|
Home > Archive > Radius Server > September 2006 > Certificate Autoenrollment
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Certificate Autoenrollment
|
|
|
| Hello All,
I am planning to implement 802.1x for wired and wireless network. I've
decided to use Certificate as authentication method. With this method, each
user and computer in the domain need to have a certificate from the Microsoft
CA. I'd like to take advantage of the certificate autonrollment feature, but
I am not so sure which server(Domain Controller, IAS or CA) should run
Windows 2003. Right now I run all under Windows 2000.
Thank You,
Andy
| |
|
| CA is need to install at Win2k3 Enterprises Edition which having the
autoenrollment function.
| |
|
| Thanks Mark
--
Andy
"Mark" wrote:
> CA is need to install at Win2k3 Enterprises Edition which having the
> autoenrollment function.
>
>
>
| |
| rusha.mitra 2006-09-01, 12:33 am |
| If you want to configure a Radius server test setup you should have
1.Domain Contoller windows 2003
2.IAS running on windows 2003
3.Enterprise root CA running on windows 2003
4. Server certificte from CA root | |
| James McIllece [MS] 2006-09-01, 7:50 pm |
| rusha.mitra <rusha.mitra.2dfzkd@mail.webservertalk.com> wrote in
news:rusha.mitra.2dfzkd@mail.webservertalk.com:
>
> If you want to configure a Radius server test setup you should have
>
> 1.Domain Contoller windows 2003
> 2.IAS running on windows 2003
> 3.Enterprise root CA running on windows 2003
> 4. Server certificte from CA root
>
>
>
> --
> rusha.mitra
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message1631645.html
>
This is correct if you are deploying PEAP-MS-CHAP v2 for 802.1X wireless
connections. PEAP-MS-CHAP v2 only requires the following certificates:
-- The Enterprise Root CA certificate must be present in the Trusted Root
Certification Authorities certificate store for the Local Computer and the
Current User. (After you install your Enterprise Root CA, these certs are
pushed automatically to domain member clients via Group Policy -- no
additional config is necessary). This certificate tells the client to trust
the server certificate that is issued by the same trusted root CA.
-- The IAS server certificate. You must configure this cert yourself and
configure it to be autoenrolled to IAS servers that are members of the RAS
and IAS servers group in AD.
With PEAP-MS-CHAP v2, users are authenticated and authorizes with their
password-based credentials.
For EAP-TLS or PEAP-TLS, you must also enroll client certificates or
distribute certificates on smart cards.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
|
|