Windows wireless connection using 802.1x Radius not autoconnecting when settings are imported

SOLVED
JordanCNolan
Here to help

Windows wireless connection using 802.1x Radius not autoconnecting when settings are imported

Just about to switch all the users over to using 802.1X with custom RADIUS authentication from PSK (WPA2) but I am having a little trouble getting the clients to connect without any user intervention.

 

When I would setup the PSK (WPA2) SSIDs I would configure one of the computers and export the configuration using:

 

Netsh wlan export profile [“profile name”] [key=clear] folder=”C:\Temp”

Which would create the WiFi-NetworkName.xml then I would just create a script to run

Netsh wlan add profile filename=WiFi-NetworkName.xml user=all

 

After running the "add profile", clients would just connect automatically to the SSID.  I am doing the same thing with the new 802.1x setup but the users still have to select the network once and click Connect even though I have the Windows Group setting set to include Domain Computers.

 

After I push down the wireless settings I can go to a computer at the Windows logon screen and click the Wireless option where I can see the SSID.  I just have to click Connect and I am on.  I just want to eliminate that step.

 

Here is the XML file used for Netsh wlan add:

 

<name>Secure-Emp</name>
<SSIDConfig>
<SSID>
<hex>5365637572652D456D70</hex>
<name>Secure-Emp</name>
</SSID>
<nonBroadcast>false</nonBroadcast>
</SSIDConfig>
<connectionType>ESS</connectionType>
<connectionMode>auto</connectionMode>
<autoSwitch>false</autoSwitch>
<MSM>
<security>
<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
</authEncryption>
<EAPConfig>
<EapMethod>
</EapMethod>
<Type>25</Type>
<ServerValidation>
<DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
<ServerNames/>
</ServerValidation>
<FastReconnect>true</FastReconnect>
<InnerEapOptional>false</InnerEapOptional>
<Type>26</Type>
<UseWinLogonCredentials>true</UseWinLogonCredentials>
</EapType>
</Eap>
<EnableQuarantineChecks>false</EnableQuarantineChecks>
<RequireCryptoBinding>false</RequireCryptoBinding>
<PeapExtensions>
<PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</PerformServerValidation>
<AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName>
</PeapExtensions>
</EapType>
</Eap>
</Config>
</EapHostConfig>
</EAPConfig>
</OneX>
</security>
</MSM>
</WLANProfile>
1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

Are these AD attached computers?

 

If so, use group policy.  Much simpler.

View solution in original post

2 REPLIES 2
PhilipDAth
Kind of a big deal
Kind of a big deal

Are these AD attached computers?

 

If so, use group policy.  Much simpler.

Used the GPO method.  It was a little bit of a pain getting all the settings correct, but it worked out better.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels