Wireless Authentication

Posted on 2013-10-10
Medium Priority
Last Modified: 2013-10-22
Hello, I am trying to setup only User Authentication for my domain users to get authenticated via my NPS server (Windows 2008R2) to gain access to the wireless network.

Do I still need to setup a CA server or can this be skipped? Also what NPS policies should I put in just for user authentication as I have non domain devices like ipads and iphones that will use 802.1x user authentication to connect.

Question by:OZSG
LVL 22

Accepted Solution

Jakob Digranes earned 2000 total points
ID: 39564789
You need a certificate if you choose to use PEAP as EAP-Type, which you should. What kind of organization and network is this?
without PEAP there is a theoretic posssibility that session can be decrypted.

For the NPS you should select a user group that gains access (not domain users) then you need to select EAP-Type - i recommend PEAP, and inner authentiation method MsChapV2 - usernames and passwords.

You can easily setup an internal CA - hand out one certificate to NPS server, and leave it at that.
here's a good blog: http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/

The iOs devices will get a certificate warning that the certificate is not trusted, this is cause you haven't got the root certificate on you devices. But this is just to accept the first time, and it is gone.

BTW: If you have high security concerns - then you should get either the root cert deployed to devices, or get a 3rd party NPS certificate from a valid CA, like Digicert or Thawte.
I'd then also recommend deploying certificates to iOs devices - but then there's a lot of administrative overhead. It all boils down to the first questions; what organization and what network and access is needed.

Author Comment

ID: 39567177
Thanks I will check and revert back

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question