How do I configure my Cisco Ap1200 to use my Radius server for Authentication ?

I have only one 2003 in my domain running AD and I have installed IAS -Radius server, IIS , and have made the Server the Root CA ,It is also the DNS and DHCP server.
I want to be able to have my Wireless users authenticate against my radius server using a certificate issued by the certificate server. How can I accomplish this?
In the Security settings of the Ap1200 I have configures it to use WPA / the radius server it method of authentication. I inputted the shared key between the AP1200 and the radius server.
I also created a group in the AD called Wireless users. I then created a remote access policy under the IAS and added the group to it. The next step i did was from the wireless client I browsed to my serverIPaddress\certsrv and installed the certificate via my wired LAN. After this I disconnected from the wired network and tried to connect via my WIFI connection. When I do this I get the following error... THE ROOT CERTIFICATE REQUIRED FOR AUTHENTICATION WAS NOT FOUND IN THE CERTIFICATE STORE.... where did I go wrong?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If you are using the certificate authentication, then try importing the machine cert on to the machine store.

1. mmc
2. Add remove snap-in
3. Certificates
4. Computer Account
5. Choose the certificate to import

Do the same thing for User Certificte as well.

Now try to authenticate.

If you are familiar with 802.1x security, I recommend implementing that for better security. This way you are not compromising the "SHARED SECRET" leakage by users ?

Hope this helps.
jbovalleyAuthor Commented:
I am somewhat familar with 801.x security...that is the reason i wanted to go with the radius server and certificates that I would not have to worry shared secret ....I iwas under the assumsion that the user never gets a shared secret, that the user logs in with his domain credentials , as long as he belongs to teh group which I created for wireless clients he will be allowed to download the certificate into his computer and then have access to the WLAN .... Is this incorrect ?
Yes, your understnading is correct.

1. The shared secret is only for encypting the datapackets between client and AP. Once the packet reaches AP, it will only forward radius packets to radius server. Now, at this point the security issues popin! if the radius authentication involves plain text password, any one can sniff packets and extract vital info. If you are doing domain authentication, then the password would be in hash format, if you are using certificate authentication then, it is more safe.

One thing would like to understnad is that, what type of client you are using? is it native wireless client or an industry standard wireless supplicant like Odyssey Access client?

Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

jbovalleyAuthor Commented:
it is the native wireless client that comes with windows thing I noticed though is that in the configuration it gives you the option for Peap and smart does not say anything about Leap....I am not sure but doesn't the Cisco Airnot 1200 uses Laep and not Peap ?
Would I need a different client to be able to connect  ?
jbovalleyAuthor Commented:
I did install the certificate. First I browsed tot the cert webpage of teh server  .....\\servername\certsrv and I installed it. When that didnot work i went tot he CA server and exported the certificate to a fold and and then imported it in to client , that still didnot work. ....@ Kbhaskar

Doe anyone know the standard format to set up a Radius server, to use a certificarte that is issues by a CA that is part of a AD  domain ,to authenticate wireless users ?  I tried the setup with guide from  but it didnot work , I tried using both cisco and radius standard as the protocol between the radius client and teh servevr but neither works... Maybe I am overlooking something ? ...any ideas about troubleshooting ? Would love to figure out where the problem stems from so i cacn work on that,,,,maybe it is the radius server and not the CA , not sure.... when i try to logg in with my AD credentials it tell me that I am unable to authenticate....ANY IDEAS APPRECIATED...THANKS
jbovalleyAuthor Commented:
ok after some playiing around I got 2 of my client to work !  the problem i am having now is that i am able to connect and authenticate with userA but cannot with userB....I know this problem has to come from the settings on the user but i did the exact same thing to configure both....any ideas ?
Hey, good to know that you got it working.

Now coming to your query: The reason it is not working might be that, the certificate you installed is for a specific user. Now when you use different user login, the client is not presenting proper certificate or you might have not installed a cert for that user ID.

So, try creating a user cert for the second user and install the same on the user container.

Hope this helps.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jbovalleyAuthor Commented:
strange thing is that I did do that and it didnot work....i restarted the server and I am now everything works task is to get my radius to also Authenticate my wired connections and my VPN users comming in on a Cisco ASA...that should be fun :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.