Wireless Access

Reply
Occasional Contributor I

Configuring Microsoft NPS to require the certificate before allowing access.

Hello,

 

Please slap me down if I haven't researched this properly, but I'd like some suggestions on how to configure Microsoft NPS on Server 2012, with Aruba W-AP225's, so that when a client connects through WPA2-ENT they will NOT be allowed on the network unless the certificate is pre-installed. I'm also trying to get this work with a mixed environment of Windows 8.1 workstations and OSX 10.10 Macs

 

I've spent a lot of time trying find answers and experimenting but just seem to come up blank on getting it to work. Keeping in mind, my NPS skills are basic.

 

If there's anyone out there to point me in the right direction it would be hugely appreciated.

 

Many thanks in advance,

MickTheTech

Guru Elite

Re: Configuring Microsoft NPS to require the certificate before allowing access.

If you are using EAP-TLS (Client-Side Certificates, instead of username and password), you can do this.  If you are using EAP-PEAP (username and password), you cannot.  Only the client can check the server's certificate when using PEAP.  The server cannot check the client's certificate, because the client does not have an identifying certificate in PEAP.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Configuring Microsoft NPS to require the certificate before allowing access.

This was something I was beginning to suspect, but my skills as they are I
wasn't too sure.

Is it possible to configure NPS to require both methods? Or is that just
silly?
Guru Elite

Re: Configuring Microsoft NPS to require the certificate before allowing access.

The server can support two methods, but only a single method can be used by
a client at a time.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Configuring Microsoft NPS to require the certificate before allowing access.

Thanks so much mate, greatly appreciate the assistance.

Regards
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: