1

First off, I am not a sysadmin, so feel free to correct any mistakes in my question.

We have a Windows Server 2008 R2 domain with 802.1X authenticated wireless access for laptops with Windows 7 installed. Most of the laptops are in the domain, but some are not. The people using those machines do have a domain user account to access network resources, but are not logged on to the machine with that account.

How can we allow the windows 7 machines that are not in the domain to connect to the wireless network?

stombeur
  • 125
  • 1
  • 6

2 Answers2

3

Under advanced network properties of that SSID untick "use logged on user's credentials to connect to this network" and then you will get a prompt for the username and password or a balloon tip to say additional information required. Click on it and type domain\username and then the password. Thats it!

rabbid
  • 56
  • 1
  • actually, on windows 7 it's a bit more complex: in advanced settings, choose 'user authentication'. Click on 'Settings' for PEAP, click on 'configure' for EAP-MSCHAPv2 and uncheck 'automatically use my windows logon name and password (and domain if any)'. But still, this was the right approach, so thanks! – stombeur Dec 14 '11 at 14:05
0

The Windows wireless client would not let you use arbitrary credentials for PEAP-MSCHAPv2. But you could set up a new WLAN to use PEAP-TLS with certificates instead of password-based MSCHAPv2 authentification. Certificates can be used on non-domain machines as well with only minor limitations. See the technet docs for details on how to set this up.

the-wabbit
  • 40,319
  • 13
  • 105
  • 169
  • `The Windows wireless client would not let you use arbitrary credentials` - apparently this is outdated / has changed. Try rabbid's solution instead - seems easier than setting up a CA and an additional wireless network. – the-wabbit Dec 14 '11 at 10:36