Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
User Panel

Posted: 10/4/2005 9:09:10 AM EDT
Ok, I am a network admin (one of a team of ten or so) for a medium sized government network.  We are primarily a Windows network running mostly Windows 2000 and 2003 servers in an active directory environment.

Here is the issue:  I would like to implement WPA secured wireless access points on our network using 802.1x and EAP for security.

What we have:

1. Various makes and models of Wirelss APs that support WPA using 802.1x
2. A RADIUS server inside the network

So far, I can get the AP to talk to the RADIUS server and the wireless client to see the AP.  When it tries to authenticate, Windows (XP, SP2) telle me I cannot find a suitable certificate.  This is expected.  I assume I need to put a CA and a certificate of some sort on the RADIUS server and issue certs to the clients.

My question: have any of you done something similar?  How and what kind of certificate did you put on the RADIUS server?  How and what certificates had to be put on the client?

Thanks!
Link Posted: 10/4/2005 6:36:38 PM EDT
[#1]
I'll check ours tomorrow.  We're using ours for primarily VoIP w/ Wireless Phones but also can connect w/ our laptops.  I'm thinking we're WEP though, not WPA.  I'll let you know.
Link Posted: 10/8/2005 3:13:12 PM EDT
[#2]
you need to load certificate services on a couple of the DCs so they start issuing certificates. Are you using the MS Radius services? if so it should be pretty easy, use these links to get the info you are looking for:

This is the best one:

www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx


www.microsoft.com/technet/community/columns/cableguy/cg1202.mspx

support.microsoft.com/default.aspx?scid=kb;en-us;837911

support.microsoft.com/default.aspx?scid=kb;en-us;842439


This is the latest stuff. haven't monkeyed with this at work yet..

download.microsoft.com/download/0/0/e/00ef629d-b2a1-481d-b756-a15203043def/WPSdeploy.doc
Link Posted: 10/13/2005 6:54:05 AM EDT
[#3]
I'll thumb through those articles and see if they help.

Our RADIUS server is running Steel Belted Radius.  I guess I need to install a CA of some type on the RADIUS server and configure it to handle the EAP requests from the AP.

Any suggestions on what kind of CA I need to put on the RADIUS server?  We do have DCs with certificates on them, but for test purposes, it would probably be better if the RADIUS server has its own seperate certificate structure.
Link Posted: 10/13/2005 12:28:45 PM EDT
[#4]
beats me. i'm not familiar with it. We are using MS Cert Services(Free) and MS Radius (FREE, AKA Internet Authentication Service). I don't suppose it matters what CA you use as long as you can get the PCs in your AD to enroll for Machine certificates though.
Link Posted: 10/14/2005 6:57:13 AM EDT
[#5]
Well, one of the articles above had a checklist for doing machine authentication.  It appears that as long as I have an issuing CA on the RADIUS server, I can add the RADIUS CA as a trusted authority to the client and also add an issued computer certificate to the client and it *should* work.  I see now why many people either use third party stuff or WPA-PSK for this sort of thing!

Thanks for the help!
Close Join Our Mail List to Stay Up To Date! Win a FREE Membership!

Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!

You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.


By signing up you agree to our User Agreement. *Must have a registered ARFCOM account to win.
Top Top