[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details

RADIUS - WPA authentication with root certificates, but not domain user credentials

Asked by naihelpdesk in 802.11 Wireless Access Points, Wireless Networking, Wireless Standards

Tags: radius ias cisco aironet wpa

I have an 802.11 (WPA/TKIP) infrastructure utilizing RADIUS (Cisco+Microsoft IAS). It is based on security group membership.  I have no problem with XP and Vista machines that are domain members (set for auto-enroll) authenticating. I have also successfully authenticated with wi-fi BlackBerries. I am no facing a project where I need to add handheld warehouse scanners (WinMo based) to the network as part of an bye-bye-WEP migration. I understand the concept of having the root certificate on the device and I also know that validating a domain username/password is part of the current authentication process.  I want to sort of "pre-authorize" certain devices while still maintaing a higher level of security and accounting than WEP can provide.  I just don't see it feasible for the typical warehouse worker to have to enter domain credentials every time the device connects to an access point.

Is there a way to bypass the domain user credential checking but still require the root certificate or the root certificate plus a MAC whitelist somewhere in an IAS policy?
[+][-]12/19/08 04:58 PM, ID: 23216575Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01/06/09 10:13 AM, ID: 23307257Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01/06/09 03:22 PM, ID: 23310562Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/15/09 02:48 AM, ID: 24857643Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-92 - Hierarchy / EE_QW_3_20080625