Wireless Authentication

Hello, I am trying to setup only User Authentication for my domain users to get authenticated via my NPS server (Windows 2008R2) to gain access to the wireless network.

Do I still need to setup a CA server or can this be skipped? Also what NPS policies should I put in just for user authentication as I have non domain devices like ipads and iphones that will use 802.1x user authentication to connect.

Help?
OZSGGeneral Manager Technical ServicesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jakob DigranesSenior ConsultantCommented:
You need a certificate if you choose to use PEAP as EAP-Type, which you should. What kind of organization and network is this?
without PEAP there is a theoretic posssibility that session can be decrypted.

For the NPS you should select a user group that gains access (not domain users) then you need to select EAP-Type - i recommend PEAP, and inner authentiation method MsChapV2 - usernames and passwords.

You can easily setup an internal CA - hand out one certificate to NPS server, and leave it at that.
here's a good blog: http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/

The iOs devices will get a certificate warning that the certificate is not trusted, this is cause you haven't got the root certificate on you devices. But this is just to accept the first time, and it is gone.

BTW: If you have high security concerns - then you should get either the root cert deployed to devices, or get a 3rd party NPS certificate from a valid CA, like Digicert or Thawte.
I'd then also recommend deploying certificates to iOs devices - but then there's a lot of administrative overhead. It all boils down to the first questions; what organization and what network and access is needed.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OZSGGeneral Manager Technical ServicesAuthor Commented:
Thanks I will check and revert back
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.