802.1x Without Certificates

Hi Experts,

I am using 802.1x to authenticate domain users through NPS and RADIUS.
This is currently working, with certificates however and I do not wish to use certificates.

I do not wish to use certificates because that means I need to either deploy the certificate via GPO which I cannot do since not all the machines are part of the domain.
OR
I have to manually install the certificate on all the devices which is not an option.
OR
I have to do what I am doing currently and uncheck the "validate certificate" option on each client manually.

So I basically want to do exactly what I am doing now but without certificates.

All help appreciated!
Gex010Asked:
Who is Participating?
 
footechConnect With a Mentor Commented:
You don't mention what authentication method you're using, but whether you're using (P)EAP-TLS or PEAP-MSCHAPv2, they both require a certificate on the NPS.  Your only options for the clients are to get them to trust the NPS cert, uncheck the "validate server certificate" box, or use a cert for the NPS from a publicly trusted CA (which the clients will already trust).  If you don't want certificates at all, don't use 802.1x.
0
 
Gex010Author Commented:
I figured I wouldn't have much of a choice but I will stick with 802.1x since this is for a BYOD solution and so far Macbooks, android and apple mobile devices are all able to bypass the problem by offering a pop up to ignore the certificate, including windows mobile devices, so hopefully Windows 8 will get around this problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.