Radius Client IP Address when setting up Wifi with WPA2 Enterprise?

Jeff Kranenburg asked:

I have taken over a server setup (as part of my job) which is setup of the following:

  1. Server setup with Threat Management Gateway (serving as the firewall) – 192.168.1.1
  2. Server with Domain Controller Role – 192.168.1.10
  3. Server with Radius and NAP Roles – 192.168.1.22

I have looked at a few tutorial to setup a Wireless Network using the 802.1x authentication.
When going through the process of setting up the Radius Client I need to provide an IP Address.

enter image description here

Most (because I have not seen every single tutorial or help file) of the tutorials links this to a Cisco interface, but I do not and I am a bit stuck for what to put in there.

Do I need to

  1. put in the IP of the Radius Server or
  2. put in the IP of the Domain Controller – since that is where the Active Directory lives?

This as far as I can tell seems to be the place where the pickup is in the my setup to authenticate users. I get this message on a Mac OS.

enter image description here

My answer:


The terminology surrounding remote access and RADIUS can be confusing the first time you run into it.

In short:

The user sends credentials to a remote access server (network access server). This is your wireless access point. (For wired networks, the authentication is usually by MAC address.)

The AP then acts as a RADIUS client, and passes the credentials to the RADIUS server for authentication and authorization. (For wired networks, the switch serves as the RADIUS client.) Network Policy Server functions as a RADIUS server in Windows. Linux systems usually use FreeRADIUS.

If the user is authenticated (their username and password match) and authorized (they’re allowed to be talking to the network at all) then the RADIUS client also sends accounting information (when they logged in and for how long).


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.