Windows RADIUS Server 2019 Configuration:

• Install and set up Windows Server 2019.
• Install Active Directory Domain Services (ADDS) to configure the new domain.
• Install Certificate Authorities (CA) with Active Directory Certificate Services (ADCS).
• Install NPS ( Network Policy Server).
• Configure Certificate Authorities (CA), i.e., Active Directory Certificate Services (ADCS) for Certificates.
• Configure NPS ( Network Policy Server) for the authentication protocol.
• Configure
• Define Network policies for users/devices.
• Configure Access Point.
• Set up zero clients, and select 1x authentication.
• Configure Wireless Connection Request.

Install and Configure AD DS:

• Navigate to Windows Server 2019.
• Click Start.
• Click Server Manager.
• Navigate to Role Summary.
• Click Add Roles and Features.
• Select Role-based or Feature-based installation.
• Navigate to the Before You Begin page and click
• Navigate to the Select Server Roles page.
• Select the Active Directory Domain Services.
• Click Next.
• Click Install on the Confirm Installation Selections.
• Navigate to the Installation Results page and click Close.

Install AD CS and NPS:

• Navigate to Server Manager.
• Select Roles and Click Add Roles.
• Click Next on the Before you Begin page.
• Select Active Directory Certificate Services(AD CS) and Network Policy and Access Services.
• Click Next.
• Click Next on Network Policy and Access Services
• Navigate to Role Services and select Network Policy Server.
• Click Next.
• Select Create a self-signed certificate for SSL encryption and click Next.
• Click Next on the Introduction to Active Directory Certificate Services
• Select Certification Authority on the Select Role Services page and click
• Select Enterprise on Specify Setup Page and Click Next.
• Select Root CA on Specify CA Type Page and Click Next.
• Select Create a new private key on the Set Up Private Key Page and Click Next.
• Click Next on Configure Cryptography for CA.
• Enter details on Configure CA Name page and click Next.
• Enter the validity period on the Set Validity Period page and click Next.
• Click Next on Configure Certificate Database 
• Click Next on the Web Server (IIS) 
• Click Next on the Select Role Services 
• Click Install on the Confirm Installation Selection 
• Click Close.

Now the AD CS (Active Directory Certificate Services), Web Server (IIS), and NPS are installed successfully.

Configure NPS (Network Policy Server) and RADIUS authentication.

• Click on the Start button and select Administrative tools.
• Click NPS on the Network Policy Server.
• Select Register Server in Active Directory and click OK.
• Click
• On the NPS (Local) page, select RADIUS server for 802.1x Wireless or Wired Connections.
• Click Configure 802.1x.
• Select Secure Wireless connections on the Configure 802.1x 
• Type Name and click Next.
• Add RADIUS clients on the Configure 802.1xpage and click Next.
• Type the following details on the New RADIUS Client page.
  • Name
  • IP Address
  • Shared Secret (Manual)
• Click OK and click Next.
• Select Microsoft Protected EAP (PEAP)on the Configure 802.1x
• Click Configure.
• Select Secured password on the Edit Protected EAP Properties page and click
• Enter the Number of authentication retries and click OK and click
• Select Groups and click Next.
• Click Next again and click Finish.
• Restart NPS again.

Define Network Policies for users/devices.

• Navigate to the NPS console and click NPS (local).
• Click and expand Policies.
• Select Network Policies.
• Click New.
• Enter a Policy Name.
• Select the Type of Network Access Server to Unspecified while using Netscaler or RCdevs OpenLDAP while using OTP.
• Click Add in Specify Conditions
• Select Windows Groups and click Add.
• Click Add Groups and click OK.
• Select NAS Identifier in the Select Conditions
• Enter a Name and select Next to continue.
• Select Access Granted in Specify Access Permission
• Under Configure Authentication Method, select MS-CHAP v2for maximum security.
• Click
• Select RADIUS attributes as Standard in Configure Settings.
• Click
• Enter the attribute value in String and click OK.
• Click Next and click Finish.

Configure the Server Certificate Template

While configuring this template, you can specify the servers by Active Directory group that should automatically receive a server certificate from AD CS.

The procedure below includes instructions for configuring the template to issue certificates to all of the following server types:

• Servers that are running the Remote Access service, including RAS Gateway servers, that are members of the RAS and IAS Servers
• Servers that are running the Network Policy Server (NPS) service that are members of the RAS and IAS Servers

Membership in both the Enterprise Admins and the root domain’s Domain Admins group is the minimum required to complete this procedure.

To configure the certificate template

1. On CA1, in Server Manager, click Tools, and then click Certification Authority. The Certification Authority Microsoft Management Console (MMC) opens.
2. In the MMC, double-click the CA name, right-click Certificate Templates, and then click Manage.
3. The Certificate Templates console opens. All of the certificate templates are displayed in the details pane.
4. In the details pane, click the RAS and IAS Server
5. Click the Action menu, and then click Duplicate Template. The template Properties dialog box opens.
6. Click the Security
7. On the Security tab, in Group or user names, click RAS and IAS servers.
8. In Permissions for RAS and IAS servers, under Allow, ensure that Enroll is selected, and then select the Auto enroll check box. Click OK, and close the Certificate Templates MMC.
9. In the Certification Authority MMC, click Certificate Templates. On the Action menu, point to New, and then click Certificate Template to Issue. The Enable Certificate Templates dialog box opens.
10. In Enable Certificate Templates, click the name of the certificate template that you just configured, and then click OK. For example, if you did not change the default certificate template name, click Copy of RAS and IAS Server, and then click OK.