Hi,
I am trying to set up device (laptops/desktop XP and Vista, iPhone, tablet) and user authentication. Mostly to diferentiate corp and private devices. So far I have successfully been able to authenticate wireless users that is in a AD group, using ISE as RADIUS (PEAP MSchapV2). Now I have to figure out a way to authenticate/authorize devices.
One option is to see if the device is part of an AD group, but this is only suitable for computers, not phones/tablets.
All corp devices has got a root cert from our CA, is this being used during the PEAP process and can we authenticate devices with this cert?
If not, is the only options to implement machine cert? The problem I see there is how to use certificate for device and PEAP for user, since I can't find an option in Vista to send both machine cert and AD username/pwd.
Regards
Philip