Wireless Access

Reply
Occasional Contributor II

RADIUS server, prevent users from signing in

Hi guys, 

I have setup a secure network using a RADIUS server for authentication.  My question is, is there a way to prevent people from clicking on the network and entering their credentials to connect to the network.  I would like to have group policy to be the only way people connect to the network, if a computer is not joined to the domain, I dont want them to be able to connect to wireless network, dont want them to be able to join their personal devices to wireless by putting their domain credentials in.

Guru Elite

Re: RADIUS server, prevent users from signing in

Yes, you can leverage machine authentication.

What RADIUS server are you using?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: RADIUS server, prevent users from signing in

Unfortunately you can't do that , you could try hidding the SSID but if the user knows the name or has already saved you can't prevent the user from attempting to authenticate.

 

Why are you trying to do this ?

 

Are you using ClearPass ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: RADIUS server, prevent users from signing in

using SBS2011 as my RADIUS server

Occasional Contributor II

Re: RADIUS server, prevent users from signing in

If I hide the SSID, then it does not seem to connect users to the network automatically any more, I just dont want users to be able to connect their personal phone, tablet etc.. to this network by having the option to put in their domain credentails

Guru Elite

Re: RADIUS server, prevent users from signing in

Occasional Contributor II

Re: RADIUS server, prevent users from signing in

thanks Tim, have already done all of that, didnt see anything in article about preventing someone from clicking on wireless network from personal device and putting in their domain credentials and joining network which is what I am trying to do

Re: RADIUS server, prevent users from signing in

Tim is still pointing you to the machine authentication part of the solution to this. page 33.

 

if you use machine authentication and enable the corresponding section on the controller dot1x profile (i believe) then you can exclude non domain joined machine (i.e. smartphones, tablets, ...) from authentication on your SSID.

 

that is pretty much the only thing you can do with NPS. with ClearPass you get some extra options. but this remains a tricky thing to work out.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: