Re: Follow Up: Wireless Authnetication to AD Network

Discussion in 'Wireless Networking' started by Ryan Hanisco, Mar 9, 2005.

  1. Ryan Hanisco

    Ryan Hanisco Guest

    I have this exact scenario working across a large multinational corp. PEAP/
    MSCHAPv2 is the way to go.

    Things to look out for:

    1. Only windows 2000 sp4 and XP SP1 and above can truly use this without
    external apps
    2. XP sp2 is the most reliable way to get this going
    3. Many of the WLAN helper apps can interfere. Standardize their experience
    by unstalling these and letting XP handle the connection -- or standardize
    on one kind of card and use that driver only.
    4. Have backups of your IAS implementation and use the MS IASImport utility
    to duplicate server and WAP configs
    5. Plan well for any PKI you are using to manage the certs that you'll need
    for IAS servers.
    6. Cisco WAPs are the most reliable for this and I wouldn't consider other
    equipment for this.

    --
    Ryan Hanisco
    MCSE, MCDBA
    FlagShip Integration Services

    "-->AL" <> wrote in message
    news:%...
    >I just wanted to follow up on my previous post to ensure I convey the
    >correct scenario. The Diagram I've attach is a simple depiction of the
    >network. The main concern is the Wireless Access for users on laptops, and
    >accessing internal network and Internet.
    >
    > Basically, we have a very small network and would like to use Wireless
    > Access Points for some of our users. I know and read that there are
    > several ways you can do this, but I need your assistance and feedback on
    > what I need to do.
    >
    > GOAL:
    > =====
    >
    > (1) Design SIMPLE as possible
    > (2) Users going though WAP must authenticate against AD via IAS
    > (3) We can NOT use CERTIFICATES for Users or Computers - IAS Server can
    > have it though
    > (4) I do not want users to even use the Internet withOUT first
    > authenticating in AD
    > (5) Secure considering Goal 14 is met
    >
    > MY THOUGHT:
    > ============
    >
    > (1) Use PEAP/MS-CHAP2 (Cert only on IAS - from Verisign)
    >
    > QUESTION:
    > =========
    >
    > (1) How are users actually prompted or challenged for proper login - to
    > even access the network and Internet?
    > (2) Based on the Goals, and meeting all of them - what would you suggest?
    >
    >
    > Please be as descriptive as you can get. Again, thank you.
    >
    >
     
    Ryan Hanisco, Mar 9, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?SmFtZXM=?=

    Deleting a "Wireless network" created with the wireless network wi

    =?Utf-8?B?SmFtZXM=?=, Dec 13, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    4,282
    =?Utf-8?B?S2V2aW5S?=
    Feb 3, 2006
  2. Jordan
    Replies:
    1
    Views:
    921
    Pavel A.
    Nov 3, 2007
  3. PL
    Replies:
    1
    Views:
    622
    Todd H.
    Nov 15, 2007
  4. Rupert
    Replies:
    1
    Views:
    922
    Rupert
    May 9, 2004
  5. Joe J.

    Wireless security follow-up

    Joe J., Jul 31, 2008, in forum: Computer Information
    Replies:
    11
    Views:
    645
    Jeff Strickland
    Aug 3, 2008
Loading...

Share This Page