802.1x auth without certificate on clients

radius windows-server-2012-r2 nps
11,810

I actually have this exact setup on my network. All you need to do is add each AP as a "Trusted RADIUS Client" in NPS and configure the other settings as you see fit. On the UniFi, just add the correct information (IP and secret) for it to start working.

When connecting with Windows clients at least, you'll need to configure each one to not validate the server certificate if you don't have a trusted certificate installed or association will fail.

Share:
11,810

Related videos on Youtube

jlwoff
Author by

jlwoff

Updated on September 18, 2022

Comments

  • jlwoff
    jlwoff almost 2 years

    I'm trying to implement WPA-Enterprise authentication on my UniFi Controller (3.1.10) without the need for certificates on clients.

    My RADIUS server will be Windows Server 2012R2 with NPS role installed.

    All I want is for my devices (Macs + Android) to auth on the Wi-Fi with an AD account for the person using it.

    Could anyone shed any light on this scenario?

    Any help is much appreciated,

    Cheers!

    EDIT I have attempted to set this up from what @Nathan has mentioned below

    Added RADIUS Client http://i.stack.imgur.com/E4R9M.png

    Added Network Policy http://i.stack.imgur.com/M1N6r.png

    From an NPS view, does this look correct?

    • Beeb
      Beeb almost 10 years
      Wait but I think more discussion is needed to clarify that in your case you must have deployed Active Directory PKI already; the NPS server has certificate from that internal CA and the client needs to "not validate" since the client doesn't have the internal CA's root? Isn't there a way to make this work WITHOUT deploying Active Directory PKI but instead buy a certificate from Go Daddy and likes and import it onto the NPS server? Two birds with one stone; validation will work AND you don't have to deploy Active Directory PKI! Where does one buy the authentication purpose cert -- Authenticatio
  • jlwoff
    jlwoff over 10 years
    thanks @nathan - I have amended my post with an update, does this look similar to yours?
  • Nathan C
    Nathan C over 10 years
    That looks correct to me.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

NPS/RADIUS authentication across one-way trust
Failed Authentication Against Windows Server 2012 R2 RADIUS Using PAP
NPS Policy doesn't to respect the "Control access through NPS Policy" user attribute
Windows 10 won't connect to RRAS VPN
Authenticate Cisco ASA to Windows 2008 domain
NPS EAP authentication failing after Windows Update
Why would NPS suddenly stop authenticating users?
Third Party Wildcard Certificates for use with Microsoft NPS / RADIUS / PEAP
Authentication via RADIUS : MSCHAPv2 Error 691
Problem with network policy rule in Network Policy Server