04-22-2015 08:14 AM
04-22-2015 08:28 AM
No, you literally need to make user accounts for every device with the mac address as the username and password.
01-11-2016 08:42 AM
So I don't mean to hijack this thread, but I wanted some clarification. Setting an AD user object with the mac address as both the username and the password is a pretty large security hole, don't you think? That would mean that someone would only need to know a single mac address and they'll be able to log in to any service that relies on AD for authentication.
Is there a more secure way to implement this, or perhaps a mitigation technique to limit these 'users' exposure?
01-11-2016 08:43 AM
This is by no means a good practice but is something to help those who don't have ClearPass achieve basic MAC-authentication.
01-11-2016 10:39 AM
So then those of us without clearpass interested in mac auth + PEAP auth on the same SSID can use FreeRADIUS rather than MS NPS?
01-11-2016 10:42 AM
01-11-2016 10:43 AM - edited 01-11-2016 10:44 AM
Methods for authentication are limited by what a client supports. Whether or not it is 'best practice' is something that should be directed at the wireless sensor/embedded device maker. We're just here trying to make things work.