User Panel
User Panel
User Panel
|
Posted: 3/30/2017 3:37:18 PM EDT
[#1]
What vendor is the wireless and radius server?
|
|
|
|
Posted: 3/30/2017 5:49:41 PM EDT
[#2]
Is the RADIUS server actually authenticating against the DC? Are the machines domain joined/enrolled?
|
|
|
|
Posted: 3/30/2017 5:58:21 PM EDT
[#3]
Aruba IAP-325 authenticating against a Windows Server 2008 R2 domain controller/RADIUS server via Network Policy Server. Clients PC's are joined to the domain.
|
|
|
|
Posted: 4/3/2017 12:51:18 AM EDT
[#4]
Quoted:
Adding a new wireless network with WPA2 Enterprise authentication. It mostly works, but RADIUS authentication fails if the client selects "automatically use my Windows login and password" With the Auto box checked, the client tries to use DOMAIN\Username and fails. Clients can manually enter Username and that works. Clients can also enter Username@DOMAIN and that works as well. Anyone know how to fix this? I have no real experience with Windows' implementation of RADIUS in conjunction with AD (we use FreeRADIUS backed by OpenLDAP). But I'm betting your users are logging into their Windows workstations by putting in just the bare username (or even putting in domain\username) for the username. Logging into the domain authenticated workstation prompt with just the username (no domain defined) in the username field results in the OS passing the deprecated "Down-Level" style logon name (domain\username). If you have the client login to the workstation using the UPN formatted username (e.g. [email protected]), then the "automatically use my Windows login and password" option should work for RADIUS. |
|
|
|
Posted: 4/3/2017 1:43:16 PM EDT
[#5]
I am testing a very similar setup with AD, a Server 2012 RADIUS server that is joined to the domain and Aruba IAP 315s.
This is the guide I used to get me up and running. https://glazenbakje.wordpress.com/2013/08/31/microsoft-windows-server-2012-radius-setup/ Make sure you pay attention to the NPS, the policies and that you add a Windows group to have access. My test computer is domain joined and I don't even have to type in a username or password when I connect to the test SSID. I have not tried on a non domain joined laptop yet. |
|
|
|
Posted: 4/21/2017 10:46:17 PM EDT
[#6]
install MS CA and use certificates to authenticate the machine. That way you can admin the machine when users aren't logged in.
you can use GPO to lockdown the clients to specific SSIDs which makes for a pretty secure WLAN. |
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
