Solved

RADIUS on windows 2003 and wireless security setup

Posted on 2013-01-16
3
781 Views
Last Modified: 2013-01-17
Gents,

I'm setting up a RADIUS server and on my lab it worked fine as long I use a real certificate. On the client, I've been testing it with a self signed certificate but no luck, so I'm not sure if the certificate is avoiding the clients to work or not.

Here is the event error

The description for Event ID ( 2 ) in Source ( IAS ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: administrator, xxxxxxxxxxxxxxx\administrator, 192.168.35.71, c0c1c059bb48, c0c1c059bb48, 68a3c4c72256, Oval Wireless, 192.168.35.71, Wireless - IEEE 802.11, 51, Use Windows authentication for all users, %%2147483688, %%2147483685, Oval Wireless, PEAP, %%2147483685, 16, %%4112.

I've used this guide to setup, which worked fine on my lab:

http://jefferyland.wordpress.com/2009/10/11/setting-up-server-2003-as-a-radius-with-dd-wrt/

Could you guys tell me what am I missing? I've seen reports that RADIUS work fine with self signed certificates, so why am I having these problems?
0
Comment
Question by:Alex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 40

Expert Comment

by:footech
ID: 38783459
When not using a CA, I would say most problems stem from the certificate not being trusted.  Have you unchecked the box to "validate the server certificate"?  Other option is to install the cert to the Trusted Root Certification Authorities store (I would usually put it in the machine store).

On the client, I've been testing it with a self signed certificate
I'm not sure how to interpret this.  You're putting a self-signed certificate on the client machine that is trying to connect?  Can you provide more detail?
0
 

Author Comment

by:Alex
ID: 38783490
I've installed the self signed certificate on the laptop and it worked fine on a Windows 2008 server that I installed just for testing so it looks like the configuration is fine. I'll just discard the idea of using self signed certificate for this anyway.

My client has a wildcard certificate, but it doesn't work so I believe this is one of the reasons.

I'll get a normal certificate tomorrow and go back to the 2003 server to test
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 38783611
My preferred method is to have a CA for the domain.  Then the certificate for the IAS/NPS server is issued from that.  This way all the domain clients will automatically trust the domain CA, and therefore the cert for the IAS/NPS.  A lot less headache than using a self-signed cert.  However, non-domain clients will have to be dealt with if you want them to connect.

I have never tried a wildcard cert personally, but I believe I've read that you can't use one (without customizing clients) because PEAP wants the cert name to match the FQDN of the RADIUS server.  Unchecking the "validate server certificate" box should still get around this however.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question