Wifi clients, Radius auth, and Ipods
I have a IAS config question.
I have setup radius auth for wifi clients running over ruckus gear and it works all well. The config i followed was the "ashbys IAS" doc thats floating around here.
Ill admit Radius-auth isnt my strngest suit so please bear with me.
What i have is a WLAN that requires radius auth -- this required me to create a server certificate (from local CA) which clients then installed automatically. Clients then had to change EAP type to PEAP, select the CA cert to validate and hey-ho connection.
On the radius server i setup the RAP to enable "domain computers" OR "domain users".
Now i have students joining this WLAN with their Ipods/iphones/Mac's in general because when they authenticate against the WLAN it shows up "certificate not trusted" which they can accept and again hey-ho. Connection.
Obviously i have setup the wifi auth incorrectly, or expecting the wrong result.
What id like to do is to restrict access to this WLAN to computers and any user logged into that computer that are part of the domain. Opposed to "domain users" as it is now apparent to me this will include any device that passes correct AD credentals.
Can any one shed some light or point to a more relevant auth scheme?
Thanks in advance