid certificate to MMC, Local computer, Personal, Certificates. Cert should be signed, valid and probably not wildcard!
Intermediate cert shoud be placed in correct folders ( Trusted Root CA, etc. )
Remember to have imported SSL With private key. If it is without private key, do:
Get cert serial number from itself,
at cmd: certutil -repairstore my „SerialNumber„ (https://support.microsoft.com/en-us/kb/889651)
2. Configure Windows 2008 R2 RADIUS
Add radius client: Enable, Friendly name: Unify_AP_01 IP: 172.16.0.11, Secret: P@ssw0rd,
4. Create new network policy:
Overviev: Enabled, Grant Access, Ignore User account, Type of network: unspecified.
Conditions: Nas port type: Wirewless IEEE 802.11 _ OR _ Witreless – Other
Windows Group: Domain\Wireless Users
Client Friendly Name: Unify_AP_*
Constraints:
Authentication method: Microsoft: Protected EAP (PEAP)
Edit it, select cert from point 1, Enable fast reconnect, Leave only Secured password (EAP-MSCHAP-2)
Ok, back to auth methods,
Leave 2 first checkboxes ( MSCAHP-2, User can change expired pass )
And configure Unify:
Settings ->WLAN Group -> Your WLAN
Set IP of Your RADIUS, password from first screen. WPA-Enterprise
IP, port 1812, P@ssw0rd
Radius1: IP, port 1813, P@ssw0rd
Done.