Hi all,
We have 3 guest APs that i wanted to use radius user/pass authentication for (save me having to roatate 3 guest aps psks every few months ad for future growth).
so were using NPS on server 2012r2 for authentication.
My relevant config is as per below:-
aaa group server radius GUEST_SERVER
server 192.168.1.2 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication login NO_LOGIN none
aaa authentication login guest_eap group GUEST_SERVER
aaa authorization exec default local
!
aaa session-id common
ip domain name guest.local
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.128 192.168.1.254
!
!
dot11 syslog
!
dot11 ssid WGLAN
authentication open eap guest_eap
authentication network-eap guest_eap
authentication key-management wpa version 2
guest-mode
!
This works apart from users get prompted to accept the guestservers certificate, ive only tested this on IOS at the moment too. ive heard that with win7 we have to import the cert to the users local store and change network profile settings. this is way too much config for a guest who may only know how to use powerpoint etc...
so my question is, is there another way i can authenticate wireless users via user/pass or pass using radius where its as simple as possible (i.e as simple as using a psk)
THanks