01-26-2016 11:49 AM
I have setup a secure network using a RADIUS server for authentication. My question is, is there a way to prevent people from clicking on the network and entering their credentials to connect to the network. I would like to have group policy to be the only way people connect to the network, if a computer is not joined to the domain, I dont want them to be able to connect to wireless network, dont want them to be able to join their personal devices to wireless by putting their domain credentials in.
Solved! Go to Solution.
01-26-2016 11:53 AM
Unfortunately you can't do that , you could try hidding the SSID but if the user knows the name or has already saved you can't prevent the user from attempting to authenticate.
Why are you trying to do this ?
Are you using ClearPass ?
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
01-26-2016 01:08 PM
If I hide the SSID, then it does not seem to connect users to the network automatically any more, I just dont want users to be able to connect their personal phone, tablet etc.. to this network by having the option to put in their domain credentails
01-26-2016 01:10 PM
01-27-2016 06:23 AM
thanks Tim, have already done all of that, didnt see anything in article about preventing someone from clicking on wireless network from personal device and putting in their domain credentials and joining network which is what I am trying to do
01-31-2016 05:39 AM
Tim is still pointing you to the machine authentication part of the solution to this. page 33.
if you use machine authentication and enable the corresponding section on the controller dot1x profile (i believe) then you can exclude non domain joined machine (i.e. smartphones, tablets, ...) from authentication on your SSID.
that is pretty much the only thing you can do with NPS. with ClearPass you get some extra options. but this remains a tricky thing to work out.