UBIQUITY Unifi, Windows 2008R2 RADIUS + SSL Setup – Integration

1. Add valid certificate to MMC, Local computer, Personal, Certificates. Cert should be signed, valid and probably not wildcard!

Intermediate cert shoud be placed in correct folders ( Trusted Root CA, etc. )
Remember to have imported SSL With private key. If it is without private key, do:

Get cert serial number from itself,
at cmd: certutil -repairstore my „SerialNumber (https://support.microsoft.com/en-us/kb/889651)

2. Configure Windows 2008 R2 RADIUS

Add radius client: Enable, Friendly name: Unify_AP_01  IP: 172.16.0.11, Secret: P@ssw0rd,

4. Create new network policy:

Overviev: Enabled, Grant Access, Ignore User account, Type of network: unspecified.
Conditions: Nas port type: Wirewless IEEE 802.11 _ OR _ Witreless – Other
Windows Group: Domain\Wireless Users
Client Friendly Name: Unify_AP_*
Constraints:
Authentication method: Microsoft: Protected EAP (PEAP)
Edit it, select cert from point 1, Enable fast reconnect, Leave only Secured password (EAP-MSCHAP-2)
Ok, back to auth methods,
Leave 2 first checkboxes ( MSCAHP-2, User can change expired pass )

And configure Unify:

Settings ->WLAN Group -> Your WLAN

Set IP of Your RADIUS, password from first screen. WPA-Enterprise
IP, port 1812, P@ssw0rd
Radius1: IP, port 1813, P@ssw0rd

Done.