1

I'm trying to implement WPA-Enterprise authentication on my UniFi Controller (3.1.10) without the need for certificates on clients.

My RADIUS server will be Windows Server 2012R2 with NPS role installed.

All I want is for my devices (Macs + Android) to auth on the Wi-Fi with an AD account for the person using it.

Could anyone shed any light on this scenario?

Any help is much appreciated,

Cheers!

EDIT I have attempted to set this up from what @Nathan has mentioned below

Added RADIUS Client https://i.stack.imgur.com/E4R9M.png

Added Network Policy https://i.stack.imgur.com/M1N6r.png

From an NPS view, does this look correct?

jlwoff
  • 21
  • 1
  • 1
  • 4
  • Wait but I think more discussion is needed to clarify that in your case you must have deployed Active Directory PKI already; the NPS server has certificate from that internal CA and the client needs to "not validate" since the client doesn't have the internal CA's root? Isn't there a way to make this work WITHOUT deploying Active Directory PKI but instead buy a certificate from Go Daddy and likes and import it onto the NPS server? Two birds with one stone; validation will work AND you don't have to deploy Active Directory PKI! Where does one buy the authentication purpose cert -- Authenticatio – Beeb Sep 18 '14 at 20:53

1 Answers1

2

I actually have this exact setup on my network. All you need to do is add each AP as a "Trusted RADIUS Client" in NPS and configure the other settings as you see fit. On the UniFi, just add the correct information (IP and secret) for it to start working.

When connecting with Windows clients at least, you'll need to configure each one to not validate the server certificate if you don't have a trusted certificate installed or association will fail.

Nathan C
  • 15,059
  • 4
  • 43
  • 62