I am using my DC as a NPS Microsoft RADIUS server for wireless authentication. I was having problems with computers that are not able to join a domain (Windows 7 Home Edition) to join using a valid AD account and password, I can't authenticate this devices unless these devices belong to the windows domain. Any help would be greatly appreciated.
Solved! Go to Solution.
Authenticate using PEAP and MSCHAPv2.
You'll need to install your CA certificate on the non-domain computers in their trusted root authorities certificate store before they'll trust your NPS server.
Thanks for the quickly answer Philip.
I'm authenticating using PEAP and MSCHAPv2 and works in windows computers thar are in our windows domain, they have our certificate generate with our windows CA in our DC.
But my problem is with windows providers's computers, consultants..., that I can't install anything in their computers, or they don't have permission to install anything. I can't install our certificate.
Is it possible that work with something like appear a warning error by certificate accept and go into the wifi?, as it is working with IOS and android devices. Maybe I have to use a public certificate, but my windows domain is xxxx.org, it isn't public, I think I can't have a public certificate for my DC like server01.xxx.org. Sorry if I tell something wrong, but the certificate world it is a new subject for me 🙂
Thank you Philip for the answer.
I think so, then I have a problem, I don't want to implement WPA2, but it seems the solution.
@PhilipDAth is right. This is why I like to purchase certs for NPS servers. That way they are already trusted.