Wireless Access

Hello,

 

Please slap me down if I haven't researched this properly, but I'd like some suggestions on how to configure Microsoft NPS on Server 2012, with Aruba W-AP225's, so that when a client connects through WPA2-ENT they will NOT be allowed on the network unless the certificate is pre-installed. I'm also trying to get this work with a mixed environment of Windows 8.1 workstations and OSX 10.10 Macs

 

I've spent a lot of time trying find answers and experimenting but just seem to come up blank on getting it to work. Keeping in mind, my NPS skills are basic.

 

If there's anyone out there to point me in the right direction it would be hugely appreciated.

 

Many thanks in advance,

MickTheTech

If you are using EAP-TLS (Client-Side Certificates, instead of username and password), you can do this.  If you are using EAP-PEAP (username and password), you cannot.  Only the client can check the server's certificate when using PEAP.  The server cannot check the client's certificate, because the client does not have an identifying certificate in PEAP.

This was something I was beginning to suspect, but my skills as they are I
wasn't too sure.

Is it possible to configure NPS to require both methods? Or is that just
silly?

The server can support two methods, but only a single method can be used by
a client at a time.

Thanks so much mate, greatly appreciate the assistance.

Regards