I already have a RADIUS/NPS deployed. My current solution is the WIN2008R2 NPS and help me authenticating 802.1X clients (HP Switches), Alcatel IP Phones (MD5 enabled) and VPN PPTP Clients (incoming connections through a Fortigate appliance)
Now, i need to solve a problem with my Ruckus Zone Director and a limitation of 128 MAC addresses per SSID in my controlled SSID
To avoid the 128 MACs limitation someone suggested to use MAC Address Authorization, see:
http://forums.ruckuswireless.com/forums/8/topics/885
But as far as i know, i need to make changes in the NPS that can turn the current configurations impossible to use without impacting my 802.1X, VPN and IP Phone clients.
NPS: Override User-Name
http://technet.microsoft.com/en-us/library/dd197553(v=ws.10).aspx
"...
If you set Override User-Name to 1 and the User Identity Attribute to 31, the authenticating server can perform only Automatic Number Identification/Calling Line Identification (ANI/CLI)-based authentication. Normal authentication by using authentication protocols,
such as Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) and Extensible Authentication Protocol (EAP), is disabled
..."
So, how can i deploy NPS MAC Address authentication using my current NPS deployment without changing my current configurarions, just adding?
MAC Address Authorization
http://technet.microsoft.com/en-us/library/dd197535(v=ws.10).aspx
NPS: User Identity Attribute
http://technet.microsoft.com/en-us/library/dd197523(v=ws.10).aspx
↧
MAC Address Authorization in a pre-existing RADIUS/NPS environment
↧