IAS & CA

Discussion in 'MCSE' started by Knowledge Hungry, Sep 2, 2006.

  1. Hi all,

    here is my setup: 1 Windows 2003 server that hosts, DNS, DHCP, AD, CA, and
    IAS; 2) 1 windows xp client with SP2; 3) one DLINK 524 wireless router

    Now i have setup my router to forward all wireless access attempts to my IAS
    (Radius Server). I setup the CA to issue computer Certificates as well as
    user Certificates. Now on the windows xp machine i removed both user cert
    and computer cert, and i attempted to logon on to my wireless access point
    and i connected without a problem. Now my question is, since i removed both
    certs off the computer, i shouldnt have been able to connect to the WAP
    because i was missing those Certificates. Why was i able to connect without
    it failing to authenticate?
     
    Knowledge Hungry, Sep 2, 2006
    #1
    1. Advertising

  2. "Knowledge Hungry" wrote:

    > Hi all,
    >
    > here is my setup: 1 Windows 2003 server that hosts, DNS, DHCP, AD, CA, and
    > IAS; 2) 1 windows xp client with SP2; 3) one DLINK 524 wireless router
    >
    > Now i have setup my router to forward all wireless access attempts to my IAS
    > (Radius Server). I setup the CA to issue computer Certificates as well as
    > user Certificates. Now on the windows xp machine i removed both user cert
    > and computer cert, and i attempted to logon on to my wireless access point
    > and i connected without a problem. Now my question is, since i removed both
    > certs off the computer, i shouldnt have been able to connect to the WAP
    > because i was missing those Certificates. Why was i able to connect without
    > it failing to authenticate?


    Re-Check the setting both of them
    IAS and WAB
     
    =?Utf-8?B?T1RITUFO?=, Sep 3, 2006
    #2
    1. Advertising

  3. what do you mean? which settings?
    "OTHMAN" <> wrote in message
    news:...
    > "Knowledge Hungry" wrote:
    >
    >> Hi all,
    >>
    >> here is my setup: 1 Windows 2003 server that hosts, DNS, DHCP, AD, CA,
    >> and
    >> IAS; 2) 1 windows xp client with SP2; 3) one DLINK 524 wireless router
    >>
    >> Now i have setup my router to forward all wireless access attempts to my
    >> IAS
    >> (Radius Server). I setup the CA to issue computer Certificates as well as
    >> user Certificates. Now on the windows xp machine i removed both user cert
    >> and computer cert, and i attempted to logon on to my wireless access
    >> point
    >> and i connected without a problem. Now my question is, since i removed
    >> both
    >> certs off the computer, i shouldnt have been able to connect to the WAP
    >> because i was missing those Certificates. Why was i able to connect
    >> without
    >> it failing to authenticate?

    >
    > Re-Check the setting both of them
    > IAS and WAB
     
    Knowledge Hungry, Sep 4, 2006
    #3
  4. "Knowledge Hungry" wrote:

    > what do you mean? which settings?
    > >>here is my setup:
    > >>1 Windows 2003 server that hosts, DNS, DHCP, AD, CA, and IAS;
    > >>2) 1 windows xp client with SP2;
    > >>3) one DLINK 524 wireless router


    > >>Now i have setup my router to forward all wireless access attempts to my IAS
    > >>(Radius Server).


    Which Authentication Protocols are you uising? (EAP-TLS or PEAP)
    If you are using EAP-TLS certificate based Authentication, Cleit and Radius
    server need a Certificate from a Trust CA.
    If you are using PEAP Authenticate client by using username and password. it
    uses MS-CHAPv2. IAS for CA. you don't need CA on the client, you just need it
    only on the RADIUS server.


    > >>I setup the CA to issue computer Certificates as well as user Certificates.
    > >>Now on the windows xp machine i removed both user cert and computer cert,
    > >>and i attempted to logon on to my wireless access point and i connected without a problem.


    > >>Now my question is, since i removed both certs off the computer,
    > >>i shouldnt have been able to connect to the WAP
    > >>because i was missing those Certificates.


    Is the Windows XP member of workgroup or domain.

    > >>Why was i able to connect without it failing to authenticate?
     
    =?Utf-8?B?T1RITUFO?=, Sep 4, 2006
    #4
  5. =?Utf-8?B?T1RITUFO?=, Sep 5, 2006
    #5
  6. Currently i'm using PEAP. So that would explain why I was able to
    authenticate. Is the only use for a cert on the server using PEAP to verify
    the identity of the server? So is EAP-TLS better than PEAP?
    "OTHMAN" <> wrote in message
    news:...
    > "Knowledge Hungry" wrote:
    >
    >> what do you mean? which settings?
    >> >>here is my setup:
    >> >>1 Windows 2003 server that hosts, DNS, DHCP, AD, CA, and IAS;
    >> >>2) 1 windows xp client with SP2;
    >> >>3) one DLINK 524 wireless router

    >
    >> >>Now i have setup my router to forward all wireless access attempts to
    >> >>my IAS
    >> >>(Radius Server).

    >
    > Which Authentication Protocols are you uising? (EAP-TLS or PEAP)
    > If you are using EAP-TLS certificate based Authentication, Cleit and
    > Radius
    > server need a Certificate from a Trust CA.
    > If you are using PEAP Authenticate client by using username and password.
    > it
    > uses MS-CHAPv2. IAS for CA. you don't need CA on the client, you just need
    > it
    > only on the RADIUS server.
    >
    >
    >> >>I setup the CA to issue computer Certificates as well as user
    >> >>Certificates.
    >> >>Now on the windows xp machine i removed both user cert and computer
    >> >>cert,
    >> >>and i attempted to logon on to my wireless access point and i connected
    >> >>without a problem.

    >
    >> >>Now my question is, since i removed both certs off the computer,
    >> >>i shouldnt have been able to connect to the WAP
    >> >>because i was missing those Certificates.

    >
    > Is the Windows XP member of workgroup or domain.
    >
    >> >>Why was i able to connect without it failing to authenticate?
     
    Knowledge Hungry, Sep 5, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Harrison Midkiff

    Re: Wireless Problems Using IAS

    Harrison Midkiff, Jun 26, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    1,378
    peter
    Jun 28, 2004
  2. Harrison Midkiff

    IAS fails with certs from Stand Alone CA

    Harrison Midkiff, Jul 20, 2004, in forum: Wireless Networking
    Replies:
    2
    Views:
    20,569
    Patrick Sears [MSFT]
    Jul 22, 2004
  3. Mike

    good Wireless G WAP to use with Win2003 IAS

    Mike, Aug 2, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    958
  4. Al Blake

    Setting up XP+IAS+Auto-enrollment wireless LAN?

    Al Blake, Sep 29, 2004, in forum: Wireless Networking
    Replies:
    2
    Views:
    2,321
    David Cross [MS]
    Sep 29, 2004
  5. Jeff
    Replies:
    2
    Views:
    1,945
Loading...

Share This Page