This instruction applies to the [MS-CHAP-V2 username; PEAP with EAP-MS-CHAP v2] authentication method. The authentication method refers to the method you selected on PRISMAsync Print Server.
The instructions below refer to Windows Server 2016. Other systems may need other configuration. See the vendor documentation for complete instructions.
These configurations have been done.
Configure IEEE 802.1X on the authentication server (phase 1)
Configure IEEE 802.1X on the authenticator
Configure IEEE 802.1X on PRISMAsync Print Server
Perform the instructions in the order they are listed.
In [Server Manager] click [Tools].
[Server Manager] optionsOpen the [Active Directory Users and Computers] console.
Right-click the domain name, click [New]. Then click [Group].
Enter a name for the group.
New groupSelect [Global] in the [Group scope] option group.
Select [Security] in the [Group type] option group.
Click [OK].
In [Server Manager], click [Tools].
[Server Manager] optionsOpen the [Active Directory Users and Computers] console.
Expand the domain entries.
Right-click [Users].
Click [New]. Then click [User].
Enter the name of the [MS-CHAP-V2 username] field on PRISMAsync Print Server. Then click [Next].
New userEnter the password of the [MS-CHAP-V2 password] field on PRISMAsync Print Server. Then click [Next].
New userClick [Finish].
New userWhen the user is added, right-click the user. Then click [Properties].
Click the [Member Of] tab and click [Add...] to add the group you created in instruction 1.
New userClick the [Dial-in] tab.
[Dial-in] tabSelect [Control access through NPS Network Policy] in the [Network Access Permission] option group.
Click [OK].
In [Server Manager], click [Tools].
[Server Manager] optionsOpen the [NPS] console.
Open the [Policies] directory.
Right-click [Network Policies]. Then click [New] to open the [New Network Policy] wizard.
Enter a policy name.
[Network Policies] wizardEnsure [Unspecified] is selected in the [Type of network access server] option.
Click [Next].
On the [Specify Conditions] page, select [Windows Groups]. Then click [Add...].
[Network Policies] wizardSelect the group you created in instruction 1.
[Network Policies] wizardClick [OK] to close the [Select Group] dialog box.
Click [Next].
[Network Policies] wizardOn the [Specify Access Permission] page, select [Access granted].
[Network Policies] wizardClick [Next].
On the [Configure Authentication Methods] page, click [Add...]].
[Network Policies] wizardFrom the [Authentication methods] list, select [Microsoft: Protected EAP (PEAP)]. Then click [OK].
Select [Microsoft: Protected EAP (PEAP)] and click [Edit].
[Network Policies] wizardIn the [Edit Protected EAP properties] dialog box, select the Identity certificate of the RADIUS server. This certificate refers to the trusted CA certificate available on PRISMAsync Print Server.
[Network Policies] wizardFrom the [Eap Types] list, select [Secured password (EAP-MSCHAP v2)].
When the entry is not in the list, first add it to the list.
Click [OK] to close the [Edit Protected EAP properties] dialog box.
Click [Next].
[Network Policies] wizardOn the [Configure Constraints page], click [Next].
[Network Policies] wizardOn the [Configure settings] page, click [Next].
[Network Policies] wizardOn the [Completing New Network Policy ] page, click [Finish].
[Network Policies] wizard