03-12-2019 01:17 AM - edited 02-21-2020 11:03 AM
Hi,
I would like to request to help for 802.1 wired authentication with NPS.I already tested using PEAP and username,password authentication for 802.1x with NPS. It is working.
I would like to use 802.1x authentication in our network but i don't want to join all my PCs to domain.
Now i would like to know can i use the 802.1x authentication for normal PC ?
If i don't want to type user name and password which method should i need to use ?
Even i am using certificate authenticate, still i need to type username and password ?
My network have a lot of devices( printers and ip phones).
if i add mac in domain to use MAB,it is very complicate
How to use MAB for those devices ?
Can i add this devices MAC in NPS server ?
03-27-2019 06:12 AM
03-27-2019 06:26 PM
Hi ,
I followed this links . I defined mac address as username and password in AD.and i also to stored Mac address in NPS.
10-06-2019 01:16 PM - edited 10-06-2019 01:21 PM
If you want to authenticate a PC to allow users to connect via wireless and not be prompted for a password after they have logged into the PC, you should use TLS (Smartcard). However, you will need a PKI (Cert Server) issuing certs to all your PC"s. At that stage, you might as well do users too. This can be done with the MS Cert server and AD. But all nodes will have to be hardwired once to pull the cert when they log in. After they get the cert, you will be good to go.
One of the most significant issues I have seen with any authentication type is making sure you picked the correct cert under setting highlight your EAP type and click edit. You will get a popup box. Make sure you have the correct root cert being used on your NPS policy. The next one is to change the user and computer Dial-in profile in AD from NPS control to allow access. I have run into issues when they are set to allow NPS to control policy. If you use PEAP, you do not need a PKI, but you will need a cert on NPS that is trusted by all your clients. A third party cert, such as Godaddy, would work because, in most cases, the node will already have GoDaddy as a trusted cert provider. You will have to make sure that under settings Authentication Methods, you edit your EAP type to match your desired cert. Remember, you also have to make sure you add your AP (Meraki) or Wireless controllers to the NPS server.
I hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide