If you're interested in learning how to deploy wireless networking for your organization that provides the security of Protected Extensible Authentication Protocol (PEAP) and 802.1X - as well as the ease of using password-based user authentication rather than smart cards - you will be interested in this new guide:
This guide explains how to build upon the core network by providing instructions about how to deploy Institute of Electrical and Electronics Engineers (IEEE) 802.1X-authenticated IEEE 802.11 wireless access using Protected Extensible Authentication Protocol – Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2).
The authentication method PEAP-MS-CHAP v2 requires that authenticating servers running Network Policy Server (NPS) present wireless clients with a server certificate to prove the NPS server identity to the client, however user authentication is not performed by using a certificate - instead, users provide their domain user name and password.
Because PEAP-MS-CHAP v2 requires that users provide password-based credentials rather than a certificate during the authentication process, it is typically easier and less expensive to deploy than EAP-TLS or PEAP-TLS.
Before you use this guide to deploy 802.1X wireless access with the PEAP-MS-CHAP v2 authentication method, you must do the following:
- Follow the instructions in the Windows Server 2016 Core Network Guide to deploy your core network infrastructure, or already have the technologies presented in that guide deployed on your network.
- Follow the instructions in the Core Network Companion Guide Deploy Server Certificates for 802.1X Wired and Wireless Deployments, or already have the technologies presented in that guide deployed on your network.
For more information, see Deploy Password-Based 802.1X Authenticated Wireless Access .