locked
Non Domain User Radius AUTH RRS feed

  • Question

  • Hi I have my domain controller setup (dc.lan.local) Im am trying to configure my access point Apple Airport Extremes and express. All N with gigabit. I have AD setup as a radius server using NPS. I am on W2K8 R2. I have a access point configured to the AD ip and its secret for that client. It works with any of my macs or my iPhone. I login with my user and passwd. My user is a Domain Admin and it has dial in services enabled. I have a Connection request policy and a Network Policy setup with time limits 24/7 access and in the Auth Tab I have PEAP and MSCHAP and MSCHAP-V2 setup. Under PEAP's settings im using MSCHAP-V2 with my certificate dc.lan.local. Like I said I can auth on my mac and iPhone running iOS5.0.1 my macs are on 10.7.1 and 10.6.8 I can not connect via a windows 7 machine. I have tried my username in user, user@lan, user@lan.local, LAN\user, and LAN.LOCAL\user all with the correct password. I joined a windows 7 machine to my domain and it automaticly connected to my access point with RADIUS auth. It never asked for a user or a passwd. How can I get it where I can just enter in my user and pass without being on the domain like on my iPhone. I do not wish to transfer my network to full ad.
    Monday, January 2, 2012 6:15 AM

Answers

  • Hi Wesley,

     

    Thanks for posting here.

     

    So it is working on all Windows clients?

     

    >Can this be achieved without the profile having to be manually created to.

    We can first create and set wireless profile on a windows client, after that we can export it and import to all other windows clients by using the NETSH commands for Wireless Local Area Network (wlan):

     

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa369853(v=vs.85).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, January 3, 2012 7:24 AM
  • Hi Wesley,

     

    Thanks for posting here.

     

    If we have configured the wireless profile for domain joined computers to connect to this authenticated wireless network on domain controller by using group policy with specifying a few settings then we can try to export the profile setting also certificates on a successfully configured client by the workaround I mentioned and import it to non-domain joined computers.

     

    I’d suggest to recheck our current settings with following the workaround in the guide below and start our deployment :

     

    Foundation Network Companion Guide: Deploying 802.1X Authenticated Wireless Access with PEAP-MS-CHAP v2

    http://technet.microsoft.com/en-us/library/dd183603(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, January 4, 2012 7:14 AM

All replies

  • Are you tried turn this check box off?

    Monday, January 2, 2012 1:22 PM
  • Yes I have. I have also manually added the user and passwd. Can this be achieved without the profile having to be manually created to. 

     

    Now I cant connect via any computer from where I was messing around with it last night.


    ~Wesley K.
    Monday, January 2, 2012 10:05 PM
  • Hi Wesley,

     

    Thanks for posting here.

     

    So it is working on all Windows clients?

     

    >Can this be achieved without the profile having to be manually created to.

    We can first create and set wireless profile on a windows client, after that we can export it and import to all other windows clients by using the NETSH commands for Wireless Local Area Network (wlan):

     

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa369853(v=vs.85).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, January 3, 2012 7:24 AM
  • No it isnt working on any device now.
    ~Wesley K.
    Wednesday, January 4, 2012 12:26 AM
  • Hi Wesley,

     

    Thanks for posting here.

     

    If we have configured the wireless profile for domain joined computers to connect to this authenticated wireless network on domain controller by using group policy with specifying a few settings then we can try to export the profile setting also certificates on a successfully configured client by the workaround I mentioned and import it to non-domain joined computers.

     

    I’d suggest to recheck our current settings with following the workaround in the guide below and start our deployment :

     

    Foundation Network Companion Guide: Deploying 802.1X Authenticated Wireless Access with PEAP-MS-CHAP v2

    http://technet.microsoft.com/en-us/library/dd183603(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, January 4, 2012 7:14 AM
  • Hi Wesley,

    How did you get your Mac system and Iphone to work with PEAP MSCHAP-V2?  Could you kindly give a me step by step instruction?  I have have a W2k8 R2 setup AD, DNS, DHCP and NPS. (all in one).  I was able to authenticate my Access point on the windows 7 box for me,  but i can't get Mac system and Iphone to work.  Thanks for your help.

    Tuesday, January 10, 2012 8:06 AM
  • OK il look at it in a few days. I abanded the project and will have to start over.

     

    As for the step by step. On my iphone I joined the access point with my username and password and accepted the cert and it let me on.


    ~Wesley K.
    Wednesday, January 11, 2012 3:28 PM