Secure Wireless LAN with IAS and certificates

I am trying to implement a new level of security on or network.
My question is if it is possible IN ANY WAY (even if it is difficult or not recomended) to have RADIUS authentication with certificates using Microsoft IAS and enterprise CA BUT ON Windows 2003 server standard edition operating system?
I have two DC-s. Both of them is Windows 2003 server R2 standard edition. DC2 is subordinate enterprise CA on Windows 2003 server Standard edition. I have 2003 native domain funcional level.

ivugrinecAsked:
Who is Participating?
 
Raj-GTConnect With a Mentor Systems EngineerCommented:
Yes, it is possible. I have done this myself with a Server 2003 Standard CA. The only drawback of Windows 2003 Standard CA as opposed Enterprise in this case is that you cannot autoenroll user certificates using GPO (Step 1c in the guide). However you can launch the certificates MMC from the client machine and install the certificate. Apart from that everything else should work as expected.

Technet Guide - http://www.microsoft.com/technet/network/wifi/ed80211.mspx
0
 
ivugrinecAuthor Commented:
Ok, what about Computer certificates autoenrollment on Windows server 2003 R2 standard? (Step 1B)?
0
 
Raj-GTSystems EngineerCommented:
Computer certificates can be autoenrolled with 2003 standard.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
ivugrinecAuthor Commented:
It looks like that computer certs can be "enrolled" to machines automatically via GPOs but not with the "Autoenrollment" mechanism but rather the "Automatic Certificate Request Settings" apparently a different mechanism.
0
 
Raj-GTSystems EngineerCommented:
Yes, you are right. I confused automatic request with autoenrollment. I did use a GPO to request computer certs.
0
 
ivugrinecAuthor Commented:
Do you know if it is possible to have Wireless LAN security based on computer certificates (as it is possible to use GPO to automatically "autoenroll" computer certificates AND at the same time additional level of security by username/password.
Due to licensing restrictions i decided to try to implement WLAN security in such a way that only special group of users on special computers (that have valid computer certificates) can have acces to network on WLAN. (Combine computer certificates and username/password)!

I currently use  IAS (RADIUS) with PEAP-MS-CHAP v2  (username/password)!
0
 
Raj-GTSystems EngineerCommented:
It is possible, please refer to Appendix A: Using Computer-only Authentication on the guide.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.