I'll try to be as succinct as possible as I am hoping someone who has managed a similar network as I am describing will chime in with some advice.
I am looking at using Windows 2008R2 NPS for RADIUS authentication to access my corporate WLAN. I'm thinking about using PEAP-TLS because while MSCHAPv2 is very easy to deploy, I didn't want someone to be able to enter their username/password on a device
they bring in from outside and put it on my WLAN.
For my domain workstations, this is no issue, as I setup autoenrollment for computer certificates and pushed the wireless profile with the correct EAP type and computer authentication using Group Policy.
My dilemma is I have several wireless barcode scanners that we use in our warehouse that need to be on the corporate LAN. These devices run Windows CE 6 and are not part of the domain. So, basic question is, what is the best practice for using device like
these with PEAP-TLS?
Do I have to request a computer certificate for each barcode scanner? Or do I just request one and import the same certificate on to all of my devices? And how do I request a computer certificate for these devices? Is this typically done from the device
or is there another preferred method?
Can someone provide me with some general direction on how best to work with NPS, RADIUS, and non-domain clients like these barcode scanners?
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.