My Stuff

My Collection of Useful Stuff

Categories
Favorite Links
Recent Entries
Meta

« PreviousNext »

WPA Using IAS as RADIUS Server

27 December 2007

Tech-Recipes.com Forums-viewtopic-HOW tO Wireless WPA/TKIP/CERTIFICATE/RADIUS
1. HOWTO Wireless WPA/TKIP/CERTIFICATE/RADIUS
- this is with a cisco 1200 ap, and microsoft IAS but can be other wireless AP that support this
- every client machine MUST have a certificate
- every client machine MUST be in the correct OU in Activedirectory
- every user account MUST be in the correct OU
- you must have the ssid
- if any one of these is not met, there is no access granted

==========================================
== Wireless WPA/TKIP/CERTIFICATE/RADIUS ==
==========================================

==================
== Server Setup ==
==================

Windows 2003 Server

Install Certificate Server and IAS
-control panel, add remove programs
-add windows components
-certificate services also choose network/IAS
-make Enterprise Root CA
-give common name for CA
Configure Cerificate Authority
-administrative tools, certificate authority
-go to Security tab
-make sure Authenticate Users allow Read and Request
-add group “Domain Computers” and allow Read and Request
-click on Certificate Templates and go to Manage
-go to properties of Computer
-go to Security tab
-make suer all users/groups have Allow Read and Enroll
Create Wireless Users Group in AD
-open users and computers
-add new group “Wireless Users”
-add users to the group that are authorized for wireless
-add computers to the group that are authorized for wireless
-ensure “allow dial-in” is checked for the user account
-ensure “allow dial-in” is checked for the computer account
Import Certificate into the Server
-run “mmc”
-add snap-in certificates
-choose computer account
-expand certificateslocal computer / personal / certificates
-right click and All Tasks, choose request new certificate, type computer
Configure IAS
-open IAS
-click on Radius Clients
-add new client
-enter name, ip, client-vendor type “Cisco”, shared secret
-click on Remote Access Policies
-add New Remote Access Policy
-use wizard
-give name
-choose Wireless wizard
-add group “wireless users”
-make sure PEAP is chosen
-click configure and check “enable fast reconnect”
-finish

Posted in General | Trackback | del.icio.us | Top Of Page

Comments are closed.


Wp Plugins | WordPress

Copyright © 2007 My Stuff

Credits: Matteo Turchetto | Andreas Viklund