Hi Colin,
That's one of my problems.
The client tried to have its RADIUS server authenticating the MAC Addresses. We followed these instructions:
Creating User Accounts in Active Directory for MAC-based Authentication Table of Contents
No headers
With MAC based authentication, domain member computers use the MAC address of their wireless interface as the username and password. Therefore each domain computer requires an associated Windows User account in Active Directory to authenticate. This User account is not the same as its Active Directory computer object. After the User accounts have been created, they can be placed in a Windows security group for authentication.
Suppose a Windows domain member computer has the MAC address 01:23:45:67:8a:bc on its wireless interface. When connecting to an SSID where MAC based authentication is required, the computer will send its username and password as 01234679abc. This is the MAC address without uppercase or delimiting characters.
- Open Active Directory Users and Computers console.
- Right click the OU where you want to create the User account.
- Select New>User.
- Enter a value in the Full name field.
- Enter the MAC address without uppercase or delimiting characters for User logon name.
- Click Next.
- Enter the password which is the same string as the User logon name. Make sure to check User cannot change password and Password never expires.
- Click Next.
- Click Finish.
Perform these steps for each computer you want to authenticate. Once the User accounts are created add them to the appropriate Windows security group that is specified in the NPS policy.
###################################################################################
Unfortunately, by client's own domain rules, passwords have to have some degree of complexity thus rendering it impossible to do it this way.
What I was trying to achieve in the Virtual Controller was something like this:
For MAC authentication:
Create internal users with the devices MAC Addresses and have them authenticate againsta the controllers Internal Server.
having passed this level of authentication then I should go to the RADIUS Server.
But I think this is not possible.