Configure wireless AP to authenticate with AD for non domained devices.
I configured a wireless AP (Ubiquiti) on our network to authenticate users using AD username/password. I configured the NPS as a RADIUS server to perform PEAP-MS-CHAP v2 authentication using a 3rd party CA certificate. It works great for domained computers that connect via Wi-Fi. However, it's not working for mobile phones (it says to Select certificate, but it doesn't show up any certificate to select) and not for non-domain computers (it prompts for username/password but after entering it says "Windows was unable to connect to...).
Does anybody have any advise (or is this not possible)?
Thanks!
Does anybody have any advise (or is this not possible)?
Thanks!
You need to preload the correct certificates in the phones yourself.
For "domained computers" this is done for you when the registry is loaded during setup. (probably done while still wired).
For "domained computers" this is done for you when the registry is loaded during setup. (probably done while still wired).
@Noci.
I have iPhones that use PEAP to authenticate without preloading the Cert. It does prompt the user if they want to trust the cert. Once they trust it they are good to go.
I have iPhones that use PEAP to authenticate without preloading the Cert. It does prompt the user if they want to trust the cert. Once they trust it they are good to go.
ASKER
I just tried it on an iPhone and yes, it shows the certificate automatically and asks if you trust it.
However, on a Android it doesn't show the certificate.
Are you saying that there's no way that an employee could bring his own laptop (and Android device) and sign into the network without intervention of the IT Department to manually install the certificate. I'm looking for a way that will be seamless for the end user.
Thank!
However, on a Android it doesn't show the certificate.
Are you saying that there's no way that an employee could bring his own laptop (and Android device) and sign into the network without intervention of the IT Department to manually install the certificate. I'm looking for a way that will be seamless for the end user.
Thank!
I have experienced issues with Andriod not able to authenticate on a PEAP setup. I never fold a solution so I reverted to WPA2 PSK.
ASKER
Thank you all for your input!
I'm just wondering how do other corporate offices setup their WiFi infrastructure with security in-mind. (How do employees log onto the WiFi, is there one set of credentials for everybody? Do employees have access to the main network on their mobile devices? Etc.)
I'm just wondering how do other corporate offices setup their WiFi infrastructure with security in-mind. (How do employees log onto the WiFi, is there one set of credentials for everybody? Do employees have access to the main network on their mobile devices? Etc.)
For the android users I setup a WPA2 with passphrase and this works.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Without a valid cert the process is broken. The other part of this is policy you have on your NPS.
Would you be able to post your policies?