Jul 20 2023 11:05 AM
Jul 20 2023 11:05 AM
So we have a somewhat unique situation that I am trying to figure out any solution that works.. We are currently using Meraki hardware for our wireless system and we have a directive from management to work to integrate out various systems so that we can deploy a company-wide wireless network(s) that used cert based authentication instead of the current username/password that times out every couple weeks.
For further context, we have windows based servers with a local AD domain synced to Office 365. We are also using one of our DCs as a CA, but it is not being used for anything.
We have several NPS servers setup and we can get our windows, domain joined machines to work fairly well on the Meraki System. The problem comes in with our Mac users. Our AD domain was setup moons ago when using a .int TLD for the domain name along with other best practice issues that would be too disruptive to properly fix. As of now, we can't get our Mac machines to properly authenticate or trust the Wi-Fi networks when we use the NPS profiles/certs.
We did recently get invested in a PKI system through digicert that we are currently using for our Client VPN and have been trying to use auto-enrolled certs from that, but similarly to no avail. The final nail in the coffin is that we are under a budget crunch, so investing in something like JumpCloud or some other online hosted RADIUS service is not happening anytime soon.
I have looked at the documentation for Setting up 802.1x and we can do user authentication fairly well, but we have been instructed to get machine/certificate based authentication working.
Long story short, what I am hoping to find is an article or video or something that discusses setting up windows NPS to interact with Meraki SSIDs so that both domain joined PCs and non-domain joined Macs can use one or more SSIDs to do cert based authentication.
Jul 27 2023 10:24 AM - edited Jul 27 2023 10:25 AM
You can issue certs to no corp devices if this is something you wish to do but may not be able to automate it.
Below is a link that you can use to get an idea about setting NPS up with certificate based authentication for Domain joined devices. Given that there are mac computers and are not domain joined, it could have been possible to join them to corporate wifi's by using intune and Apple business manager or conifgurator in which it makes it part of AAD Devices.
I suggest following the below guide for domain joined computers and then look at the second link from apple about Connecting Apple devices to 802.1X networks. As this should give you an Idea as what I am referring to with connecting using and MDM solution or Apple configurator to get your NPS setup going.
Connect Apple devices to 802.1X networks