Solved

RADIUS on windows 2003 and wireless security setup

Posted on 2013-01-16
3
786 Views
Last Modified: 2013-01-17
Gents,

I'm setting up a RADIUS server and on my lab it worked fine as long I use a real certificate. On the client, I've been testing it with a self signed certificate but no luck, so I'm not sure if the certificate is avoiding the clients to work or not.

Here is the event error

The description for Event ID ( 2 ) in Source ( IAS ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: administrator, xxxxxxxxxxxxxxx\administrator, 192.168.35.71, c0c1c059bb48, c0c1c059bb48, 68a3c4c72256, Oval Wireless, 192.168.35.71, Wireless - IEEE 802.11, 51, Use Windows authentication for all users, %%2147483688, %%2147483685, Oval Wireless, PEAP, %%2147483685, 16, %%4112.

I've used this guide to setup, which worked fine on my lab:

http://jefferyland.wordpress.com/2009/10/11/setting-up-server-2003-as-a-radius-with-dd-wrt/

Could you guys tell me what am I missing? I've seen reports that RADIUS work fine with self signed certificates, so why am I having these problems?
0
Comment
Question by:Alex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 40

Expert Comment

by:footech
ID: 38783459
When not using a CA, I would say most problems stem from the certificate not being trusted.  Have you unchecked the box to "validate the server certificate"?  Other option is to install the cert to the Trusted Root Certification Authorities store (I would usually put it in the machine store).

On the client, I've been testing it with a self signed certificate
I'm not sure how to interpret this.  You're putting a self-signed certificate on the client machine that is trying to connect?  Can you provide more detail?
0
 

Author Comment

by:Alex
ID: 38783490
I've installed the self signed certificate on the laptop and it worked fine on a Windows 2008 server that I installed just for testing so it looks like the configuration is fine. I'll just discard the idea of using self signed certificate for this anyway.

My client has a wildcard certificate, but it doesn't work so I believe this is one of the reasons.

I'll get a normal certificate tomorrow and go back to the 2003 server to test
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 38783611
My preferred method is to have a CA for the domain.  Then the certificate for the IAS/NPS server is issued from that.  This way all the domain clients will automatically trust the domain CA, and therefore the cert for the IAS/NPS.  A lot less headache than using a self-signed cert.  However, non-domain clients will have to be dealt with if you want them to connect.

I have never tried a wildcard cert personally, but I believe I've read that you can't use one (without customizing clients) because PEAP wants the cert name to match the FQDN of the RADIUS server.  Unchecking the "validate server certificate" box should still get around this however.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question