I built Radius authentication with wireless LAN AP and Active Directory (AD), but if I add domain users with authentication in Win 10 Home
I can connect through authentication → Can I access any basic PC (Android or iPhone?)

[I want to realize]
I want to limit the users who connect to the wireless LAN AP to only users (PCs) authenticated to the domain with Win 10 Pro through Radius authentication
→ I want to make sure that there is no problem if domain authentication has been performed even once.
→ If i can't do this, authentication is possible if you know your username and password (and domain name?).
If so, MAC address filtering must be performed in the sense of preventing in PC units, and MAC address filtering is performed
I think that there are plenty of cheap APs to call ...

[What we did]
・ AD already built
・ Radius authentication is set on the wireless LAN AP (Netgear), and the settings associated with the AD server are complete (should be)

In the first place, it's embarrassing because there is a part that does not know the Radius authentication mechanism itself
Isn't it possible to pass only users who have joined the domain (even once) with Win 10 Pro with Radius authentication?

  • Answer # 1

    I'm sorry, I started out with no basic knowledge of Radius
    We wanted to build the EAP-TLS environment and realized it.

    The following sites were very helpful for Windows Server 2012 R2 environment.

    http://www.viva-musen.net/archives/category/6-%E5%90%84%E7%A8%AE%E3%82%B5%E3%83%BC%E3%83% 90% E3% 81% AE% E8% A8% AD% E5% AE% 9A/6-7-ad% E3% 81% AB% E3% 82% 88% E3% 82% 8B% E8% A8% BC% E6% 98% 8E% E6% 9B% B8% E3% 81% AE% E8% 87% AA% E5% 8B% 95% E9% 85% 8D% E5% B8% 83