Microsoft Nps 802.1x Mac Authentication

-->

2015-1-12  I am looking at having our small number of mac users to be able to connect to the wireless which is using 802.1x and computer account authentication against a windows nps server (so the machine can join the wireless and pull profiles, get group policy etc). Configuring Microsoft NPS for MAC-Based RADIUS - MS Switches. Table of contents. Benefits of MAC-Based RADIUS. Adding MS Switches as RADIUS clients on the NPS Server. Create a user account in Active Directory for a connecting device. Configuring a NPS Connection Request Policy. Configuring a NPS Network Policy.

Applies To: Windows Vista, Windows XP, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8

This document provides introductory information about Institute of Electrical and Electronics Engineers (IEEE) 802.1X authenticated access for IEEE 802.3 wired Ethernet connections. Links to resources with information about technologies that are closely related to 802.1X Authenticated Wired Access, or otherwise relevant to wired access are also provided.

Note How do i download microsoft word for free on mac.

In addition to this topic, the following 802.1X Authenticated Wired Access documentation is available.What's New in 802.1X Authenticated Wired Access

Did you mean…

  • Netsh Commands for Wired Local Area Network (LAN) in the Windows Server 2008 R2 and Windows Server 2008 technical library on TechNet.

  • 802.1X Authenticated Wired Access in the Windows Server 2008 R2 and Windows Server 2008 technical library on TechNet.

Feature description

IEEE 802.1X authentication provides an additional security barrier for your intranet that you can use to prevent guest, rogue, or unmanaged computers that cannot perform a successful authentication from connecting to your intranet.

For the same reason that administrators deploy IEEE 802.1X authentication for IEEE 802.11 wireless networks—enhanced security—network administrators want to implement the IEEE 802.1X standard to help protect their wired network connections. Just as an authenticated wireless client must submit a set of credentials to be validated before being allowed to send wireless frames to the intranet, an IEEE 802.1X wired client must also perform authentication prior to being able to send traffic over its switch port.

Important terminology and technology overviews

Following are overviews that will help you to understand the various technologies that are required to deploy 802.1X authenticated wired access.

Microsoft Nps 802.1x Mac Authentication

Note

In this document, 802.1X authenticated wired access is referred to as wired access.

IEEE 802.1X

The IEEE 802.1X standard defines the port-based network access control that is used to provide authenticated wired access to Ethernet networks. This port-based network access control uses the physical characteristics of the switched Local Area Network (LAN) infrastructure to authenticate devices attached to a LAN port. Access to the port can be denied if the authentication process fails. Although this standard was designed for wired Ethernet networks, it has also been adapted for use on 802.11 wireless LANs.

IEEE 802.1X-capable wired Ethernet switches

To deploy 802.1X wired access you must install and configure one or more 802.1X-capable Ethernet switches on your network. The switches must be compatible with the Remote Authentication Dial-In User Service (RADIUS) protocol.

When 802.1X and RADIUS-compliant switches are deployed in a RADIUS infrastructure, with a RADIUS server such as an NPS server, they are called RADIUS clients.

IEEE 802.3 Ethernet

IEEE 802.3 is a collection of standards that defines the Layer-1 (physical layer) and Layer-2 (data-link layer media access control (MAC)) of wired Ethernet. 802.3 Ethernet is typically implemented on a LAN, and also in some wide area network (WAN) applications.

Network Policy Server

Network Policy Server (NPS) lets you centrally configure and manage network policies by using the following three components: RADIUS server, RADIUS proxy, and Network Access Protection (NAP) policy server. NPS is required to deploy 802.1X wired access.

Server certificates

Wired access deployment requires server certificates for each NPS server that performs 802.1X authentication.

A server certificate is a digital document that is commonly used for authentication and to help secure information on open networks. A certificate securely binds a public key to the entity that holds the corresponding private key. Certificates are digitally signed by the issuing certification authority (CA), and they can be issued for a user, a computer, or a service.

A CA is an entity responsible for establishing and vouching for the authenticity of public keys that belong to subjects (usually users or computers) or other CAs. Activities of a CA can include binding public keys to distinguished names through signed certificates, managing certificate serial numbers, and revoking certificates.

Active Directory Certificate Services (AD CS) is a Windows Server 2012 server role that issues certificates as a network CA. An AD CS certificate infrastructure, also called a public key infrastructure (PKI), provides customizable services for issuing and managing certificates for the enterprise.

EAP

Extensible Authentication Protocol (EAP) extends Point-to-Point Protocol (PPP) by enabling additional authentication methods that use credential and information exchanges of arbitrary lengths. With EAP authentication, both the network access client and the authenticator (such as an NPS server) must support the same EAP type for successful authentication to occur.

New and changed functionality

In Windows Server 2012, wired access includes only minimal changes to the wired access solution provided in Windows Server 2008 R2. That change is summarized as follows:

Feature/functionality

Previous operating system

New operating system

The addition of EAP-Tunneled Transport Layer Security (EAP-TTLS) to the list of network authentication methods that are included by default

Not included

Included by default

See also

Following is a table of resources related to 802.1X authenticated wired access.

Content type

References

Product evaluation

IEEE 802.1X Authenticated Wired Access – Cable Guy article

Planning

Windows Server 2008 802.1X Authenticated Wired Access Design Guide

Deployment

Windows Server 2008 802.1X Authenticated Wired Access Deployment Guide Windows Server 2008 R2 Core Network Companion Guide: Deploying Password-based 802.1X Authenticated Wireless Access

Operations

Windows Server 2008 R2 Netsh Commands for Wired Local Area Network (LAN)

Troubleshooting

Windows Server 2008 R2 Network Diagnostics Framework (NDF) and Network Tracing

Security

Not applicable

Tools and settings

Content not available

Community resources

Content not available

Related technologies

Windows Server 2008 R2 802.1X Authenticated Wireless Access Windows Server 2008 R2 Network Policy and Access Services

To use Login Window Mode for 802.1X authentication on your Mac, here's what you need:

  • A bind to an Active Directory (AD) or Open Directory (OD) server
  • A network configuration profile installed that enables Login Window Mode for the desired Ethernet interface or Wi-Fi network

Authenticate with Login Window Mode

Microsoft Nps 802.1x Mac Authentication Key

To authenticate with 802.1X at the login screen, select Other from the list of users, then enter your user name and password. Then, in the pop-up menu, select the network interface that you want to authenticate with, then click .

Https Account Live Apps Upsell App Authenticator

Change login display options

To change the login display to always ask for the user name and password, follow these steps:

  1. Choose Apple () menu > System Preferences, then click Users & Groups.
  2. In the sidebar, click Login Options. You might need to click in the lower left corner and authenticate before you can make changes.
  3. Next to “Display login window as,” select “Name and password.”

You can also use a configuration profile to set the login window to display the name and password fields.

Use Login Window Mode with FileVault

When you use FileVault, you are automatically logged into your user account after you unlock your disk. To use 802.1X authentication at the login window when FileVault is on, disable automatic login.

To turn off automatic login when FileVault is on, enter this command in Terminal:

If you want to turn automatic login back on, enter this command in Terminal: