Solved

RADIUS Server Certificate

Posted on 2014-03-23
7
291 Views
Last Modified: 2014-03-25
Hello Experts:

I will be installing and configuring a RADIUS server on either Windows Server 2003 or Windows Server 2008 R2.  It is due to a migration from Windows 2003.  

I need to find out if the current RADIUS Server running on Windows 2003 has a certificate or uses a certificate.  Please let me know how I find that one out.

Also, does a RADIUS server need a certificate to work properly?

Thanks
Willie
0
Comment
Question by:willie0-360
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 21

Expert Comment

by:Jakob Digranes
ID: 39949697
If you need a certiticate or not depends on how authentication is set up. But if you use (and you really should use this) PEAP - then you need a certificate on radius server. With PEAP the client and Radius server sets up a secure encrypted tunnel where user credentials can be exchanged, either this be ms-chapV2 or EAP-TLS.

To find what cert the 2003 is using, you can go to administrative tools - Internet Authentication Services - go to network policies - choose edit profile - authentication, there you should see it (sorry - I might be a bit rusty, been some time since I've worked with 2003 radius)

You can also start MMC and add snap-in certificates - local machine - and see under personal if a RAS/IAS certificate, or server/computer certificate is enrolled - then it might be used with radius
0
 

Author Comment

by:willie0-360
ID: 39950523
Thanks for your response jakob_di.

Your response raises the question of how do I determine if I am using PEAP or any other.

Also, I did what you suggested in your second paragraph.  I went to Administrative Tools --> Internet Authentication Services, but I was not able to find Network Policies and what follows after that.

I also tried starting the MMC, but when I tried to snap in a certificate, it seems that it wants to  create/install a new certificate.

I need more help.


Thanks.
Willie
0
 
LVL 21

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 500 total points
ID: 39951022
sorry --- my bad. remembered it wrong. See attached pictureias 2003
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 

Author Comment

by:willie0-360
ID: 39951165
Based on that, I would say we are using PEAP.  Please see the attached word document with the pictures I included.

Figure 1indicates I am using PEAP.  However, Figure 1 shows that a certificate could not be found that can be used with this EAP, even though it is using PEAP.  In your first post, you indicated that if using PEAP a certificate is required.  Then, what does that message about a certificate not found means?

Also, Figure 2 has Microsoft Encrypted Authentication version 2 (MS-CHAP v2), does that mean anything regarding the use of certificates?

Thanks.
Willie
wireless.experts.exchange.docx
0
 
LVL 21

Accepted Solution

by:
Jakob Digranes earned 500 total points
ID: 39951266
yes - you're not using PEAP - at least any more. It might be that the certificate is expired and thus not found anymore.
But you're using mschap v2 only.
ms-chapV2 can in fact be broken, and should not be used without PEAP
0
 

Author Comment

by:willie0-360
ID: 39953390
Thanks a lot for your help jakob_di.  I hope to find you again in the future.


Willie
0
 
LVL 21

Expert Comment

by:Jakob Digranes
ID: 39953438
Excellent .... Glad to help :-)

jakob
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question