Solved

802.1x Without Certificates

Posted on 2013-02-04
2
704 Views
Last Modified: 2013-02-05
Hi Experts,

I am using 802.1x to authenticate domain users through NPS and RADIUS.
This is currently working, with certificates however and I do not wish to use certificates.

I do not wish to use certificates because that means I need to either deploy the certificate via GPO which I cannot do since not all the machines are part of the domain.
OR
I have to manually install the certificate on all the devices which is not an option.
OR
I have to do what I am doing currently and uncheck the "validate certificate" option on each client manually.

So I basically want to do exactly what I am doing now but without certificates.

All help appreciated!
0
Comment
Question by:Gex010
2 Comments
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
Comment Utility
You don't mention what authentication method you're using, but whether you're using (P)EAP-TLS or PEAP-MSCHAPv2, they both require a certificate on the NPS.  Your only options for the clients are to get them to trust the NPS cert, uncheck the "validate server certificate" box, or use a cert for the NPS from a publicly trusted CA (which the clients will already trust).  If you don't want certificates at all, don't use 802.1x.
0
 

Author Closing Comment

by:Gex010
Comment Utility
I figured I wouldn't have much of a choice but I will stick with 802.1x since this is for a BYOD solution and so far Macbooks, android and apple mobile devices are all able to bypass the problem by offering a pop up to ignore the certificate, including windows mobile devices, so hopefully Windows 8 will get around this problem.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Normally after a failure of Domain Controller, when promoting new DC the DC is renamed, we will discuss the options in Dcpromo to re-create the DC with the same name. Scenario: You are a small IT shop with two Domain Controllers (Domain Contr…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now