Wireless Access

Reply
Occasional Contributor II
Posts: 12
Registered: ‎10-30-2015

Radius - Domain Computers/Domain Users

Hi All

 

I'm really hoping someone here can help me. We have some radius on windows server 2003 and others on server 2008r2 multiple school sites.

We have aruba installed in all school with various amounts of AP's. We have 3 SSID's 2 of which are non network access so just the internet, the other is for Domain computers only. We are really struggling to get this how we would like it in our schools.

We are trying to achieve this scenario:

 

All domain computer devices no matter who the user is, should be allowed newtork access and internet access. Using Radius.

The issue we are having is that under this condition, the laptop joins the wifi but as soon as a domain user logs in the wifi connection is then refused. If we allow and add domain users, users are able to access this SSID on any device using there domain credentials - which we just can't have! Its vital this cannot happen as we now have mutliple children accessing this wifi on there phone and tablets which are is not safe or secure.

How can we stop this but allow any domain device to connect with any credentials?

 

Having spoke to support, they are telling us this is not possible without clearpass, but we already pay a high amount for what we have and clearpass would cost us 10's of thousands of pounds. It just doesn't seem right that we cannot achieve this without clearpass ...

 

Any help would be greatly appreciated.

 

Thanks

Darren

Guru Elite
Posts: 8,451
Registered: ‎09-08-2010

Re: Radius - Domain Computers/Domain Users

Did you configure the clients for Computer Only authentication via group
policy?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 12
Registered: ‎10-30-2015

Re: Radius - Domain Computers/Domain Users

Hi Cappalli

I'm not sure, this is all quite new to me. This probably sounds silly as my technical ability is quite high end, but radius is very new to me.

How would I check and if not configure?

Occasional Contributor II
Posts: 12
Registered: ‎10-30-2015

Re: Radius - Domain Computers/Domain Users

Is anyone able to help then at all?

MVP
Posts: 975
Registered: ‎04-13-2009

Re: Radius - Domain Computers/Domain Users

Like Tim said, this is what you need to configure in your wireless group policy:

 

Note the authentication mode below. Ensure your wireless group policy is the same and your domain machines will not attempt 802.1X user authentication.

33c00edc-4b0a-402a-8e0a-d6544b74060d-1.png

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
Showing results for 
Search instead for 
Did you mean: