I am in the process of implementing a new, secure wireless infrastructure using Cisco wireless access points with WPA2, Windows Server 2008 R2 Enterprise CA and Windows Server 2008 R2 NPS.
For my Windows 7 computers which are members of my Active Directory, the setup is working fine.
I used a self-signed internal certificate and published the certificate to all client's Trusted Root.
Configured my NPS Network Policy with PEAP authentication.
A wireless GPO is pushed to the client. This policy forces Computer Authentication. The NPS policy is checking that the computer is member of a particular group as part of the authentication process.
We also have a number of handheld devices in my organisation, mainly Blackberry and iPad.
I was planning on using MAC address authentication for these devices and I read that this should be possible by creating AD accounts with username & password = MAC address of the device.
Is it possible to achieve seamless authentication for these devices (meaning that the device is automatically sending its MAC address as username/password) or is there no way around typing in a username/password (in my case, the MAC address)?
If that is indeed possible, what type of Network Request Policy/Network Policies should be confirmed to accomplish this?
Would greatly appreciate some advice around this.