• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 808
  • Last Modified:

RADIUS on windows 2003 and wireless security setup

Gents,

I'm setting up a RADIUS server and on my lab it worked fine as long I use a real certificate. On the client, I've been testing it with a self signed certificate but no luck, so I'm not sure if the certificate is avoiding the clients to work or not.

Here is the event error

The description for Event ID ( 2 ) in Source ( IAS ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: administrator, xxxxxxxxxxxxxxx\administrator, 192.168.35.71, c0c1c059bb48, c0c1c059bb48, 68a3c4c72256, Oval Wireless, 192.168.35.71, Wireless - IEEE 802.11, 51, Use Windows authentication for all users, %%2147483688, %%2147483685, Oval Wireless, PEAP, %%2147483685, 16, %%4112.

I've used this guide to setup, which worked fine on my lab:

http://jefferyland.wordpress.com/2009/10/11/setting-up-server-2003-as-a-radius-with-dd-wrt/

Could you guys tell me what am I missing? I've seen reports that RADIUS work fine with self signed certificates, so why am I having these problems?
0
Alex
Asked:
Alex
  • 2
1 Solution
 
footechCommented:
When not using a CA, I would say most problems stem from the certificate not being trusted.  Have you unchecked the box to "validate the server certificate"?  Other option is to install the cert to the Trusted Root Certification Authorities store (I would usually put it in the machine store).

On the client, I've been testing it with a self signed certificate
I'm not sure how to interpret this.  You're putting a self-signed certificate on the client machine that is trying to connect?  Can you provide more detail?
0
 
AlexAuthor Commented:
I've installed the self signed certificate on the laptop and it worked fine on a Windows 2008 server that I installed just for testing so it looks like the configuration is fine. I'll just discard the idea of using self signed certificate for this anyway.

My client has a wildcard certificate, but it doesn't work so I believe this is one of the reasons.

I'll get a normal certificate tomorrow and go back to the 2003 server to test
0
 
footechCommented:
My preferred method is to have a CA for the domain.  Then the certificate for the IAS/NPS server is issued from that.  This way all the domain clients will automatically trust the domain CA, and therefore the cert for the IAS/NPS.  A lot less headache than using a self-signed cert.  However, non-domain clients will have to be dealt with if you want them to connect.

I have never tried a wildcard cert personally, but I believe I've read that you can't use one (without customizing clients) because PEAP wants the cert name to match the FQDN of the RADIUS server.  Unchecking the "validate server certificate" box should still get around this however.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now