Add the Network Access Server as a RADIUS Client in NPS

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Use this procedure to add a network access server as a RADIUS client in NPS. You can use this procedure to configure a network access server (NAS) as a RADIUS client by using the NPS console.

Important

Client computers, such as wireless portable computers and other computers running client operating systems, are not RADIUS clients. RADIUS clients are network access servers—such as wireless access points, 802.1X-capable switches, virtual private network (VPN) servers, and dial-up servers—because they use the RADIUS protocol to communicate with RADIUS servers such as Network Policy Server (NPS) servers.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group.

To add a network access server as a RADIUS client in NPS

  1. On the NPS server, click Start, click Administrative Tools, and then click Network Policy Server. The NPS console opens.

  2. In the NPS console, double-click RADIUS Clients and Servers. Right-click RADIUS Clients, and then click New RADIUS Client.

  3. In New RADIUS Client, verify that the Enable this RADIUS client check box is selected.

  4. In New RADIUS Client, in Friendly name, type a display name for the NAS. In Address (IP or DNS), type the NAS IP address or fully qualified domain name (FQDN). If you enter the FQDN, click Verify if you want to verify that the name is correct and maps to a valid IP address.

  5. In New RADIUS Client, in Vendor, specify the NAS manufacturer name. If you are not sure of the NAS manufacturer name, select RADIUS standard.

  6. In New RADIUS Client, in Shared secret, do one of the following:

    • Ensure that Manual is selected, and then in Shared secret, type the strong password that is also entered on the NAS. Retype the shared secret in Confirm shared secret.

    • Select Generate, and then click Generate to automatically generate a shared secret. Save the generated shared secret for configuration on the NAS so that it can communicate with the NPS server.

  7. In New RADIUS Client, in Additional Options, if you are using any authentication methods other than EAP and PEAP, and if your NAS supports use of the message authenticator attribute, select Access Request messages must contain the Message Authenticator attribute.

  8. In New RADIUS Client, in Additional Options, if you plan on deploying Network Access Protection (NAP) and your NAS supports NAP, select RADIUS client is NAP-capable.

  9. Click OK. Your NAS appears in the list of RADIUS clients configured on the NPS server.