Wireless Access

Hi All

I'm really hoping someone here can help me. We have some radius on windows server 2003 and others on server 2008r2 multiple school sites.

We have aruba installed in all school with various amounts of AP's. We have 3 SSID's 2 of which are non network access so just the internet, the other is for Domain computers only. We are really struggling to get this how we would like it in our schools.

We are trying to achieve this scenario:

All domain computer devices no matter who the user is, should be allowed newtork access and internet access. Using Radius.

The issue we are having is that under this condition, the laptop joins the wifi but as soon as a domain user logs in the wifi connection is then refused. If we allow and add domain users, users are able to access this SSID on any device using there domain credentials - which we just can't have! Its vital this cannot happen as we now have mutliple children accessing this wifi on there phone and tablets which are is not safe or secure.

How can we stop this but allow any domain device to connect with any credentials?

Having spoke to support, they are telling us this is not possible without clearpass, but we already pay a high amount for what we have and clearpass would cost us 10's of thousands of pounds. It just doesn't seem right that we cannot achieve this without clearpass ...

Any help would be greatly appreciated.

Thanks

Darren

Hi Cappalli

I'm not sure, this is all quite new to me. This probably sounds silly as my technical ability is quite high end, but radius is very new to me.

How would I check and if not configure?

Is anyone able to help then at all?

Like Tim said, this is what you need to configure in your wireless group policy:

Note the authentication mode below. Ensure your wireless group policy is the same and your domain machines will not attempt 802.1X user authentication.