Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 614
  • Last Modified:

aironet radius authentication wpa2 enterprise no certificate with NPS

I am currently testing out NPS, is there any to configure NPS to lock down my wireless via AD username and password without a certificate.  I am having a very difficult time trying to figure this out, I am selecting PEAP with MSCHAP V2 for authentication.
0
mmercaldi
Asked:
mmercaldi
  • 3
  • 2
1 Solution
 
footechCommented:
If you're trying to use PEAP or EAP, you have to have at least one certificate on the NPS.  It'd be like trying to drive a car without wheels.
0
 
mmercaldiAuthor Commented:
ok so what should I use then to use this without a cert?
0
 
footechCommented:
You either have to put some wheels on the car or don't drive it.  Those are your only options.  In other words, get a cert and use it, or don't use NPS for your wireless and just use a Pre-Shared Key (PSK) as in WPA2-Personal.
0
 
mmercaldiAuthor Commented:
well let me explain a bit of my scenario maybe you can shed some light on what I can do for this.  So currently I am setting up a guest wireless account, rather not give out a psk key for it because everyone will be asking it for their cell phones and other stuff and will simply bug the helpdesk staff and myself way to much.  Was hoping simply have the users login to the wireless on the phones with their AD credentials.  Currently these phones are blackberry (NO BES), iphones, and androids.  How would you do this?
0
 
footechCommented:
Guest wireless networks can be tricky depending on what policies/limitations you have in mind for who can connect, what resources they can access once connected, etc.  The most prevalent for a guest (typically non-employees) network is to have a captive portal, which could use an internal database to authenticate against or a separate resource like AD.  If this is just for employee devices, I would think PEAP MSChapV2 would be perfectly acceptable instead of a captive portal.  If you're not using a publicly trusted certificate on the NPS, every phone device I've seen doesn't care and just let's you accept it, but for Windows clients you either have to make sure they trust the cert or modify the connection properties so that it doesn't validate the cert.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now