Security

Hello community;

 

I am trying to onboard a Windows 7 laptop (not domain joined).  I have created a basic profile, config set, etc, and I can get the onboard wizard to run.  After the wizard runs, I can see a certificate has been generated in the Onboard admin page.

 

My challenge is, how do I use it?  As far as I can see, the only thing the Onboard wizard did was install the root CA and radius server cert, then configure an 802.1x user profile using password authentication.  What I want is for the laptop to just authenticate itself to the network, pre-login, using the generated certificate.

 

Can anyone point me in the right direction?

So, two crucial things you will have to do:

 

- under Onboard> Configuration> Network Settings> Authentication, you need to make sure that under Windows Authentication, Certificate Store is set to "Machine".

- Under Onboard> Configuratoin> Network Settings> Access, you need to configure the Name  Parameter (this is just a friendly name  for the Profile and not the SSID), make sure security type is "Enterprise 802.1x", make sure the Security Version is WPA2 with AES, and Make sure the SSID is the network you want it to connect to.

 

Those are just two crucial things to do what you said, it obviously takes more to make it work, but I was just answering your question...

Thanks. I have the certs where they belong now, and the rest should hopefully be straightforward.



The problem was that the default Windows EAP protocol is PEAP. I had to change that to TLS first to get the Windows Authentication option to appear.