Unifi APs connect clients based on Machine account in AD
-
@Dashrender said:
@thecreativeone91 said:
@coliver said:
@Dashrender said:
I need the machines that I control to be attached to the WiFi pre-logon. This allows anyone with a domain account to log onto the machine.
For private devices, this isn't an issue as we don't allow personal devices on the network.
If I remember correctly NPS allows pre-authentication for domain devices and then "re-authenticates" when the user logs in.
NPS doesn't re-authenticate it. It's just it passes the credentials to the 802.1x authentication first to the NPS server, logs in then will to SSO to login on the computer, using the same credentials. NPS isn't involved in that part of the configuration, you enable it via a GPO.
I don't understand - can you explain it another way?
What coliver seems to be saying is that there is double authentication, but unless you're moving the client (laptop) to another VLAN based on the user who is logging in, I don't understand why you would authenticate the user after the machine has already authenticated.
He's talking about if you are using User Based Authentication.
-
You're loosing me here.
@coliver said:
If I remember correctly NPS allows pre-authentication for domain devices and then "re-authenticates" when the user logs in.
@thecreativeone91 said:
He's talking about if you are using User Based Authentication.
Are you saying that MS now supports WiFi association and logon during the logon process? This would be like the old VPN pre-authentication check box you could add with specific VPN clients if it's true - though there would need to be some sort of prompt to choose the correct SSID.
-
@Dashrender said:
@thecreativeone91 said:
@coliver said:
@Dashrender said:
I need the machines that I control to be attached to the WiFi pre-logon. This allows anyone with a domain account to log onto the machine.
For private devices, this isn't an issue as we don't allow personal devices on the network.
If I remember correctly NPS allows pre-authentication for domain devices and then "re-authenticates" when the user logs in.
NPS doesn't re-authenticate it. It's just it passes the credentials to the 802.1x authentication first to the NPS server, logs in then will to SSO to login on the computer, using the same credentials. NPS isn't involved in that part of the configuration, you enable it via a GPO.
I don't understand - can you explain it another way?
What coliver seems to be saying is that there is double authentication, but unless you're moving the client (laptop) to another VLAN based on the user who is logging in, I don't understand why you would authenticate the user after the machine has already authenticated.
He was having some major technical issues this morning following discussions and getting very confused. Might have been just making this stuff up to like he was on the other threads.
