Hi all,

We have 3 guest APs that i wanted to use radius user/pass authentication for (save me having to roatate 3 guest aps psks every few months ad for future growth).

so were using NPS on server 2012r2 for authentication.

My relevant config is as per below:-

aaa group server radius GUEST_SERVER

server 192.168.1.2 auth-port 1812 acct-port 1813

!

aaa authentication login default local

aaa authentication login NO_LOGIN none

aaa authentication login guest_eap group GUEST_SERVER

aaa authorization exec default local

!

aaa session-id common

ip domain name guest.local

ip dhcp excluded-address 192.168.1.1 192.168.1.10

ip dhcp excluded-address 192.168.1.128 192.168.1.254

!

!

dot11 syslog

!

dot11 ssid WGLAN

   authentication open eap guest_eap

   authentication network-eap guest_eap

   authentication key-management wpa version 2

   guest-mode

!

This works apart from users get prompted to accept the guestservers certificate, ive only tested this on IOS at the moment too. ive heard that with win7 we have to import the cert to the users local store and change network profile settings. this is way too much config for a guest who may only know how to use powerpoint etc...

so my question is, is there another way i can authenticate wireless users via user/pass or pass using radius where its as simple as possible (i.e as simple as using a psk)

THanks