Security

Reply
Contributor I
Posts: 21
Registered: ‎05-31-2011

Authenticate Non-Domain Machine against NPS to give access to corporate LAN

Just wondering if anyone has any suggestions on this or if I am even going about this the right way.

 

I am trying to get a non-domain machine authenticated agains my NPS server to give it network acces. The device is a wireless barcode scanner for inventory that needs to talk back to the database sitting on our corporate LAN.

 

I already have a WLAN for our corporate LAN that does machine authentication for domain comuters and gives that laptop access to the LAN but I am struggling on how to get a non-domain machine onto our network.

 

I have created a self signed certificate on my NPS server and exported it and installed it onto the non domain machine and added Microsoft Smard Card or other certificate with the self signed certificate to the Authentication Methods to the existing rules on my NPS hoping that this would be all I need to do to allow the machine with the self signed cert access to the network. But it is not working. The machine just pops up a message saying in can not connect to the WLAN. 

 

Not sure if there is something configured wrong on the Aruba controller or my NPS server

 

Is this even the a possible way of getting a non domain machine access to my corporate LAN or am I going about this all wrong. If there are any other ideas or a better way of accomplishing this I would really appreciate any suggestions.

 

If you need more details please let me know and I will provide as much as possible.

Guru Elite
Posts: 8,204
Registered: ‎09-08-2010

Re: Authenticate Non-Domain Machine against NPS to give access to corporate LAN

Are you doing username password authentication or certificates for users?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 21
Registered: ‎05-31-2011

Re: Authenticate Non-Domain Machine against NPS to give access to corporate LAN

Username and password for the users

Guru Elite
Posts: 8,204
Registered: ‎09-08-2010

Re: Authenticate Non-Domain Machine against NPS to give access to corporate LAN

You need to use the Protected EAP option on the client, not smartcard. 


Thanks, 
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 21
Registered: ‎05-31-2011

Re: Authenticate Non-Domain Machine against NPS to give access to corporate LAN

If I wanted to use the certificate for the user would I select the smartcard or certificate option?

 

I tried the Protected EAP and still could not get connected on the non-domain device

Guru Elite
Posts: 8,204
Registered: ‎09-08-2010

Re: Authenticate Non-Domain Machine against NPS to give access to corporate LAN

Did you issue a client certificate to the device? It sounds like the certificate you installed was the server cert.



Thanks, 
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 21
Registered: ‎05-31-2011

Re: Authenticate Non-Domain Machine against NPS to give access to corporate LAN

All I have done so far was created the self signed certificate on the NPS server exported the root certificate with just the public key and then installed that onto the non domain device in the Trusted Root Certification Authorities section.

 

I have not issued any client certificates yet. Should that be my next step?

 

 

Guru Elite
Posts: 8,204
Registered: ‎09-08-2010

Re: Authenticate Non-Domain Machine against NPS to give access to corporate LAN

Yes, you would need to create an AD certificate authority unless you have an existing PKI infrastructure. 


Thanks, 
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 21
Registered: ‎05-31-2011

Re: Authenticate Non-Domain Machine against NPS to give access to corporate LAN

ok I will look into this and see what I can come up with. We do have an existing AD Certificate Authority so hopefully i can get something to work.

 

If i get anything working I'l post what i did

 

Thanks for the input!

Guru Elite
Posts: 8,204
Registered: ‎09-08-2010

Re: Authenticate Non-Domain Machine against NPS to give access to corporate LAN

Is there any specific reason why you're not just doing username/password?
Just curious.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: