JumpCloud Community

Nagenthiran · ‎11-27-2023

Requirements:

OpenSSL 3.0.7 (https://slproweb.com/products/Win32OpenSSL.html)
PowerShell 7.x.x ((https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell?view=powershell...))
JumpCloud PowerShell Module (https://www.powershellgallery.com/packages/JumpCloud)
Variables in `config.ps1` updated
- JumpCloud API Key Set (Read/ Write Access Required)
- JumpCloud ORG ID Set
- JumpCloud User Group containing users and assigned to a Radius Server.

Open SSL Installation and Setup:

Visit the OpenSSL download page: https://slproweb.com/products/Win32OpenSSL.html.
Download the preconfigured version installer suitable for Windows x64 bit.
Run the installer and follow the on-screen instructions.
Open Control Panel > Select "Edit the system environment variables”.
Under the "System Properties" window and "Advanced" tab, select the "Environment Variables..." box.
Under the "User Variables for yourAccount" Click the "New..." box
Set the Variable Name to: `OPENSSL_MODULES`
Set the Variable Value to: `C:\Program Files\OpenSSL-Win64\bin` or the location of the `legacy.dll` file included in your OpenSSL distribution > Click "OK”.
Under the "System variables" section scroll down to the "Path" variable, select it and click "Edit..."
Add a new line entry for this variable and type `C:\Program Files\OpenSSL-Win64\bin` or the location of the `openssl.exe` file included in your OpenSSL distribution.
Click "OK"
Click "OK" to close and save the Environment Variables dialog box.
Click "OK to close and save the System Properties dialog box.

PowerShell 7.0.3 Installation:

Download the MSI installer for your Windows architecture (usually x64).
Locate the downloaded MSI installer file.
Double-click on the installer to start the installation process.
The installation wizard will guide you through the setup process. Click "Next" to proceed.
Select either "Just me" (installing for the current user) or "Everyone" (installing for all users). Click "Next."
Choose the destination folder for PowerShell installation. Click "Next."
Select the Start Menu folder for PowerShell shortcuts. Click "Install."
Wait for the installation process to finish. Click "Finish" when prompted.

Jumpcloud Powershell Module Installation:

Radius Script Setup and Jump cloud Radius Setup:

Download the Radius scripts from the below URL: https://github.com/TheJumpCloud/support/releases/tag/PasswordlessRadiusConfig_v1.0.5
Extract the Zip file and navigate into the Radius_Win folder.
Open the Powershell.ise and open the config.ps1 from the Radius windows script folder.
Change the variable $JCAPIKEY to your Jumpcloud API key.
Set your Organization ID.
Set your User Group ID.
Change the variable $NETWORKSSID.
Set the open SSL Binary Location to openssl.
Set your certificate subject headers: change the default values provided in the $Subj variable to Country, State, Locality, Organization, Organization Unit and Common Name values for your organization.

Gnerating or Importing a Certificate Authority:

Open a PowerShell 7 terminal session and run: Start-RadiusDeployment.ps1. You could see the following menus.
Press “1” to generate the root certificate for Jumpcloud Radius.
Setup the Root certificate password.
After generating the root certificate, you’re able to see the root certificate and private key in the Jumpcloud script CERT folder.
After successful generation of a self-signed CA, the serial number and expiration date will be displayed on the main menu

Upload the Root Certificate in Jumpcloud Portal:

Open the Jumpcloud admin portal.
Navigate to Radius menu in left side menu bar.
Click the JumpCloud_Radius_Latentview. On the Authentication tab, choose JumpCloud as the Identity Provider and under the Authentication Method, click on the Passwordless option.
To upload your certificate, click on the Choose a File button, navigate to the file location, and select it for uploading.
Once the file has successfully uploaded the file name will display on the screen and options will change to replacing or deleting the file. There is also an option to view the full CA chain.
Clicking Save will return the user to the main RADIUS screen, where the Certificate badge will display in the Primary Authentication column.

Generating User Certificates:

Open a PowerShell 7 terminal session and run: Start-RadiusDeployment.ps1.
Press “2” to generate the user certificate which users are in Jumpcloud_Radius user group.
Note: If the user certificate is already generated, that users certificate generation should be skipped.
The user certificates are stored locally and monitored for expiration.
User certificates can be manually removed from the/projectDirectory/Radius/UserCerts/directory at any time and regenerated using option 2 from the main menu.

Distributing User Certificates:

Open a PowerShell 7 terminal session and run: Start-RadiusDeployment.ps1.
Press “3” to distribute user certificates to end user devices.
- Press '1' to generate new commands for ALL users. NOTE: This will remove any previously generated Radius User Certificate Commands titled 'RadiusCert-Install
- Press '2' to generate new commands for NEW RADIUS users. NOTE: This will only generate commands for users who did not have a cert previously.

Monitoring Certificate Deployment Status:

Open a PowerShell 7 terminal session and run: Start-RadiusDeployment.ps1.
After certificates have been distributed, you can view overall progress of the deployment through option 4 on the main menu.

Connect the Radius in Windows:

In Windows, select the radius network from the wireless networks dialog prompt, an option to select a certificate should be displayed. Select the certificate which corresponds with the user on the device. Select "OK".
Before Connecting, users can view the authentication source. Click "Connect" to connect to the network, no password is necessary.
The user should then be connected to the radius network.

JumpCloud Radius Implementation – Windows