cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How does a non-domain computer uses authentication in NPS Microsoft server?

SOLVED
CBM
Here to help

How does a non-domain computer uses authentication in NPS Microsoft server?

I am using my DC as a NPS Microsoft RADIUS server for wireless authentication.  I was having problems with computers that are not able to join a domain (Windows 7 Home Edition) to join using a valid AD account and password, I can't authenticate this devices unless these devices belong to the windows domain. Any help would be greatly appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: How does a non-domain computer uses authentication in NPS Microsoft server?

Windows will only PEAP authenticate with a trusted RADIUS server.  If you can't install a certificate or change anything on their machine then their is no way they will be able to attach.

View solution in original post

5 REPLIES 5
Kind of a big deal

Re: How does a non-domain computer uses authentication in NPS Microsoft server?

Authenticate using PEAP and MSCHAPv2.

 

You'll need to install your CA certificate on the non-domain computers in their trusted root authorities certificate store before they'll trust your NPS server.

CBM
Here to help

Re: How does a non-domain computer uses authentication in NPS Microsoft server?

Thanks for the quickly answer Philip.

I'm authenticating using PEAP and MSCHAPv2 and works in windows computers thar are in our windows domain, they have our certificate generate with our windows CA in our DC.

But my problem is with windows providers's computers, consultants..., that I can't install anything in their computers, or they don't have permission to install anything. I can't install our certificate.

Is it possible that work with something like appear a warning error by certificate accept and go into the wifi?, as it is working with IOS and android devices. Maybe I have to use a public certificate, but my windows domain is xxxx.org, it isn't public, I think I can't have a public certificate for my DC like server01.xxx.org. Sorry if I tell something wrong, but the certificate world it is a new subject for me 🙂

Kind of a big deal

Re: How does a non-domain computer uses authentication in NPS Microsoft server?

Windows will only PEAP authenticate with a trusted RADIUS server.  If you can't install a certificate or change anything on their machine then their is no way they will be able to attach.

View solution in original post

Highlighted
CBM
Here to help

Re: How does a non-domain computer uses authentication in NPS Microsoft server?

Thank you Philip for the answer.

 

I think so, then I have a problem, I don't want to implement WPA2, but it seems the solution.

Getting noticed

Re: How does a non-domain computer uses authentication in NPS Microsoft server?

@PhilipDAth is right. This is why I like to purchase certs for NPS servers. That way they are already trusted.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.