Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12307
Views
35
Helpful
17
Replies

Configure Wired 802.1X with NPS

MrBeginner
Spotlight
Spotlight

‎03-12-2019 01:17 AM - edited ‎02-21-2020 11:03 AM

Hi,

I would like to request to help for 802.1 wired authentication with NPS.I already tested using PEAP and username,password authentication for 802.1x with NPS. It is working.

I would like to use 802.1x authentication in our network but i don't want to join all my PCs to domain.

Now i would like to know can i use the 802.1x authentication for normal PC  ?

If i don't want to type user name and password which method should i need to use ?

Even i am using certificate authenticate, still i need to type username and password ?

My network have a lot of devices( printers and ip phones).

 if i add mac in domain to use MAB,it is very complicate

How to use MAB for those devices ?

Can i add this devices MAC in NPS server ?

 

 

Labels:
0 Helpful
17 Replies 17

Rob Ingram
VIP
VIP
In response to MrBeginner

‎03-27-2019 06:12 AM

What error do you get when you use a custom template?
Why exactly do you need to use a custom template?
What error (in the NPS server logs) do you get when the computer authentication fails?

I wouldn't use that command, the NPS server is not authenticating the users then, that's not what you want.

What errors (in the NPS server logs) do you get when attempting to authenticate MAB devices? What did you define as the password for these accounts?

MrBeginner
Spotlight
Spotlight
In response to Rob Ingram

‎03-27-2019 06:26 PM

Hi ,

I followed this links    . I defined mac address as username and password in AD.and i also to stored Mac address in NPS.

0 Helpful

Kombi
Level 1
Level 1
In response to MrBeginner

‎10-06-2019 01:16 PM - edited ‎10-06-2019 01:21 PM

If you want to authenticate a PC to allow users to connect via wireless and not be prompted for a password after they have logged into the PC, you should use TLS (Smartcard).  However, you will need a PKI (Cert Server) issuing certs to all your PC"s.  At that stage, you might as well do users too. This can be done with the MS Cert server and AD.  But all nodes will have to be hardwired once to pull the cert when they log in.  After they get the cert, you will be good to go. 

 

One of the most significant issues I have seen with any authentication type is making sure you picked the correct cert under setting highlight your EAP type and click edit.  You will get a popup box.  Make sure you have the correct root cert being used on your NPS policy.  The next one is to change the user and computer Dial-in profile in AD from NPS control to allow access.  I have run into issues when they are set to allow NPS to control policy.  If you use PEAP, you do not need a PKI, but you will need a cert on NPS that is trusted by all your clients.  A third party cert, such as Godaddy, would work because, in most cases, the node will already have GoDaddy as a trusted cert provider.   You will have to make sure that under settings Authentication Methods, you edit your EAP type to match your desired cert.   Remember, you also have to make sure you add your AP (Meraki)  or Wireless controllers to the NPS server.

 

I hope this helps.

Customers Also Viewed These Support Documents