Radius Server - Cisco 1242 AP + 2000 IAS with WPA2

This is Interesting: Free IT Magazines  
Home > Archive > Radius Server > July 2006 > Cisco 1242 AP + 2000 IAS with WPA2





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Cisco 1242 AP + 2000 IAS with WPA2
maxximum

2006-07-23, 7:23 am

I have a cisco 1242 AP that i would like to use with IAS/AD authentication
and force users to have WPA2 encryption. I have installed the WPA2 patch on
my computers and issues a computer cert from our trusted CA to both the PCs
and the IAS box. When ever i try to connect the XP PC states that "Windows
was unable to find a certificate to log you on to the network". What are the
setting to make this work. I have been through about 4 different white
papers and each one states something different.


Eric J.

2006-07-27, 1:26 pm

hi,

i think the problem is, that you didn=B4t change the registry-key for
certificate authentication.

for default windows tries to authenticate via user certificate. And so
windows only looks in user store for certificate.

Go to your registry and set up the following:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\EA
POL\PARAMETERS\GENERAL\GLOBAL

and create a DWORD with value of 2

that tells your windows to do authentication via machine cert.

Here is the explanation:

=B7 0 - Computer authentication mode. If computer authentication is
successful, no user authentication is attempted. If the user logon is
successful before computer authentication, user authentication is
performed. This is the default setting for Windows XP (prior to Service
Pack 1).
=B7 1 - Computer authentication with re-authentication. If computer
authentication is successful, a subsequent user logon results in a
re-authentication with user credentials. The user logon has to complete
in 60 seconds or the existing network connectivity is terminated. The
user credentials are used for subsequent authentication or
re-authentication. Computer authentication is not attempted again until
the user logs off the computer. This is the default setting for Windows
XP Service Pack 1 (SP1) and Windows Server 2003.
=B7 2 - Computer authentication only. When a user logs on, it has no
effect on the connection. Only computer authentication is performed.
The exception to this behavior is when a user successfully logs on, and
then roams between wireless APs. In that case, user authentication is
performed. For changes to this setting to take effect, restart the
Wireless Zero Configuration service for Windows XP or Windows Server
2003.


Hope that was what you were looking for

Greetz Eric



maxximum schrieb:

> I have a cisco 1242 AP that i would like to use with IAS/AD authentication
> and force users to have WPA2 encryption. I have installed the WPA2 patch=
on
> my computers and issues a computer cert from our trusted CA to both the P=
Cs
> and the IAS box. When ever i try to connect the XP PC states that "Windo=
ws
> was unable to find a certificate to log you on to the network". What are=
the
> setting to make this work. I have been through about 4 different white
> papers and each one states something different.

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com