shankshank
asked on
Wireless
Windows 2008
Linksys WAP54g devices
Currently using WPA2. Should I do a win2k8 radius server with cert? Is it more secure? Advantages? How to setup?
Linksys WAP54g devices
Currently using WPA2. Should I do a win2k8 radius server with cert? Is it more secure? Advantages? How to setup?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
besides security... To me, the benefit is that once setup. IAS can be used not only for Wireless access but for user level access if you have CISCO devices. Then you'll be able to manage them through group policies. So, no need to hand out passwords, phrases, etc. You just click and unclick as your organizations needs change.
If you are a growing organization it would be a good starting point to learn (wink, wink) as the impact won't be so high. That way when you do get big you'll be an expert ;)
If you are a growing organization it would be a good starting point to learn (wink, wink) as the impact won't be so high. That way when you do get big you'll be an expert ;)
OH, and you'll be able to manage VPN access if you have that as an option in your network.
ASKER
richard, the vpn would be great
right now users do authenticate on our cisco asa via they domain credentials. the problem is that in order for it to work, we have to go into ADUC and check preauthentication of kerberos,
right now users do authenticate on our cisco asa via they domain credentials. the problem is that in order for it to work, we have to go into ADUC and check preauthentication of kerberos,
ASKER
also that doc is for 2k3
This should help network Policy Server
ASKER
Is there a doc available on implementing this for CIsco ASA and WAP and disallowing clients from connecting if say AV not installed etc?
Can I just deploy the NPS with basic settings, change my WAP and ASA to point to a radius server and be set to go and fine tune later?
Can I just deploy the NPS with basic settings, change my WAP and ASA to point to a radius server and be set to go and fine tune later?
ASKER
Hello!
So I was able to get the VPN connected via nps thank you. How do I see what users are authenticating on the NPS? Just to ensure that it is working etc.
So I was able to get the VPN connected via nps thank you. How do I see what users are authenticating on the NPS? Just to ensure that it is working etc.
If you have the NPS MMC window open on the left hand side you should be able to see the active clients. You can also go into your logs and see it in action through security logs.
ASKER
i have it open
all i see is radius clients and servers
policies
network access protection
accounting
all i see is radius clients and servers
policies
network access protection
accounting
If you have logging enabled you can go into accounting, but just be careful because if for some reason the system can't write to file it won't accept connections. The easiest way is to go into the windows log. You'll see something like:
Network Policy Server granted access to a user.
User:
%tSecurity ID:%t%t%t%1
%tAccount Name:%t%t%t%2
%tAccount Domain:%t%t%t%3
%tFully Qualified Account Name:%t%4
Client Machine:
%tSecurity ID:%t%t%t%5
%tAccount Name:%t%t%t%6
%tFully Qualified Account Name:%t%7
%tOS-Version:%t%t%t%8
%tCalled Station Identifier:%t%t%9
%tCalling Station Identifier:%t%t%10
NAS:
%tNAS IPv4 Address:%t%t%11
%tNAS IPv6 Address:%t%t%12
%tNAS Identifier:%t%t%t%13
%tNAS Port-Type:%t%t%t%14
%tNAS Port:%t%t%t%15
RADIUS Client:
%tClient Friendly Name:%t%t%16
%tClient IP Address:%t%t%t%17
Authentication Details:
%tProxy Policy Name:%t%t%18
%tNetwork Policy Name:%t%t%19
%tAuthentication Provider:%t%t%20
%tAuthentication Server:%t%t%21
%tAuthentication Type:%t%t%22
%tEAP Type:%t%t%t%23
%tAccount Session Identifier:%t%t%24
Quarantine Information:
%tResult:%t%t%t%t%25
%tSession Identifier:%t%t%t%26
Network Policy Server granted access to a user.
User:
%tSecurity ID:%t%t%t%1
%tAccount Name:%t%t%t%2
%tAccount Domain:%t%t%t%3
%tFully Qualified Account Name:%t%4
Client Machine:
%tSecurity ID:%t%t%t%5
%tAccount Name:%t%t%t%6
%tFully Qualified Account Name:%t%7
%tOS-Version:%t%t%t%8
%tCalled Station Identifier:%t%t%9
%tCalling Station Identifier:%t%t%10
NAS:
%tNAS IPv4 Address:%t%t%11
%tNAS IPv6 Address:%t%t%12
%tNAS Identifier:%t%t%t%13
%tNAS Port-Type:%t%t%t%14
%tNAS Port:%t%t%t%15
RADIUS Client:
%tClient Friendly Name:%t%t%16
%tClient IP Address:%t%t%t%17
Authentication Details:
%tProxy Policy Name:%t%t%18
%tNetwork Policy Name:%t%t%19
%tAuthentication Provider:%t%t%20
%tAuthentication Server:%t%t%21
%tAuthentication Type:%t%t%22
%tEAP Type:%t%t%t%23
%tAccount Session Identifier:%t%t%24
Quarantine Information:
%tResult:%t%t%t%t%25
%tSession Identifier:%t%t%t%26
ASKER
hmm yeah i am in accounting
i see that file logging is configured
i can see data in that log
but i cant see it nicely displayed in the MMC i had to open the file manually
i see that file logging is configured
i can see data in that log
but i cant see it nicely displayed in the MMC i had to open the file manually
ASKER
I cfreate new ticket. U helped well, thank you
ASKER
excellent work
ASKER