Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

RADIUS on windows 2003 and wireless security setup

Posted on 2013-01-16
3
Medium Priority
?
800 Views
Last Modified: 2013-01-17
Gents,

I'm setting up a RADIUS server and on my lab it worked fine as long I use a real certificate. On the client, I've been testing it with a self signed certificate but no luck, so I'm not sure if the certificate is avoiding the clients to work or not.

Here is the event error

The description for Event ID ( 2 ) in Source ( IAS ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: administrator, xxxxxxxxxxxxxxx\administrator, 192.168.35.71, c0c1c059bb48, c0c1c059bb48, 68a3c4c72256, Oval Wireless, 192.168.35.71, Wireless - IEEE 802.11, 51, Use Windows authentication for all users, %%2147483688, %%2147483685, Oval Wireless, PEAP, %%2147483685, 16, %%4112.

I've used this guide to setup, which worked fine on my lab:

http://jefferyland.wordpress.com/2009/10/11/setting-up-server-2003-as-a-radius-with-dd-wrt/

Could you guys tell me what am I missing? I've seen reports that RADIUS work fine with self signed certificates, so why am I having these problems?
0
Comment
Question by:Alex
  • 2
3 Comments
 
LVL 41

Expert Comment

by:footech
ID: 38783459
When not using a CA, I would say most problems stem from the certificate not being trusted.  Have you unchecked the box to "validate the server certificate"?  Other option is to install the cert to the Trusted Root Certification Authorities store (I would usually put it in the machine store).

On the client, I've been testing it with a self signed certificate
I'm not sure how to interpret this.  You're putting a self-signed certificate on the client machine that is trying to connect?  Can you provide more detail?
0
 

Author Comment

by:Alex
ID: 38783490
I've installed the self signed certificate on the laptop and it worked fine on a Windows 2008 server that I installed just for testing so it looks like the configuration is fine. I'll just discard the idea of using self signed certificate for this anyway.

My client has a wildcard certificate, but it doesn't work so I believe this is one of the reasons.

I'll get a normal certificate tomorrow and go back to the 2003 server to test
0
 
LVL 41

Accepted Solution

by:
footech earned 1500 total points
ID: 38783611
My preferred method is to have a CA for the domain.  Then the certificate for the IAS/NPS server is issued from that.  This way all the domain clients will automatically trust the domain CA, and therefore the cert for the IAS/NPS.  A lot less headache than using a self-signed cert.  However, non-domain clients will have to be dealt with if you want them to connect.

I have never tried a wildcard cert personally, but I believe I've read that you can't use one (without customizing clients) because PEAP wants the cert name to match the FQDN of the RADIUS server.  Unchecking the "validate server certificate" box should still get around this however.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question