question

MuhammadUmer-8263 avatar image
0 Votes"
MuhammadUmer-8263 asked CandyLuo-MSFT commented

Radius + AD + Machine auth before user logon

I have a windows server 2016 and I've configured Active Directory and DNS and Hyper-v on it.
In that physical server, I have created a VM which is another windows server and I made it my DHCP.

Need Solution:
I would like to allow machine joined the SSID without using users credentials, but the AD machine account.

Requirement
The objective is to build an automatic connection to a specific SSID before the user use his credentials.

The behavior I would like to have is :

  • First check if machine is in AD, if yes, then ok for connection

  • If Machine is not in AD (mobile users), ask for credentials


Kindly guide step wise procedure to achieve this task



windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered

Hi ,

As far as I know, there is no native way can achieve your goal. NPS cannot combine user and machine authentication to make a decision.

The similar thread has been discussed before, you could have a look:

Radius + AD + Machine auth before user logon

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MuhammadUmer-8263 avatar image
0 Votes"
MuhammadUmer-8263 answered CandyLuo-MSFT commented

No worries, if we can use only single authentication (machine) that is also fine.
Could you please share the solution for the Machine Authentication process.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.

0 Votes 0 ·
CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered

Hi ,

We need to use computer certificate to authenticate devices. The following article talking about how to create a computer template and deploy wireless profile with computer authentication to clients, you could have a look:

Wireless 802.1x Authentication Using Network Policy Server

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.