Solved

aironet radius authentication wpa2 enterprise no certificate with NPS

Posted on 2013-05-14
5
605 Views
Last Modified: 2013-05-29
I am currently testing out NPS, is there any to configure NPS to lock down my wireless via AD username and password without a certificate.  I am having a very difficult time trying to figure this out, I am selecting PEAP with MSCHAP V2 for authentication.
0
Comment
Question by:mmercaldi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:footech
ID: 39165953
If you're trying to use PEAP or EAP, you have to have at least one certificate on the NPS.  It'd be like trying to drive a car without wheels.
0
 

Author Comment

by:mmercaldi
ID: 39166017
ok so what should I use then to use this without a cert?
0
 
LVL 40

Expert Comment

by:footech
ID: 39166075
You either have to put some wheels on the car or don't drive it.  Those are your only options.  In other words, get a cert and use it, or don't use NPS for your wireless and just use a Pre-Shared Key (PSK) as in WPA2-Personal.
0
 

Author Comment

by:mmercaldi
ID: 39166092
well let me explain a bit of my scenario maybe you can shed some light on what I can do for this.  So currently I am setting up a guest wireless account, rather not give out a psk key for it because everyone will be asking it for their cell phones and other stuff and will simply bug the helpdesk staff and myself way to much.  Was hoping simply have the users login to the wireless on the phones with their AD credentials.  Currently these phones are blackberry (NO BES), iphones, and androids.  How would you do this?
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39166239
Guest wireless networks can be tricky depending on what policies/limitations you have in mind for who can connect, what resources they can access once connected, etc.  The most prevalent for a guest (typically non-employees) network is to have a captive portal, which could use an internal database to authenticate against or a separate resource like AD.  If this is just for employee devices, I would think PEAP MSChapV2 would be perfectly acceptable instead of a captive portal.  If you're not using a publicly trusted certificate on the NPS, every phone device I've seen doesn't care and just let's you accept it, but for Windows clients you either have to make sure they trust the cert or modify the connection properties so that it doesn't validate the cert.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question