• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1260
  • Last Modified:

Ornico Proxim AP-600 & Windows 2003 IAS/RADIUS Server

I have an Orinco Proxim AP-600 v2.5.5(1070) SN-04UT20560330 v3.0.4 wireless Access point.  I also have one MS 2003 IAS/RADIUS Server I use to authenticate my CISCO VPN clients.  I do not have any certificates associated/installed on neither the AP or the IAS Server.

Currently I am using WPA-PSK for security but would like to be able to authenticate my wireless users against my AD.  I've so far been unsuccessful in my configiration attempts and was hoping to get a step-by-step explanation of how to set up both the AP and RADIUS server to authenticate my wireless clients.

Thanks - Sam
0
smd6169
Asked:
smd6169
  • 2
1 Solution
 
merowingerCommented:
here's a nice step by step guide, for ias authentication...
http://www.hansenonline.net/Networking/wlanradius.html
0
 
smd6169Author Commented:
I followed the article(s).  I created a SelfSigned Certificate on the IAS server and Installed the Public Key Cert. on the test laptop.  In IAS I created the Client and  created the Remote Access Policy.

The following are some of the Log Errors I found in IAS:
Name      Value
NAS-IP-Address      192.168.0.252      
User-Name      DOMAINNAME\USER      
Record-Date      08/03/2007      
Record-Time      11:49:23      
Service-Name      IAS      
Computer-Name      IASSERVERNAME      
Client-Friendly-Name      AP600DEV      
Class      311 1 192.168.0.201 07/30/2007 08:32:41 73      
Authentication-Type      11      
Fully-Qualifed-User-Name      domain.local/Users and Workstations/OU/Users/User Name      
NP-Policy-Name      Wi-Fi Access      
SAM-Account-Name      Domain\User      
Client-IP-Address      192.168.0.252      
Client-Vendor      RADIUS Standard
Proxy-Policy-Name      Use Windows authentication for all users      
Provider-Type      Windows      
Packet-Type      Access-Reject      
Reason-Code      The supplied message is incomplete.  The signature was not verified.      

Name      Value
NAS-IP-Address      192.168.0.252      
User-Name      DOAMIAN\USER      
Record-Date      08/03/2007      
Record-Time      11:49:23      
Service-Name      IAS      
Computer-Name      IASSERVERNAME      
Client-Friendly-Name      AP600DEV      
NAS-IP-Address      192.168.0.252
Called-Station-Id      00-20-a6-52-b7-ad
Calling-Station-Id      00-13-02-b0-3f-75
NAS-Identifier      AP600Devel      
Framed-MTU      1400      
NAS-Port-Type      Wireless - IEEE 802.11
Client-IP-Address      192.168.0.252
Client-Vendor      RADIUS Standard
Provider-Type      Windows      
Proxy-Policy-Name      Use Windows authentication for all users      
SAM-Account-Name      DOMAIN\USER      
NP-Policy-Name      Wi-Fi Access
Class      311 1 192.168.0.201 07/30/2007 08:32:41 73
Authentication-Type      11
Fully-Qualifed-User-Name      Damin.local/Users and Workstations/OU/Users/User Name      
Packet-Type      Access-Request      
Reason-Code      IAS_SUCCESS      

On My Access Point I have a RADIUS PROFILE TAB where I can ENABLE the Following:
- MAC Authentication
- EAP Authentication
- Accounting
- Management Access

Do I need these enabled?

Also On My Access Point I have a SSID/VLAN/Security TAB where I can ENABLE the Following:
NonSecure
 WEP
802.1x
WPA
WPAPSK
802.11i
 802.11i PSK

Which of these do I need to enable?

Then it comes down to configuring the XP Pro SP2 wireless client, what do I do there?
Thanks - Sam
0
 
merowingerCommented:
1: u should know which authentication method against your ad u want
  a. User and Password Authentication
      Then u have to configure on your clients PEAP Authentication with MS-CHAPv2, also called EAP- MSCHAPv2
  b. Authentication with certificates (is possible with computer and usercertificates)
      Then u have to configure Smartcard or Certificate Autehntication or
      PEAP with Smartcard or Certificate Authentication

On both choices u have to configure the same settings on your IAS Server Access Policy

2. If u want to authenticate against a Radius Server u have to choose the 802.1x
3. WPA with AES or TKIP means the chiper which is used for the wireless connection...u should choose WPA with AES...802.11i  means WPA2 u can choose this, too
4. Also enable - EAP Authentication

0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now