asked on

Secure Wireless LAN with IAS and certificates

I am trying to implement a new level of security on or network.
My question is if it is possible IN ANY WAY (even if it is difficult or not recomended) to have RADIUS authentication with certificates using Microsoft IAS and enterprise CA BUT ON Windows 2003 server standard edition operating system?
I have two DC-s. Both of them is Windows 2003 server R2 standard edition. DC2 is subordinate enterprise CA on Windows 2003 server Standard edition. I have 2003 native domain funcional level.

ASKER CERTIFIED SOLUTION

Raj-GT

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ivugrinec

ASKER

Ok, what about Computer certificates autoenrollment on Windows server 2003 R2 standard? (Step 1B)?

Raj-GT

Computer certificates can be autoenrolled with 2003 standard.

ivugrinec

ASKER

It looks like that computer certs can be "enrolled" to machines automatically via GPOs but not with the "Autoenrollment" mechanism but rather the "Automatic Certificate Request Settings" apparently a different mechanism.

Raj-GT

Yes, you are right. I confused automatic request with autoenrollment. I did use a GPO to request computer certs.

ivugrinec

ASKER

Do you know if it is possible to have Wireless LAN security based on computer certificates (as it is possible to use GPO to automatically "autoenroll" computer certificates AND at the same time additional level of security by username/password.
Due to licensing restrictions i decided to try to implement WLAN security in such a way that only special group of users on special computers (that have valid computer certificates) can have acces to network on WLAN. (Combine computer certificates and username/password)!

I currently use IAS (RADIUS) with PEAP-MS-CHAP v2 (username/password)!

Raj-GT

It is possible, please refer to Appendix A: Using Computer-only Authentication on the guide.