Solved

aironet radius authentication wpa2 enterprise no certificate with NPS

Posted on 2013-05-14
5
601 Views
Last Modified: 2013-05-29
I am currently testing out NPS, is there any to configure NPS to lock down my wireless via AD username and password without a certificate.  I am having a very difficult time trying to figure this out, I am selecting PEAP with MSCHAP V2 for authentication.
0
Comment
Question by:mmercaldi
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:footech
ID: 39165953
If you're trying to use PEAP or EAP, you have to have at least one certificate on the NPS.  It'd be like trying to drive a car without wheels.
0
 

Author Comment

by:mmercaldi
ID: 39166017
ok so what should I use then to use this without a cert?
0
 
LVL 40

Expert Comment

by:footech
ID: 39166075
You either have to put some wheels on the car or don't drive it.  Those are your only options.  In other words, get a cert and use it, or don't use NPS for your wireless and just use a Pre-Shared Key (PSK) as in WPA2-Personal.
0
 

Author Comment

by:mmercaldi
ID: 39166092
well let me explain a bit of my scenario maybe you can shed some light on what I can do for this.  So currently I am setting up a guest wireless account, rather not give out a psk key for it because everyone will be asking it for their cell phones and other stuff and will simply bug the helpdesk staff and myself way to much.  Was hoping simply have the users login to the wireless on the phones with their AD credentials.  Currently these phones are blackberry (NO BES), iphones, and androids.  How would you do this?
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39166239
Guest wireless networks can be tricky depending on what policies/limitations you have in mind for who can connect, what resources they can access once connected, etc.  The most prevalent for a guest (typically non-employees) network is to have a captive portal, which could use an internal database to authenticate against or a separate resource like AD.  If this is just for employee devices, I would think PEAP MSChapV2 would be perfectly acceptable instead of a captive portal.  If you're not using a publicly trusted certificate on the NPS, every phone device I've seen doesn't care and just let's you accept it, but for Windows clients you either have to make sure they trust the cert or modify the connection properties so that it doesn't validate the cert.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
A procedure for exporting installed hotfix details of remote computers using powershell
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question