Solved

RADIUS on windows 2003 and wireless security setup

Posted on 2013-01-16
3
763 Views
Last Modified: 2013-01-17
Gents,

I'm setting up a RADIUS server and on my lab it worked fine as long I use a real certificate. On the client, I've been testing it with a self signed certificate but no luck, so I'm not sure if the certificate is avoiding the clients to work or not.

Here is the event error

The description for Event ID ( 2 ) in Source ( IAS ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: administrator, xxxxxxxxxxxxxxx\administrator, 192.168.35.71, c0c1c059bb48, c0c1c059bb48, 68a3c4c72256, Oval Wireless, 192.168.35.71, Wireless - IEEE 802.11, 51, Use Windows authentication for all users, %%2147483688, %%2147483685, Oval Wireless, PEAP, %%2147483685, 16, %%4112.

I've used this guide to setup, which worked fine on my lab:

http://jefferyland.wordpress.com/2009/10/11/setting-up-server-2003-as-a-radius-with-dd-wrt/

Could you guys tell me what am I missing? I've seen reports that RADIUS work fine with self signed certificates, so why am I having these problems?
0
Comment
Question by:Alex
  • 2
3 Comments
 
LVL 39

Expert Comment

by:footech
ID: 38783459
When not using a CA, I would say most problems stem from the certificate not being trusted.  Have you unchecked the box to "validate the server certificate"?  Other option is to install the cert to the Trusted Root Certification Authorities store (I would usually put it in the machine store).

On the client, I've been testing it with a self signed certificate
I'm not sure how to interpret this.  You're putting a self-signed certificate on the client machine that is trying to connect?  Can you provide more detail?
0
 

Author Comment

by:Alex
ID: 38783490
I've installed the self signed certificate on the laptop and it worked fine on a Windows 2008 server that I installed just for testing so it looks like the configuration is fine. I'll just discard the idea of using self signed certificate for this anyway.

My client has a wildcard certificate, but it doesn't work so I believe this is one of the reasons.

I'll get a normal certificate tomorrow and go back to the 2003 server to test
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 38783611
My preferred method is to have a CA for the domain.  Then the certificate for the IAS/NPS server is issued from that.  This way all the domain clients will automatically trust the domain CA, and therefore the cert for the IAS/NPS.  A lot less headache than using a self-signed cert.  However, non-domain clients will have to be dealt with if you want them to connect.

I have never tried a wildcard cert personally, but I believe I've read that you can't use one (without customizing clients) because PEAP wants the cert name to match the FQDN of the RADIUS server.  Unchecking the "validate server certificate" box should still get around this however.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now