Meraki Wifi SSID - Prompt for credentials before windows logon

SLR
Building a reputation

Meraki Wifi SSID - Prompt for credentials before windows logon

I am looking to do the following below :  our current setup is RADIUS Authentication with WPA2-Enterprise 

 

 

What we want to have happen…

 

  1. Person receives a computer from IT
    1. Assuming the computer has already been added to the  Domain by one of our techs.
    2. Persons profile does NOT exist on the computer as they have never logged into it.  
  2. They need to connect to the WIFI SSID before they try to login to the computer.
    1. They should be able to connect to WIFI with their ID and Password (this is not logging into the computer yet)
  3. Once connected to WIFI, they can login to the computer with their ID and password and the windows profile gets created.

 

 

 

is this possible to do and if so how? 

6 REPLIES 6
NolanHerring
Kind of a big deal

So there is a little cart before the horse here. In order for them to be able to login for the first time, the machine has to be on the network (hardwired or wireless) for that to happen.

If its going to be on wireless, then the machine itself has to connect first, before the user. So you'll want to use machine authentication AND user authentication on your GPO policy for the SSID that is pushed to all the machines during their initial hardwired 'bring to life' moment.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
PhilipDAth
Kind of a big deal
Kind of a big deal

>Assuming the computer has already been added to the  Domain by one of our techs.

 

This is easy.  Configure your WAP2-Enterprise RADIUS server to allow both users and computers to attach to the WiFi network.  Configure the group policy to perform both computer+user authentication.

 

 

When the user starts up the machine it will automatically attach to your network using the computer account.  The user can now login on normally.  Once they complete logging in the machine re-authenticates as the user.

SLR
Building a reputation

Group policy on my domain controller correct? Not group policy on Meraki Dashboard.

PhilipDAth
Kind of a big deal
Kind of a big deal

>Group policy on my domain controller correct?

 

Correct.

SLR
Building a reputation

Can you give an example of what the Group Policy would look like on the DC  so I can pass it on to the infrastructure side? Would it look like this - Create a new GPO that is assigned/permissioned to the machines/users on the domain?

 

I only ask as it has been a while since I have been on infrastructure GP DC side of things 🙂

This video will explain the whole process of setting it up 

Server 2016 || Create Wireless Policy to Automatically Connect Laptops - YouTube

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels