Solved

Windows 8.1 Wireless Authentication Single Sign On for EAP-TTLS

Posted on 2014-04-29
6
5,292 Views
Last Modified: 2014-05-05
We need our Windows 8.1 client computers to logon to the wireless system prior to user authentication.  They now logon to the wireless with no issue after the user logs in.

This could be accomplished by creating a Wireless Network Policies GPO and pushing it to the wireless clients.

We use WPA2 enterprise, and EAP-TTLS but our servers are server 2008R2.
EAP-TTLS was added as a choice to Wireless Network Policies in GPOs in Server 2012, so it is not a choice when we create a GPO on our server.

1.  Is there a way to add the EAP configuration options from Server 2012 to a Server 2008R2?

2.  Is there some other, less fancy way of getting a windows 8 machines to authenticate to the wireless prior to user login?  I read that adding the following registry entry involving netsh to
HKLM\Software\Microsoft\Windows\CurrentVersion\Run  would work

%comspec% /c netsh wlan connect name=profile_name

The netsh command does connect to the network when run from the command line, but does nothing when placed like this in the registry. (not for windows 8.1)

http://community.spiceworks.com/how_to/show/2047-enable-wireless-connection-pre-logon-on-domain

Anyone dealt with this?
0
Comment
Question by:dakota5
  • 4
  • 2
6 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40030353
If you want to use EAP-TTLS you just can't with Server 2008.  However, if you want to use computer authentication you can do this natively in Server 2008 by using computer certificates and standard EAP-TLS.

I'm guessing though that you're wanting to use TTLS so you don't have to deploy certificates to your workstations?
0
 

Author Comment

by:dakota5
ID: 40030602
We are a department within a large institution with an existing EAP-TTLS system.  We configure our clients to deal with whatever IT hands us.

I'm going to try exporting the working profile from the windows 8.1 client as XML and import that into the Server 2008 R2 GPO
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40030852
You would need a suitable ADM file. You could try adding the relevant XML config for the policy but it probably won't work.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:dakota5
ID: 40031061
Right.  I tried that, and no it did not work.

Anyone know of  a wireless driver package that includes EAP-TTLS that will run on Windows 8?
The standard CISCO package worked for XP and Windows 7, but not for Windows 8
0
 

Accepted Solution

by:
dakota5 earned 0 total points
ID: 40033020
The answer was simple.  Advanced settings are a bit hidden in Windows 8.

Connect to network in normal way.  Go to network and sharing center.
In the active networks section, click the link that is the active connection.

Wireless properties | security | advanced settings
authentication mode is fine as user.
Save credentials.  Popup states that this allows your computer to connect to network when you are not logged in.  You will be connected prior to login after bootup and also after you logout.

Apparently this is not the same as saving your credentials when you create the network with the Windows 8 network charms.
0
 

Author Closing Comment

by:dakota5
ID: 40041636
It took forever, but I did find the answer on the internet.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question