I don't agree with that statement. EAP-TLS (or EAP-TEAP) should be used to authenticate all users (where feasible).
Personally, I don't have this experience with NPS, but you can request a (user) certificate manually from your ADCS (or other CA) and install that on non-domain joined clients. In the real world, for somewhat larger than really small, you want to automate that process, in which case a MDM/EMM (Mobile Device Management) solution can help in getting the certs deployed automatically to devices that you can bring under its control. For non-managed devices, you could have a look at ClearPass Onboard to get the certificate requested and installed in a simple-to-follow procedure for the user.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 06, 2021 01:13 AM
From: harendra nishshanka
Subject: EAP-TLS with NPS
To have EAP-TLS authentication client should have certificate installed on his computer and it should be domain machine.
As per my understanding eap-tls is not a recommended way to authenticate non domain users.
Original Message:
Sent: 7/5/2021 12:09:00 PM
From: pete2020
Subject: EAP-TLS with NPS
HI Airheads,
we have a customer with Aruba AP's and controllers (V8).
They have NPS for a RADIUS server and they want to do EAP-TLS to NPS with NON-AD clients.
I was wondering is there a way of authenticating clients with EAP-TLS that are not AD members?
I know i have to consider revocation but just want to get EAP-TLS going to begin with.
regards
Pete
------------------------------
Pete Elms
------------------------------