Single NPS server with separate user and computer policies for separate wireless networks?
The subject line probably doesn't make sense so thanks for reading.
Much as been written and discussed that you cannot combine user and computer authentication in a single NPS authentication policy, but that's not what I'm trying to solve.
Has anyone successfully configured a single Windows NPS server to perform authentication for both AD Computers and AD Users (separately, not combined) for wireless?
To go into detail of the two separate wireless networks in our Wi-Fi design, Domain-joined Computers have a specific wireless network which can talk to most of the LAN, i.e., domain controllers, etc. The computer object must be in the AD group named in the policy. When a computer matching the policy requests a connection it is automatically joined to the wireless network.
The other wireless network is for BYOD and has very limited access to the LAN but can reach our high-speed Internet. When attempting to join the network the user is asked for username and password.
Within NPS it does appear we can have multiple policies configured, one for each type, but I've not been able to make it work in practice.
Currently I have one NPS server setup for Computers and an entirely separate NPS for Users. Of course I'd like to have redundancy for both, so that would be four NPS servers.
Unfortunately, our SonicWALL, which acts as a Wireless Access Point controller, only allows two RADIUS servers, so it would be ideal if each of them can do both types of authentication.
If anyone has a link to an example I'd like to see it.