Meraki NPS Radius Authentication deny non domain joined devices

yurakoresh
Comes here often

Meraki NPS Radius Authentication deny non domain joined devices

Hello,

We have setup Meraki NPS Radius Authentication and it works like it should the only issue that non domain joined devices are able to connect to the radius SSID as we are giving out certificate automatically. What's the best solution to block non domain joined devices? If you have detailed steps would greatly appreciate that.

Thanks.

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal

Configure group policy to deploy certificates from an enterprise CA to each machine.  Configure a group policy to perform machine-based authentication.

Configure NPS to only do certificate-based authentication and restrict the user to "Domain Computers".

yurakoresh
Comes here often

Hello,

We are using users based authentication to allow only certain OUs to have access to WiFi. Can it be configured at the same time with machine-based authentication?

DHAnderson
Head in the Cloud

The process for JumpCloud would be:

1 import AD users into JumpCloud

2. Create a group and add the users who should have access to the WiFi

3. Go to RADIUS and setup RADIUS and assign the group to the RADIUS Configuration.

4. Setup SSID to use Enterprise with my RADIUS server and enter in the information for JumpCloud's RADIUS servers

 

PM me if you want more information about JumpCloud.

 

-Dave

 

 

 

 

Dave Anderson
yurakoresh
Comes here often

Let me get a little more specifics.

Right now we have configured NPS to authenticate with AD Users that are part of a certain Domain Group. And in our case laptops that are not part of the domain are still able to use the same AD credentials and login to the same corporate WiFi and we are trying to stop that and have only domain joined devices able to connect to the corporate WiFi. How can we authenticate only certain users OUs and to only domain joined devices ?

PhilipDAth
Kind of a big deal
Kind of a big deal

Use certificate-based authentication, and create an AD group of who is allowed access, and configure NPS to restrict access to that group.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels