Solved

aironet radius authentication wpa2 enterprise no certificate with NPS

Posted on 2013-05-14
5
599 Views
Last Modified: 2013-05-29
I am currently testing out NPS, is there any to configure NPS to lock down my wireless via AD username and password without a certificate.  I am having a very difficult time trying to figure this out, I am selecting PEAP with MSCHAP V2 for authentication.
0
Comment
Question by:mmercaldi
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:footech
ID: 39165953
If you're trying to use PEAP or EAP, you have to have at least one certificate on the NPS.  It'd be like trying to drive a car without wheels.
0
 

Author Comment

by:mmercaldi
ID: 39166017
ok so what should I use then to use this without a cert?
0
 
LVL 39

Expert Comment

by:footech
ID: 39166075
You either have to put some wheels on the car or don't drive it.  Those are your only options.  In other words, get a cert and use it, or don't use NPS for your wireless and just use a Pre-Shared Key (PSK) as in WPA2-Personal.
0
 

Author Comment

by:mmercaldi
ID: 39166092
well let me explain a bit of my scenario maybe you can shed some light on what I can do for this.  So currently I am setting up a guest wireless account, rather not give out a psk key for it because everyone will be asking it for their cell phones and other stuff and will simply bug the helpdesk staff and myself way to much.  Was hoping simply have the users login to the wireless on the phones with their AD credentials.  Currently these phones are blackberry (NO BES), iphones, and androids.  How would you do this?
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 39166239
Guest wireless networks can be tricky depending on what policies/limitations you have in mind for who can connect, what resources they can access once connected, etc.  The most prevalent for a guest (typically non-employees) network is to have a captive portal, which could use an internal database to authenticate against or a separate resource like AD.  If this is just for employee devices, I would think PEAP MSChapV2 would be perfectly acceptable instead of a captive portal.  If you're not using a publicly trusted certificate on the NPS, every phone device I've seen doesn't care and just let's you accept it, but for Windows clients you either have to make sure they trust the cert or modify the connection properties so that it doesn't validate the cert.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now