Solved

aironet radius authentication wpa2 enterprise no certificate with NPS

Posted on 2013-05-14
5
600 Views
Last Modified: 2013-05-29
I am currently testing out NPS, is there any to configure NPS to lock down my wireless via AD username and password without a certificate.  I am having a very difficult time trying to figure this out, I am selecting PEAP with MSCHAP V2 for authentication.
0
Comment
Question by:mmercaldi
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:footech
ID: 39165953
If you're trying to use PEAP or EAP, you have to have at least one certificate on the NPS.  It'd be like trying to drive a car without wheels.
0
 

Author Comment

by:mmercaldi
ID: 39166017
ok so what should I use then to use this without a cert?
0
 
LVL 39

Expert Comment

by:footech
ID: 39166075
You either have to put some wheels on the car or don't drive it.  Those are your only options.  In other words, get a cert and use it, or don't use NPS for your wireless and just use a Pre-Shared Key (PSK) as in WPA2-Personal.
0
 

Author Comment

by:mmercaldi
ID: 39166092
well let me explain a bit of my scenario maybe you can shed some light on what I can do for this.  So currently I am setting up a guest wireless account, rather not give out a psk key for it because everyone will be asking it for their cell phones and other stuff and will simply bug the helpdesk staff and myself way to much.  Was hoping simply have the users login to the wireless on the phones with their AD credentials.  Currently these phones are blackberry (NO BES), iphones, and androids.  How would you do this?
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 39166239
Guest wireless networks can be tricky depending on what policies/limitations you have in mind for who can connect, what resources they can access once connected, etc.  The most prevalent for a guest (typically non-employees) network is to have a captive portal, which could use an internal database to authenticate against or a separate resource like AD.  If this is just for employee devices, I would think PEAP MSChapV2 would be perfectly acceptable instead of a captive portal.  If you're not using a publicly trusted certificate on the NPS, every phone device I've seen doesn't care and just let's you accept it, but for Windows clients you either have to make sure they trust the cert or modify the connection properties so that it doesn't validate the cert.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question