In this guide we will setup a wireless network base on WPA2-Enterprise .
The hardware that we’ll use are Unifi APs with relative software controller and a Microsoft AD with NPS installed.
- Create a SelfSign certificate
- Add and configure NPS /Radius on our Windows 2019
- Create a Radius profile on your Unifi controller
- Configure the NPS and APs
- Create a WiFi network with WPA2-Ent
1)Create a Self-sign certificate for your WPA2-Ent
1 2 3 4 5 6 7 8 9 |
$date = (Get-Date).ToString('MMM-yyyy') $certificateExpiringYears = (Get-Date).AddYears(10) $FQND = "wificontroller.xxxxxx.it" $friendlyname = "wificontroller" New-SelfSignedCertificate -DnsName $FQND -KeyLength 2048 -CertStoreLocation "Cert:LocalMachine\My" ` -FriendlyName $friendlyname -NotAfter $certificateExpiringYears |

2) Add and configure and NPS /Radius on your Windows 2019
Open server manager and add the NPS role.

3) Now, go to the controller and create a new “radius profile”


4)Configure the NPS and APs

Now create a Policy that contains a dedicated AD group In my case I used all Domain Users.



Select EAP and the Cert previously created

5) Create a WiFi network with WPA2-Ent
Open the Unifi Controller and create a new Wifi Net.

Select WPA Enterprise and the Radius profile previously created.

Now try to connect…



Done!