This instruction applies to the [Printer name from domain; EAP-TLS] authentication method. The authentication method refers to the method you selected on PRISMAsync Print Server.
The instructions below refer to Windows Server 2016. Other systems may need other configuration. See the vendor documentation for complete instructions.
These configurations have been done.
Configure IEEE 802.1X on the authentication server (phase 1)
Configure IEEE 802.1X on the authenticator
Configure IEEE 802.1X on PRISMAsync Print Server
Perform the instructions in the order they are listed.
In [Server Manager] click [Tools].
[Server Manager] optionsOpen the [Active Directory Users and Computers] console.
Right-click the domain name, click [New]. Then click [Group].
Enter a name for the group.
New groupSelect [Global] in the [Group scope] option group.
Select [Security] in the [Group type] option group.
Click [OK].
In [Server Manager], click [Tools].
[Server Manager] optionsOpen the [Active Directory Users and Computers] console.
Expand the domain entries.
Right-click [Computers].
Click [New]. Then, click [Computer].
Enter the hostname of the printer.
DNS uses the hostname and appends the DNS domain hierarchy to that name to create the FQDN name.
Find the hostname on the Identity certificate of PRISMA Print Server.
The [Subject alternative name 1], [Subject alternative name 2] or [Subject alternative name 3] field contains the contents of the [Common name] field. This is the Fully Qualified Domain Name (FQDN) printer name, such as: hostname.example.net. Here you enter the hostname part of the FQDN.
New computerClick [OK].
When the printer name is added, right-click the name. Then click [Properties].
Click the [Member Of] tab and select the group you created in instruction 1.
Select groupClick the [Dial-in] tab.
In the [Network Access Permission] option group, select [Control access through NPS Network Policy].
[Dial-in] optionsClick [OK].
Open the ADSI Edit editor.
ADSI Edit editorBrowse to the CN=Computers directory.
Right-click the printer name and click [Properties].
Select [servicePrincipalName] and click [Edit].
Enter the printer name according to this format: host/<hostname>.<DNS domain hierarchy> . For example: host/PRISMAprinter.ft5.cppvenlo.cpp.net.
Click [OK].
In [Server Manager], click [Tools].
[Server Manager] optionsOpen the [Active Directory Users and Computers] console.
Open the [Policies] directory.
Right-click [Network Policies]. Then click [New] to open the [New Network Policy] wizard.
Enter a policy name.
[New Network Policy] wizardEnsure [Unspecified] is selected in the [Type of network access server] option.
Click [Next].
On the [Specify Conditions] page, click [Add...]. Then select [Machine Groups].
[New Network Policy] wizardClick [Add...] to add and select the group you created in instruction 1.
[New Network Policy] wizardClick [OK] to close the [Select Group] dialog box.
Click [Next].
[New Network Policy] wizardOn the [Specify Access Permission] page, select [Access granted].
[New Network Policy] wizardClick [Next].
On the [Configure Authentication Methods] page, click [Add...]].
[New Network Policy] wizardIn the [Add EAP] dialog box, select [Microsoft: Smart Card or other certificate].
Click [OK].
[New Network Policy] wizardFrom the [EAP Types] list, select [Microsoft: Smart Card or other certificate]. Then, click [Edit].
In the [Smart Card or other Certificate Properties] dialog box, select the Identity certificate of the RADIUS server. This certificate refers to the trusted certificate available on PRISMAsync Print Server.
[New Network Policy] wizardClick [OK].
Clear the [Less secure authentication methods] check boxes that refer to authentication methods you do not want to use.
[New Network Policy] wizardClick [Next].
On the [Configure Constraints] page, click [Next].
[New Network Policy] wizardOn the [Configure settings] page, click [Next].
[New Network Policy] wizardOn the [Completing New Network Policy ] page, click [Finish].
[New Network Policy] wizard