smd6169
asked on
Ornico Proxim AP-600 & Windows 2003 IAS/RADIUS Server
I have an Orinco Proxim AP-600 v2.5.5(1070) SN-04UT20560330 v3.0.4 wireless Access point. I also have one MS 2003 IAS/RADIUS Server I use to authenticate my CISCO VPN clients. I do not have any certificates associated/installed on neither the AP or the IAS Server.
Currently I am using WPA-PSK for security but would like to be able to authenticate my wireless users against my AD. I've so far been unsuccessful in my configiration attempts and was hoping to get a step-by-step explanation of how to set up both the AP and RADIUS server to authenticate my wireless clients.
Thanks - Sam
Currently I am using WPA-PSK for security but would like to be able to authenticate my wireless users against my AD. I've so far been unsuccessful in my configiration attempts and was hoping to get a step-by-step explanation of how to set up both the AP and RADIUS server to authenticate my wireless clients.
Thanks - Sam
ASKER
I followed the article(s). I created a SelfSigned Certificate on the IAS server and Installed the Public Key Cert. on the test laptop. In IAS I created the Client and created the Remote Access Policy.
The following are some of the Log Errors I found in IAS:
Name Value
NAS-IP-Address 192.168.0.252
User-Name DOMAINNAME\USER
Record-Date 08/03/2007
Record-Time 11:49:23
Service-Name IAS
Computer-Name IASSERVERNAME
Client-Friendly-Name AP600DEV
Class 311 1 192.168.0.201 07/30/2007 08:32:41 73
Authentication-Type 11
Fully-Qualifed-User-Name domain.local/Users and Workstations/OU/Users/User
NP-Policy-Name Wi-Fi Access
SAM-Account-Name Domain\User
Client-IP-Address 192.168.0.252
Client-Vendor RADIUS Standard
Proxy-Policy-Name Use Windows authentication for all users
Provider-Type Windows
Packet-Type Access-Reject
Reason-Code The supplied message is incomplete. The signature was not verified.
Name Value
NAS-IP-Address 192.168.0.252
User-Name DOAMIAN\USER
Record-Date 08/03/2007
Record-Time 11:49:23
Service-Name IAS
Computer-Name IASSERVERNAME
Client-Friendly-Name AP600DEV
NAS-IP-Address 192.168.0.252
Called-Station-Id 00-20-a6-52-b7-ad
Calling-Station-Id 00-13-02-b0-3f-75
NAS-Identifier AP600Devel
Framed-MTU 1400
NAS-Port-Type Wireless - IEEE 802.11
Client-IP-Address 192.168.0.252
Client-Vendor RADIUS Standard
Provider-Type Windows
Proxy-Policy-Name Use Windows authentication for all users
SAM-Account-Name DOMAIN\USER
NP-Policy-Name Wi-Fi Access
Class 311 1 192.168.0.201 07/30/2007 08:32:41 73
Authentication-Type 11
Fully-Qualifed-User-Name Damin.local/Users and Workstations/OU/Users/User
Packet-Type Access-Request
Reason-Code IAS_SUCCESS
On My Access Point I have a RADIUS PROFILE TAB where I can ENABLE the Following:
- MAC Authentication
- EAP Authentication
- Accounting
- Management Access
Do I need these enabled?
Also On My Access Point I have a SSID/VLAN/Security TAB where I can ENABLE the Following:
NonSecure
WEP
802.1x
WPA
WPAPSK
802.11i
802.11i PSK
Which of these do I need to enable?
Then it comes down to configuring the XP Pro SP2 wireless client, what do I do there?
Thanks - Sam
The following are some of the Log Errors I found in IAS:
Name Value
NAS-IP-Address 192.168.0.252
User-Name DOMAINNAME\USER
Record-Date 08/03/2007
Record-Time 11:49:23
Service-Name IAS
Computer-Name IASSERVERNAME
Client-Friendly-Name AP600DEV
Class 311 1 192.168.0.201 07/30/2007 08:32:41 73
Authentication-Type 11
Fully-Qualifed-User-Name domain.local/Users and Workstations/OU/Users/User
NP-Policy-Name Wi-Fi Access
SAM-Account-Name Domain\User
Client-IP-Address 192.168.0.252
Client-Vendor RADIUS Standard
Proxy-Policy-Name Use Windows authentication for all users
Provider-Type Windows
Packet-Type Access-Reject
Reason-Code The supplied message is incomplete. The signature was not verified.
Name Value
NAS-IP-Address 192.168.0.252
User-Name DOAMIAN\USER
Record-Date 08/03/2007
Record-Time 11:49:23
Service-Name IAS
Computer-Name IASSERVERNAME
Client-Friendly-Name AP600DEV
NAS-IP-Address 192.168.0.252
Called-Station-Id 00-20-a6-52-b7-ad
Calling-Station-Id 00-13-02-b0-3f-75
NAS-Identifier AP600Devel
Framed-MTU 1400
NAS-Port-Type Wireless - IEEE 802.11
Client-IP-Address 192.168.0.252
Client-Vendor RADIUS Standard
Provider-Type Windows
Proxy-Policy-Name Use Windows authentication for all users
SAM-Account-Name DOMAIN\USER
NP-Policy-Name Wi-Fi Access
Class 311 1 192.168.0.201 07/30/2007 08:32:41 73
Authentication-Type 11
Fully-Qualifed-User-Name Damin.local/Users and Workstations/OU/Users/User
Packet-Type Access-Request
Reason-Code IAS_SUCCESS
On My Access Point I have a RADIUS PROFILE TAB where I can ENABLE the Following:
- MAC Authentication
- EAP Authentication
- Accounting
- Management Access
Do I need these enabled?
Also On My Access Point I have a SSID/VLAN/Security TAB where I can ENABLE the Following:
NonSecure
WEP
802.1x
WPA
WPAPSK
802.11i
802.11i PSK
Which of these do I need to enable?
Then it comes down to configuring the XP Pro SP2 wireless client, what do I do there?
Thanks - Sam
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.hansenonline.net/Networking/wlanradius.html