Securing RADIUS with EAP-TLS [Windows Server 2019]
I (tobor), cover how to set up RADIUS using EAP-TLS machine authentication on Windows Server 2019. (WPA2-Enterprise). If you like what you see please Subscribe!

FORGOT TO MENTION:
Default selected certificate should work. However you may need to set it manually. This can be done by going to "Tools" - "Network Policy Server" - "Policies" - "Network Policies". I called my Network Policy "EAP-TLS". Double click your policy to open it. In the "Constraints Tab" select "Authentication Methods". Under "EAP Types" select "Microsoft: Smart Card or other certificate" and click "EDIT". Select the certificate matching the "Expiration Date" value of your RADIUS Server certificate to ensure you RADIUS Server can successfully authenticate to the clients. Sorry I missed saying that.

FORCE DC REPLICATION TO ACCESS CERT TEMPLATES FASTER :
[ Ссылка ]

ENABLE NPS LOGGING COMMAND:
auditpol /set /subcategory:”Network Policy Server” /success:enable /failure:enable

CREATE RADIUS SERVER CERT: [ Ссылка ](v=ws.11)?redirectedfrom=MSDN

CREATE RADIUS CLIENT CERT: [ Ссылка ](v=ws.11)?redirectedfrom=MSDN


0:00 Intro Summary
1:14 Create Certificate Template for Client and Server Authentication
2:31 Define Cert Template Property Values
4:57 Import Certificate Template to Issue
5:29 Force AD Replication
6:31 Install Network Policy Service (NPS) Role on a Domain Controller (Best Practice)
7:11 Register NPS Server in AD to add it to RAS and IAS Group
8:08 Configure RADIUS Clients
11:25 Create Shared Secret Template
12:33 Configure RADIUS Server Group
17:55 Configure Connection Request Policy
21:26 Configure Network Policies
23:38 RADIUS Standard Attribute Values
26:33 Policy Processing Order
27:06 Configure Accounting
28:17 Configure Group Policy for Certificates
31:52 Configure Group Policy Wireless Profile
37:22 Older Windows OS Possible Issues
38:35 Network Policy Server Service Name
39:02 Thanks for watching!


View my Verified Certifications!
[ Ссылка ]

Follow us on GitHub!
[ Ссылка ]
[ Ссылка ]

Official Site
[ Ссылка ]

Give Respect on HackTheBox!
[ Ссылка ]

Like us on Facebook!
[ Ссылка ]

View PS Gallery Modules!
[ Ссылка ]

The B.T.P.S. Security Package
[ Ссылка ]

свернуть