Solved

Secure Wireless LAN with IAS and certificates

Posted on 2009-03-31
7
503 Views
Last Modified: 2013-12-04
I am trying to implement a new level of security on or network.
My question is if it is possible IN ANY WAY (even if it is difficult or not recomended) to have RADIUS authentication with certificates using Microsoft IAS and enterprise CA BUT ON Windows 2003 server standard edition operating system?
I have two DC-s. Both of them is Windows 2003 server R2 standard edition. DC2 is subordinate enterprise CA on Windows 2003 server Standard edition. I have 2003 native domain funcional level.

0
Comment
Question by:ivugrinec
  • 4
  • 3
7 Comments
 
LVL 14

Accepted Solution

by:
Raj-GT earned 500 total points
ID: 24038915
Yes, it is possible. I have done this myself with a Server 2003 Standard CA. The only drawback of Windows 2003 Standard CA as opposed Enterprise in this case is that you cannot autoenroll user certificates using GPO (Step 1c in the guide). However you can launch the certificates MMC from the client machine and install the certificate. Apart from that everything else should work as expected.

Technet Guide - http://www.microsoft.com/technet/network/wifi/ed80211.mspx
0
 

Author Comment

by:ivugrinec
ID: 24044024
Ok, what about Computer certificates autoenrollment on Windows server 2003 R2 standard? (Step 1B)?
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24044158
Computer certificates can be autoenrolled with 2003 standard.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:ivugrinec
ID: 24046938
It looks like that computer certs can be "enrolled" to machines automatically via GPOs but not with the "Autoenrollment" mechanism but rather the "Automatic Certificate Request Settings" apparently a different mechanism.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24047001
Yes, you are right. I confused automatic request with autoenrollment. I did use a GPO to request computer certs.
0
 

Author Comment

by:ivugrinec
ID: 24047071
Do you know if it is possible to have Wireless LAN security based on computer certificates (as it is possible to use GPO to automatically "autoenroll" computer certificates AND at the same time additional level of security by username/password.
Due to licensing restrictions i decided to try to implement WLAN security in such a way that only special group of users on special computers (that have valid computer certificates) can have acces to network on WLAN. (Combine computer certificates and username/password)!

I currently use  IAS (RADIUS) with PEAP-MS-CHAP v2  (username/password)!
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24047405
It is possible, please refer to Appendix A: Using Computer-only Authentication on the guide.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now