Link to home
Start Free TrialLog in
Avatar of Jorge Diaz
Jorge DiazFlag for United States of America

asked on

Windows Server NPS Radius for 802.1x wireless and ethernet configuration

Hello there,

I"m reviewing the 802.1x's microsoft implementation to get handle on it  and consider its possible implementation in our environment. At this moment we don't have a domain, as a matter of fact we're mostly macs with no network os. I've been reading Microsoft documents and it seems to me 802.1x can be implemented without joining the computers to domain.  I've found quite a few hurdles as i keep reading and testing this so i figure it'd be a great idea to pick someone else's brain...
First, can i implement NPS in a non domain mac environment  environment? Should i consider open source for radius instead?
If any of you have implemented it, is there any lessons you would like to share with me as keep testing.

thanks for your help..
Avatar of arnold
arnold
Flag of United States of America image

You do not need a windows system to implement 802.1x, you do however, need a radius server, freeradius with MySQL backend can do what you need. OpenSSL can be used/setup as an internal CA.

Yes, you should consider open source, a commodity workstation, older one you could buy from eBay for $100-$300 on which you can setup center from centos.org, MySQL/freeradius, ......

A pair will provide redundancy/......
You can use NPS.  Create local accounts on the NPS  box for your users and it'll work fine... no SQL needed :)

You can even run a CA on it too.
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I focused on the portion given there is no existing infrastructure based on Windows, whether open source shoukd be considered.

The following link deals with using raspberry pi as the .......
https://steven-england.info/2014/11/06/providing-802-1x-authentication-freeradius-peapv0eap-mschapv2-support-raspberry-pi/
Using the component references of freeradius,freeradius-MySQL....
Applying the configuration .....

There are other examples ref dialoradius......
The issue one would/should have two to have backup in the event one fails to make sure access to the network (802.1x) is maintained.
Ok fair comment :-)