Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 593
  • Last Modified:

Cisco WPA authentication without certificates

I'm trying to set up WPA (or any other type) of encryption on a Cisco access point that pulls a username and password from my windows 2003 radius server.

The default seems to use certificates, and this is not acceptable, there are too many clients with too many operating systems involved, I can't push certificates out to them, and the users are not savvy enough to install them on their own.  I need the user's active directory logon credentials to authenticate them.  A preshared key or wep key is also not acceptable. (they will either forget it constantly or give it to people who are not supposed to have it)
0
stolenpants
Asked:
stolenpants
1 Solution
 
Jay_GridleyCommented:
I would think that setting up 802.1x in combination with a RADIUS server would be the way to go for you. Unfortunately I haven't set this up myself yet, but I found a link with documentation you might be able to use.
http://www.cs.umd.edu/~mvanopst/8021x/howto/ap.html

I hope this works for you.

JG
0
 
mrnetbiosCommented:
PEAP using MS-CHAPv2 user authentication will do what you want.
You do not need certificates on every client, only on the RADIUS servers.

The deployment problem is that XP has defaulted to EAP-TLS in the past, but that has changed recently.
If you can deploy a wireless GPO it would help, but otherwise you have to explain how to configure the connection correctly.

0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now