I am using a 2008 r2 dc that also performs Radius (NPS), I also have a 2008 r2 certificate authority which is giving out certificates.
The computers are getting the certificate and when a user logs into the device (that has previously logged in) gets put on the correct VLAN (according to there user access).
However I cant get the computers to join the wireless network prior to logging in, so that they can log in with their domain accounts and authenticate through the wireless.
The basic setup is Computer gets group policy which tells it to get a certificate the computer then has a seperate vlan to join just as a computer account however the wireless computer wont connect through that vlan. (this vlan allows login information only then once the users credentials are verified it puts them onto another VLAN).
So I am trying to work out why the notebook wont auto connect to the wireless network as a computer.
Thanks
forgot to mention Win 7 ent client.
EDIT: I got this to work however I am having the issue that if someone who doesnt have the certificate eg an iphone get prompted whether they want to accept the certificate once you select accept it lets you join the network.
I have tried to make it that your device has to be part of a certain group however when this happens, even a valid computer that is in the correct group cannot join.
Has anybody else experienced this?
Best Answer
If the laptops have intel proset wifi cards, than you can utilize "intel proset wireless pre-logon connect" via the administrative tool. It lets you create an executable about 100KB that applies one or many wireless profiles that can authenticate to WAPs prior to windows logon. I did this and pushed it out via group policy so I could VNC to Windows 7 workstations prior to any user logging on. I was using pre shared keys but I recall seeing radius instructions in the manual too.