Radius Secret mentioned here must be same in Cisco Wireless Access Point. You must verify connection by clicking verify. Step4: Setup Policy
Network Policy Server>Policies>network Policies>Right Click>New
This is highly important part of entire config. Based on your need, you have to choose desire config type among all.
*** Tunnel Type:L2TP
NASPort Type: *** or Wireless
EAP Type: EAP-TLS, MSChap v2 or PEAP
AD Group: Wireless User Group or *** User Group
Smart card or Certificate is the best option. For Windows 7 and XP, only certificates will work smooth as silk. However, if you have Macintosh Client then you have choose Certificate and PEAP.
Here, I explained standard Radius config. I would recommend following for two different situations:
L2TP, Certificate and EAP for *** Client
Certificate, PEAP and MSChap v2 for Wireless Client.
You can have more then one policy in NPS. A single server can be used to authenticate both *** and Wireless Client. For some weird reason, my Macintosh client did not work with only user and machine certificate. Apple support advised me to use user cert and Radius shared secret instead. But for Windows 7 and XP client, certificates and EAP will work smooth as silk.
Further Help:
Microsoft Technet
Keywords: L2TP, Radius, NPS, Windows Server 2008, Certificates