Solved

Secure Wireless LAN with IAS and certificates

Posted on 2009-03-31
7
509 Views
Last Modified: 2013-12-04
I am trying to implement a new level of security on or network.
My question is if it is possible IN ANY WAY (even if it is difficult or not recomended) to have RADIUS authentication with certificates using Microsoft IAS and enterprise CA BUT ON Windows 2003 server standard edition operating system?
I have two DC-s. Both of them is Windows 2003 server R2 standard edition. DC2 is subordinate enterprise CA on Windows 2003 server Standard edition. I have 2003 native domain funcional level.

0
Comment
Question by:ivugrinec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 14

Accepted Solution

by:
Raj-GT earned 500 total points
ID: 24038915
Yes, it is possible. I have done this myself with a Server 2003 Standard CA. The only drawback of Windows 2003 Standard CA as opposed Enterprise in this case is that you cannot autoenroll user certificates using GPO (Step 1c in the guide). However you can launch the certificates MMC from the client machine and install the certificate. Apart from that everything else should work as expected.

Technet Guide - http://www.microsoft.com/technet/network/wifi/ed80211.mspx
0
 

Author Comment

by:ivugrinec
ID: 24044024
Ok, what about Computer certificates autoenrollment on Windows server 2003 R2 standard? (Step 1B)?
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24044158
Computer certificates can be autoenrolled with 2003 standard.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:ivugrinec
ID: 24046938
It looks like that computer certs can be "enrolled" to machines automatically via GPOs but not with the "Autoenrollment" mechanism but rather the "Automatic Certificate Request Settings" apparently a different mechanism.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24047001
Yes, you are right. I confused automatic request with autoenrollment. I did use a GPO to request computer certs.
0
 

Author Comment

by:ivugrinec
ID: 24047071
Do you know if it is possible to have Wireless LAN security based on computer certificates (as it is possible to use GPO to automatically "autoenroll" computer certificates AND at the same time additional level of security by username/password.
Due to licensing restrictions i decided to try to implement WLAN security in such a way that only special group of users on special computers (that have valid computer certificates) can have acces to network on WLAN. (Combine computer certificates and username/password)!

I currently use  IAS (RADIUS) with PEAP-MS-CHAP v2  (username/password)!
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24047405
It is possible, please refer to Appendix A: Using Computer-only Authentication on the guide.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question