|
Home > Archive > Radius Server > August 2006 > Can this be done? Wireless Access w/o the use if CERTs
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Can this be done? Wireless Access w/o the use if CERTs
|
|
| Robert R Kircher, Jr. 2006-08-08, 1:25 pm |
| Simple enough. I need to provide simple wireless access to my domain but I
don't want to deal with certs at all. I have users (interns) who come and
go and I don't want to have to visit their laptops to install a cert and I
don't want to go through the expense of purchasing a cert from Verisign or
the like. we are a very small office and the need just doesn't justify the
expense. All I want to do is instruct the user on how to add the username
and password that will provide them access to the network. I've tried this
with WEP keys and MAC address assignment in the AP but this method is very
cumbersome and requires my intervention. So I'm looking to make it simpler
w/o just creating an open system.
TIA
--
Rob
"A disturbing new study finds that studies are disturbing"
| |
| Robert R Kircher, Jr. 2006-08-09, 7:21 pm |
| Anyone? Can this be done? Any help would be greatly appritiated.
Thanks,
--
Rob
"A disturbing new study finds that studies are disturbing"
"Robert R Kircher, Jr." <rkircher@newsgroup.nospam> wrote in message
news:eiTpI%23uuGHA.3428@TK2MSFTNGP02.phx.gbl...
> Simple enough. I need to provide simple wireless access to my domain but
> I don't want to deal with certs at all. I have users (interns) who come
> and go and I don't want to have to visit their laptops to install a cert
> and I don't want to go through the expense of purchasing a cert from
> Verisign or the like. we are a very small office and the need just doesn't
> justify the expense. All I want to do is instruct the user on how to add
> the username and password that will provide them access to the network.
> I've tried this with WEP keys and MAC address assignment in the AP but
> this method is very cumbersome and requires my intervention. So I'm
> looking to make it simpler w/o just creating an open system.
>
> TIA
>
> --
>
> Rob
> "A disturbing new study finds that studies are disturbing"
>
| |
| FenderAxe 2006-08-19, 7:20 pm |
| "Robert R Kircher, Jr." <rkircher@newsgroup.nospam> wrote in
news:#RvQfm#uGHA.4160@TK2MSFTNGP06.phx.gbl:
> Anyone? Can this be done? Any help would be greatly appritiated.
>
> Thanks,
>
What server OS are you running? What auth methods does it provide and do
you know how to deploy them? (Eg have you read the docs)
What are the client OS's? Do the clients support the same auth methods the
server has
Are you using a directory service? If not, where are the user accounts
What RADIUS svr r u using
| |
| Robert R Kircher, Jr. 2006-08-20, 1:21 am |
| Server OS: Win 2k3
Clinet OS: Win XP
RADIUS: IAS
Directory Service: Active Directory
I'm using a Netgear WAG102 AP
I get the following 3 messages in the system log when someone trys to access
the network
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 20190
Date: 8/14/2006
Time: 12:47:15 PM
User: N/A
Computer: CEOHDC3
Description:
Because no certificate has been configured for clients dialing in with
EAP-TLS, a default certificate is being sent to user ceoh\administrator.
Please go to the user's Remote Access Policy and configure the Extensible
Authentication Protocol (EAP).
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 20168
Date: 8/14/2006
Time: 12:47:15 PM
User: N/A
Computer: CEOHDC3
Description:
Could not retrieve the Remote Access Server's certificate due to the
following error: Cannot find object or property.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 20 09 80 . .?
Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 3
Date: 8/14/2006
Time: 12:47:15 PM
User: N/A
Computer: CEOHDC3
Description:
Access request for user administrator was discarded.
Fully-Qualified-User-Name = CEOH.COM/CEOH/System
Administration/Administrator
NAS-IP-Address = 192.168.87.250
NAS-Identifier = netgearf154ce
Called-Station-Identifier = 00146CF154CF:NETGEAR_11g - 0
Calling-Station-Identifier = 000E3515834E
Client-Friendly-Name = Netgear WAP
Client-IP-Address = 192.168.87.250
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Reason-Code = 23
Reason = Unexpected error. Possible error in server or client
configuration.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 20 09 80 . .?
--
Rob
"A disturbing new study finds that studies are disturbing"
"FenderAxe" <fa@axe.com> wrote in message
news:Xns9824900FC53D9faaxecom@198.186.190.163...
> "Robert R Kircher, Jr." <rkircher@newsgroup.nospam> wrote in
> news:#RvQfm#uGHA.4160@TK2MSFTNGP06.phx.gbl:
>
>
> What server OS are you running? What auth methods does it provide and do
> you know how to deploy them? (Eg have you read the docs)
>
> What are the client OS's? Do the clients support the same auth methods the
> server has
>
> Are you using a directory service? If not, where are the user accounts
>
> What RADIUS svr r u using
>
>
| |
| James McIllece [MS] 2006-08-22, 7:34 pm |
| "Robert R Kircher, Jr." <rkircher@newsgroup.nospam> wrote in
news:uuevYDAxGHA.3392@TK2MSFTNGP04.phx.gbl:
> Server OS: Win 2k3
> Clinet OS: Win XP
> RADIUS: IAS
> Directory Service: Active Directory
>
> I'm using a Netgear WAG102 AP
>
> I get the following 3 messages in the system log when someone trys to
> access the network
>
> Event Type: Information
> Event Source: IAS
> Event Category: None
> Event ID: 20190
> Date: 8/14/2006
> Time: 12:47:15 PM
> User: N/A
> Computer: CEOHDC3
> Description:
> Because no certificate has been configured for clients dialing in with
> EAP-TLS, a default certificate is being sent to user
> ceoh\administrator. Please go to the user's Remote Access Policy and
> configure the Extensible Authentication Protocol (EAP).
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Event Type: Error
> Event Source: IAS
> Event Category: None
> Event ID: 20168
> Date: 8/14/2006
> Time: 12:47:15 PM
> User: N/A
> Computer: CEOHDC3
> Description:
> Could not retrieve the Remote Access Server's certificate due to the
> following error: Cannot find object or property.
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 04 20 09 80 . .?
>
> Event Type: Error
> Event Source: IAS
> Event Category: None
> Event ID: 3
> Date: 8/14/2006
> Time: 12:47:15 PM
> User: N/A
> Computer: CEOHDC3
> Description:
> Access request for user administrator was discarded.
> Fully-Qualified-User-Name = CEOH.COM/CEOH/System
> Administration/Administrator
> NAS-IP-Address = 192.168.87.250
> NAS-Identifier = netgearf154ce
> Called-Station-Identifier = 00146CF154CF:NETGEAR_11g - 0
> Calling-Station-Identifier = 000E3515834E
> Client-Friendly-Name = Netgear WAP
> Client-IP-Address = 192.168.87.250
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 1
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Reason-Code = 23
> Reason = Unexpected error. Possible error in server or client
> configuration.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 04 20 09 80 . .?
>
>
I am not sure I understand the deployment you are attempting, but from
these messages it appears that you have configured a remote access policy
to use EAP-TLS but you don't have a server certificate.
EAP-TLS requires certificates on clients and on the IAS server.
PEAP-MS-CHAP v2 only requires a server certficate, while users provide
password-based credentials, plus this auth method provides strong security.
If you don't want to use PEAP I think there is a good scenario in this
wireless whitepaper that is designed for a workgroup environment:
"Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home
Office or Small Organization Networks" at
http://www.microsoft.com/downloads/...=269902e8-fc41-
4eb1-9374-44612e64f0fb&displaylang=en
If that is not pertinent to your circumstances please let me know and I
will query the wireless team for other ideas on your behalf.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
|
|