|
Home > Archive > Radius Server > October 2006 > IAS PEAP wireless authentication issue
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IAS PEAP wireless authentication issue
|
|
|
| Hi, I've been asked to build a sort of Public Wireless Hotspot to let
external users (with laptop that I will not see or administer) to access our
network and internet, only providing (given from us) username and password...
I think that the correct solution could be IAS (Radius) and WPA... right ??
Following technet Webcast, I built a DC w2k3 with DNS, DHCP, IIS, CA and IAS.
Everything works fine only if I pre-configure the client wireless settings...
If a new laptop, browsing the wireless network, try to access the hotspot,
the connection is unsuccessful because the laptop try to logon to the Radius
server with guest credentials... (I see this in the eventviewer of the IAS
server)
Now, I don't know what to do... use Wireless Provisioning Services ?
Is it possible to make work AP in WPA with Radius server without a DC or a
CA ?
Note that I can't touch external clients... I can't install certificates on
them...
I can't pre-configure their wireless settings or insert them in a domain...
Everything have to work only with usernames and passwords...
Any help will be GREATLY appreciated...
Diego
| |
| James McIllece [MS] 2006-10-02, 7:54 pm |
| =?Utf-8?B?RGllZ28=?= <Diego@discussions.microsoft.com> wrote in
news:20EC0339-62A4-4CD2-8CDB-A24C60EB5A37@microsoft.com:
> Hi, I've been asked to build a sort of Public Wireless Hotspot to let
> external users (with laptop that I will not see or administer) to
> access our network and internet, only providing (given from us)
> username and password...
>
> I think that the correct solution could be IAS (Radius) and WPA...
> right ??
>
> Following technet Webcast, I built a DC w2k3 with DNS, DHCP, IIS, CA
> and IAS. Everything works fine only if I pre-configure the client
> wireless settings... If a new laptop, browsing the wireless network,
> try to access the hotspot, the connection is unsuccessful because the
> laptop try to logon to the Radius server with guest credentials... (I
> see this in the eventviewer of the IAS server)
>
> Now, I don't know what to do... use Wireless Provisioning Services ?
> Is it possible to make work AP in WPA with Radius server without a DC
> or a CA ?
>
> Note that I can't touch external clients... I can't install
> certificates on them...
> I can't pre-configure their wireless settings or insert them in a
> domain... Everything have to work only with usernames and passwords...
>
> Any help will be GREATLY appreciated...
>
> Diego
>
>
>
>
Hi Diego --
Wireless Provisioning Services is the technology that was created to solve
this issue, however it works only with Windows XP SP2 clients and is not
supported (at this point in time) for future versions of the OS.
The scenario you describe is a little unclear -- you say the users have
user accounts in AD...does that mean that their computers are domain
members? If so, I believe you can push wireless settings down with Group
Policy, though the laptops have to be plugged into the wire for the new
settings (including enrolling a cert if you are using EAP-TLS or PEAP-TLS).
If they are not domain members you might need to give them a floppy or CD
with a wireless config on it. (Either that or instructions on how to
manually configure for the connection.)
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
|
| Hi James, thanks for your help...
I have to explain... this is an Hotel... in AD I have users named "room1",
"room2", ecc... customer's laptops are not members of the domain, so I will
follow your suggestion, and I'll provide some "wireless configuration CD" to
the
reception...
I have to provide them wireless authentication using username and password,
web and mail traffic once authenticated and printing capabilities through an
internal web server with IPP configured...
Just for information, to use WPS I have to create a dll extension for
Radius...
There is a way to have it from Microsoft ? or third party ?
If you have any other idea or alternative solution, don't esitate...
Thanks for your support... thank you VERY much !!
Diego
> Hi Diego --
>
> Wireless Provisioning Services is the technology that was created to solve
> this issue, however it works only with Windows XP SP2 clients and is not
> supported (at this point in time) for future versions of the OS.
>
> The scenario you describe is a little unclear -- you say the users have
> user accounts in AD...does that mean that their computers are domain
> members? If so, I believe you can push wireless settings down with Group
> Policy, though the laptops have to be plugged into the wire for the new
> settings (including enrolling a cert if you are using EAP-TLS or PEAP-TLS).
>
> If they are not domain members you might need to give them a floppy or CD
> with a wireless config on it. (Either that or instructions on how to
> manually configure for the connection.)
>
> --
> James McIllece, Microsoft
>
> Please do not send email directly to this alias. This is my online account
> name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
| |
| James McIllece [MS] 2006-10-04, 1:37 am |
| =?Utf-8?B?RGllZ28=?= <Diego@discussions.microsoft.com> wrote in
news:3FE8EF39-1190-4C2D-83CC-BF9796FD6DB2@microsoft.com:
> Hi James, thanks for your help...
>
> I have to explain... this is an Hotel... in AD I have users named
> "room1", "room2", ecc... customer's laptops are not members of the
> domain, so I will follow your suggestion, and I'll provide some
> "wireless configuration CD" to the
> reception...
>
> I have to provide them wireless authentication using username and
> password, web and mail traffic once authenticated and printing
> capabilities through an internal web server with IPP configured...
>
> Just for information, to use WPS I have to create a dll extension for
> Radius...
> There is a way to have it from Microsoft ? or third party ?
>
> If you have any other idea or alternative solution, don't esitate...
> Thanks for your support... thank you VERY much !!
>
> Diego
>
>
>
>
Hi Diego --
Yes, with WPS you need a developer who can create a RADIUS extension DLL.
The WPS whitepaper contains the basic info the dev needs to do this. You
also pretty much need to be (or have) a SQL server admin and you need a
custom application to handle the creation of user accounts. The technology
was designed for ISPs so it assumes a lot of dev resources on hand.
I believe there is a wizard that comes built into XP that allows you to
create a profile for easy distribution to multiple machines -- if I recall
correctly this whitepaper provides information on how to use it:
"Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home
Office or Small Organization Networks" at
http://www.microsoft.com/downloads/...=269902e8-fc41-
4eb1-9374-44612e64f0fb&displaylang=en
Not sure if that paper is a perfect fit for your situation but it might
help a lot. If that doesn't help let me know and I will ask the wireless
writer where that content is located.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
|
|