• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 518
  • Last Modified:

Secure Wireless LAN with IAS and certificates

I am trying to implement a new level of security on or network.
My question is if it is possible IN ANY WAY (even if it is difficult or not recomended) to have RADIUS authentication with certificates using Microsoft IAS and enterprise CA BUT ON Windows 2003 server standard edition operating system?
I have two DC-s. Both of them is Windows 2003 server R2 standard edition. DC2 is subordinate enterprise CA on Windows 2003 server Standard edition. I have 2003 native domain funcional level.

0
ivugrinec
Asked:
ivugrinec
  • 4
  • 3
1 Solution
 
Raj-GTSystems EngineerCommented:
Yes, it is possible. I have done this myself with a Server 2003 Standard CA. The only drawback of Windows 2003 Standard CA as opposed Enterprise in this case is that you cannot autoenroll user certificates using GPO (Step 1c in the guide). However you can launch the certificates MMC from the client machine and install the certificate. Apart from that everything else should work as expected.

Technet Guide - http://www.microsoft.com/technet/network/wifi/ed80211.mspx
0
 
ivugrinecAuthor Commented:
Ok, what about Computer certificates autoenrollment on Windows server 2003 R2 standard? (Step 1B)?
0
 
Raj-GTSystems EngineerCommented:
Computer certificates can be autoenrolled with 2003 standard.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
ivugrinecAuthor Commented:
It looks like that computer certs can be "enrolled" to machines automatically via GPOs but not with the "Autoenrollment" mechanism but rather the "Automatic Certificate Request Settings" apparently a different mechanism.
0
 
Raj-GTSystems EngineerCommented:
Yes, you are right. I confused automatic request with autoenrollment. I did use a GPO to request computer certs.
0
 
ivugrinecAuthor Commented:
Do you know if it is possible to have Wireless LAN security based on computer certificates (as it is possible to use GPO to automatically "autoenroll" computer certificates AND at the same time additional level of security by username/password.
Due to licensing restrictions i decided to try to implement WLAN security in such a way that only special group of users on special computers (that have valid computer certificates) can have acces to network on WLAN. (Combine computer certificates and username/password)!

I currently use  IAS (RADIUS) with PEAP-MS-CHAP v2  (username/password)!
0
 
Raj-GTSystems EngineerCommented:
It is possible, please refer to Appendix A: Using Computer-only Authentication on the guide.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now