This instruction applies to the [Printer name from domain; PEAP with EAP-TLS] authentication method. The authentication method refers to the method you selected on PRISMAsync Print Server.
The instructions below refer to Windows Server 2016. Other systems may need other configuration. See the vendor documentation for complete instructions.
These configurations have been done.
Configure IEEE 802.1X on the authentication server (phase 1)
Configure IEEE 802.1X on the authenticator
Configure IEEE 802.1X on PRISMAsync Print Server
Perform the instructions in the order they are listed.
In [Server Manager] click [Tools].
[Server Manager] optionsOpen the [Active Directory Users and Computers] console.
Right-click the domain name, click [New]. Then click [Group].
Enter a name for the group.
New groupSelect [Global] in the [Group scope] option group.
Select [Security] in the [Group type] option group.
Click [OK].
In [Server Manager], click [Tools].
[Server Manager] optionsOpen the [Active Directory Users and Computers] console.
Open the domain entries.
Right-click [Users].
Click [New]. Then click [User].
Enter the username field. Then click [Next].
The [Subject alternative name 1], [Subject alternative name 2] or [Subject alternative name 3] field of the PRISMAsync Print Server identity certificate contains the username written as UPN name (Internet-style name, such as: username@example.com) or as Fully Qualified Domain Name (FQDN) name, such as: username.example.com. Here you enter the username part of the UPN or FQDN.
New userClick [Finish].
New userWhen the user is added, right-click the user. Then click [Properties].
Click the [Member Of] tab and click [Add...] to add the group you created in instruction 1.
New userClick the [Dial-in] tab.
[Dial-in] tabSelect [Control access through NPS Network Policy] in the [Network Access Permission] option group.
Click [OK].
Network Policy Server (NPS) uses network policies and the dial-in properties of user accounts to determine whether a connection request is authorized to connect to the network.
In [Server Manager] click [Tools].
[Server Manager] optionsOpen the [NPS] console.
Open the [Policies] directory.
Right-click [Network Policies]. Then click [New]. The [New Network Policy] wizard opens.
Enter a policy name.
[Network Policies] wizardEnsure [Unspecified] is selected in the [Type of network access server] option.
Click [Next].
On the [Specify Conditions] page, select [Windows Groups]. Then click [Add...].
[Network Policies] wizardSelect the group you created in instruction 1.
[Network Policies] wizardClick [OK] to close the [Select Group] dialog box.
Click [Next].
[Network Policies] wizardOn the [Specify Access Permission] page, select [Access granted].
[Network Policies] wizardClick [Next].
On the [Configure Authentication Methods] page, click [Add...].
From the [Authentication methods] list, select [Microsoft: Protected EAP (PEAP)]. Then click [OK].
[Network Policies] wizardSelect [Microsoft: Protected EAP (PEAP)] and click [Edit].
[Network Policies] wizardIn the [Edit Protected EAP properties] dialog box, select the Identity certificate of the RADIUS server. This certificate refers to the trusted certificate available on PRISMAsync Print Server.
[Network Policies] wizardFrom the [Eap Types] list, select [Smart Card or other certificate].
When the entry is not in the list, first add it to the list.
Click [Edit] to check if the Identity certificate of the RADIUS server is selected.
Click [OK] to close the [Edit Protected EAP Properties] dialog box.
Clear the [Less secure authentication methods] check boxes that refer to authentication methods you do not want to use.
[Network Policies] wizardClick [Next].
On the [Configure Constraints] page, click [Next].
[Network Policies] wizardOn the [Configure settings] page, click [Next].
[Network Policies] wizardOn the [Completing New Network Policy ] page, click [Finish].
[Network Policies] wizard