Solved

Secure Wireless LAN with IAS and certificates

Posted on 2009-03-31
7
502 Views
Last Modified: 2013-12-04
I am trying to implement a new level of security on or network.
My question is if it is possible IN ANY WAY (even if it is difficult or not recomended) to have RADIUS authentication with certificates using Microsoft IAS and enterprise CA BUT ON Windows 2003 server standard edition operating system?
I have two DC-s. Both of them is Windows 2003 server R2 standard edition. DC2 is subordinate enterprise CA on Windows 2003 server Standard edition. I have 2003 native domain funcional level.

0
Comment
Question by:ivugrinec
  • 4
  • 3
7 Comments
 
LVL 14

Accepted Solution

by:
Raj-GT earned 500 total points
Comment Utility
Yes, it is possible. I have done this myself with a Server 2003 Standard CA. The only drawback of Windows 2003 Standard CA as opposed Enterprise in this case is that you cannot autoenroll user certificates using GPO (Step 1c in the guide). However you can launch the certificates MMC from the client machine and install the certificate. Apart from that everything else should work as expected.

Technet Guide - http://www.microsoft.com/technet/network/wifi/ed80211.mspx
0
 

Author Comment

by:ivugrinec
Comment Utility
Ok, what about Computer certificates autoenrollment on Windows server 2003 R2 standard? (Step 1B)?
0
 
LVL 14

Expert Comment

by:Raj-GT
Comment Utility
Computer certificates can be autoenrolled with 2003 standard.
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:ivugrinec
Comment Utility
It looks like that computer certs can be "enrolled" to machines automatically via GPOs but not with the "Autoenrollment" mechanism but rather the "Automatic Certificate Request Settings" apparently a different mechanism.
0
 
LVL 14

Expert Comment

by:Raj-GT
Comment Utility
Yes, you are right. I confused automatic request with autoenrollment. I did use a GPO to request computer certs.
0
 

Author Comment

by:ivugrinec
Comment Utility
Do you know if it is possible to have Wireless LAN security based on computer certificates (as it is possible to use GPO to automatically "autoenroll" computer certificates AND at the same time additional level of security by username/password.
Due to licensing restrictions i decided to try to implement WLAN security in such a way that only special group of users on special computers (that have valid computer certificates) can have acces to network on WLAN. (Combine computer certificates and username/password)!

I currently use  IAS (RADIUS) with PEAP-MS-CHAP v2  (username/password)!
0
 
LVL 14

Expert Comment

by:Raj-GT
Comment Utility
It is possible, please refer to Appendix A: Using Computer-only Authentication on the guide.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now