By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

How to setup TEAP in windows server 2022 ?


New Member
Jun 11, 2024
Here is our testing topology :
Radius server (it's win-ser 2022) < --- > switch < --- > client ,
Client want to run TEAP auth with Radius server ,
But we have no idea to setup TEAP in win-ser 2022 ,
Anybody can provide how to setup TEAP in win-ser 2022 please ?
Hello sbmc014,

I’d be happy to guide you through setting up TEAP (Tunnel Extensible Authentication Protocol) on your Windows Server 2022. This process primarily involves configuring the Network Policy Server (NPS) role and setting up the necessary policies. Let’s go through the steps:

1. Install the Network Policy Server (NPS) Role

1. Open the Server Manager.
2. Click Manage, then Add Roles and Features.
3. In the wizard, select Role-based or feature-based installation and click Next.
4. Select your server from the server pool and click Next.
5. In the Select server roles screen, check Network Policy and Access Services and click Next three times.
6. Under Select features, simply click Next.
7. Click Install and wait for the installation to complete.

2. Register NPS in Active Directory

1. In Server Manager, click Tools and then Network Policy Server.
2. Right-click the NPS (Local) node.
3. Select Register server in Active Directory.
4. Follow the prompts to complete the registration.

3. Configure NPS Policies for TEAP

1. Open Network Policy Server.
2. Expand Policies and select Network Policies.
3. Right-click on the right pane and click New.
4. Provide a Policy Name and click Next.
5. Add your conditions (like specifying users or groups) and click Next.
6. Under Specify Access Permission, select Access granted and click Next.
7. Under Configure Authentication Methods:

1. Click Add.
2. Select Microsoft: Protected EAP (PEAP) and click Edit.
3. In the Protected EAP Properties window, select Secured password (EAP-MSCHAP v2) for inner authentication.
4. Check Enable Fast Reconnect.
5. Click OK.

8. Under Configure Constraints and Settings:

1. Ensure that NAS Port Type is configured correctly according to your network setup.

9. Click Next and then Finish.

4. Configure Your Switch

On your switch, ensure it is set up to forward authentication requests to your RADIUS server. The configuration commands might vary depending on the switch manufacturer. Here's a generic outline:

1. Set the RADIUS server IP address and shared secret.
2. Enable 802.1X authentication on the relevant ports.
3. Bind the ports to the desired authentication policy.

Switch Configuration Example:
radius-server host <IP_Address> key <Shared_Secret>
interface <interface_id>
dot1x port-control auto

5. Test the Configuration

1. Ensure that your client (PC) is configured for 802.1X authentication.
2. Select TEAP or PEAP with your configured inner method.
3. Attempt to authenticate and monitor the logs on your NPS for any issues.

By following these steps, you should be able to set up TEAP authentication on your Windows Server 2022. If you encounter issues, specific error messages from the NPS logs can be quite helpful in troubleshooting. Feel free to follow up with those if you need further assistance!

Best of luck with your setup!