Creating User Accounts in Active Directory for MAC-based Authentication

With MAC based authentication, domain member computers use the MAC address of their wireless interface as the username and password. Therefore each domain computer requires an associated Windows User account in Active Directory to authenticate. This User account is not the same as its Active Directory computer object. After the User accounts have been created, they can be placed in a Windows security group for authentication.

Suppose a Windows domain member computer has the MAC address 01:23:45:67:8a:bc on its wireless interface. When connecting to an SSID where MAC based authentication is required, the computer will send its username and password as 012345678abc. This is the MAC address without uppercase or delimiting characters.

1. Open Active Directory Users and Computers console.

2. Right click the OU where you want to create the User account.

3. Select New>User.

4. Enter a value in the Full name field.

5. Enter the MAC address without uppercase or delimiting characters for User logon name.

6. Click Next.

7. Enter the password which is the same string as the User logon name. Make sure to check User cannot change password and Password never expires.

8. Click Next.

9. Click Finish.

Perform these steps for each computer you want to authenticate. Once the User accounts are created add them to the appropriate Windows security group that is specified in the NPS policy.