locked
802.1x NAP enforcement without domain membership RRS feed

  • Question

  • Hello everyone,

    i have already configured 802.1x NAP server and clients within our domain. But there are few clients what is not possible to join domain (XP home clients for example). So, there is no group policy method, there is not possible to use HRA settings downloaded from domain server. I know, that there is possible to set up XP home client to use NAP enforcement, but have no idea how to configure NAP clients like this. I am using Server 2008 R2. Any help / suggestion?

    Jiri Simek

    P. S. I am sorry for my poor english - I am from CZE

    Thursday, October 14, 2010 12:21 PM

Answers

  • Hi Jiri,

     

    Thanks for posting here.

     

    Here is the description form article : Appendix A: NAP Requirements http://technet.microsoft.com/en-us/library/dd125301(WS.10).aspx might answer your question

     

    NAP clients can be members of an Active Directory domain or they can be non-domain-joined computers. Support for non-domain-joined computers varies, depending on the type of enforcement method you use.

    For more information about support for NAP client computers in domain and non-domain-joined environments, see NAP Client Computers http://technet.microsoft.com/en-us/library/dd125386(WS.10).aspx

     

    Here is an blog post might also help you to implement it with no domain joind client:

     

    NAP 802.1X Configuration Walkthrough – Part 2

    http://blogs.technet.com/b/nap/archive/2008/06/20/nap-802-1x-configuration-walkthrough-part-2.aspx

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, October 15, 2010 2:29 AM
  • Hi Tiger Li,

    I am sorry for my long time to response.

    I have took a look to your links you posted. There is described how to setup server without Active Directory - in my case, i need AD. Anyway thank you for link - it was usefull somehow.

    In my case, i did everything right except one: there is necessary to import "trusted root certifikates" from server into workstation - this is my solution by myself for everyone else who have the some troubble.

    Thank you, JS

    • Marked as answer by Jiri Simek Monday, October 25, 2010 1:16 PM
    Monday, October 25, 2010 1:15 PM

All replies

  • Hi Jiri,

     

    Thanks for posting here.

     

    Here is the description form article : Appendix A: NAP Requirements http://technet.microsoft.com/en-us/library/dd125301(WS.10).aspx might answer your question

     

    NAP clients can be members of an Active Directory domain or they can be non-domain-joined computers. Support for non-domain-joined computers varies, depending on the type of enforcement method you use.

    For more information about support for NAP client computers in domain and non-domain-joined environments, see NAP Client Computers http://technet.microsoft.com/en-us/library/dd125386(WS.10).aspx

     

    Here is an blog post might also help you to implement it with no domain joind client:

     

    NAP 802.1X Configuration Walkthrough – Part 2

    http://blogs.technet.com/b/nap/archive/2008/06/20/nap-802-1x-configuration-walkthrough-part-2.aspx

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, October 15, 2010 2:29 AM
  • Hi Tiger Li,

    I am sorry for my long time to response.

    I have took a look to your links you posted. There is described how to setup server without Active Directory - in my case, i need AD. Anyway thank you for link - it was usefull somehow.

    In my case, i did everything right except one: there is necessary to import "trusted root certifikates" from server into workstation - this is my solution by myself for everyone else who have the some troubble.

    Thank you, JS

    • Marked as answer by Jiri Simek Monday, October 25, 2010 1:16 PM
    Monday, October 25, 2010 1:15 PM