Setting up XP+IAS+Auto-enrollment wireless LAN?

Discussion in 'Wireless Networking' started by Al Blake, Sep 29, 2004.

  1. Al Blake

    Al Blake Guest

    Environment: Windows 2003 Native AD LAN
    12 Windows 2003 servers, inclduing IAS running on W2k3 Enterprise
    600 Windows XP SP2 laptops/desktops.

    Proposal: Provide seamless, secure wireless connectivity for 250+ XP SP2
    Laptops through Cisco 1200 APs.

    I have searched around for as much information as I can on technet/MSDN
    regarding setting up wireless LANs and securing them using auto-enrolled
    certificates from a certificate server....but I am getting confused with
    terminalogy and where I need to go next. Most of the white paers and
    examples seem to relate to smartcard setup - which we ar enot doing.

    So far I have configured a test OU in my AD and placed a single laptop in
    there. I have rebooted the laptop and it gets issued with a certificate
    automatically which is exactly what I want to happen. Questions:

    a) The example I had told me to use a 'User certificate' template to
    autoenrol the machine. Is this correct or should I have created a copy of a
    'computer' certificate and used that on the machine OU (is there any
    difference between a computer certificate and a user certificate in Windows
    Certificate services).

    b) If we are going to use the autoenrolled certificates as the basis for
    security in our WLAN setup do we need to auto-enrol certificates for users
    AND computers? (ie should the user OU and the computer OU be setup to issue
    certs?)

    c) What next? Once I have got certificates automatically issued for the user
    and/or the computer how do I setup the whole thing so that the Access points
    use them? I have configured the access points to use my IAS server as radius
    for authentication and know that is working form the point of view of
    authenticating my telnet login to the AP....but what do I need to tell them
    to use the certs?

    d) Can someone confirm whether we still need WEP if we are using EAP?

    e) What do we need to setup on the IAS server to support EAP?

    I am sorry this is so vague but I thought I had it sorted for a while and
    then just got more confused with all the terminalogy and options.
    If anyone can point me at a white paper 'setting up IAS to support EAP and
    autoenrolled certificates' I would really appreciate it!

    Regards
    Al Blake, Canberra, Australia
     
    Al Blake, Sep 29, 2004
    #1
    1. Advertising

  2. In article <#>, in the
    microsoft.public.windows.server.security news group, Al Blake
    <> says...

    > I am sorry this is so vague but I thought I had it sorted for a while and
    > then just got more confused with all the terminalogy and options.
    > If anyone can point me at a white paper 'setting up IAS to support EAP and
    > autoenrolled certificates' I would really appreciate it!
    >

    http://www.microsoft.com/technet/Security/prodtech/win2003/pkiwire/swlan
    ..mspx
    --
    Paul Adare
    This posting is provided "AS IS" with no warranties, and confers no
    rights.
     
    Paul Adare - MVP - Microsoft Virtual PC, Sep 29, 2004
    #2
    1. Advertising

  3. To add:

    auto-enrollment:
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx

    MSS wireless:
    http://www.microsoft.com/downloads/...B3-010B-47E7-B234-A27CDA291DAD&displaylang=en

    Wireless PEAP:
    http://www.microsoft.com/downloads/...a1-9820-480e-aa38-63485eca8b9b&displaylang=en



    --


    David B. Cross [MS]

    --
    This posting is provided "AS IS" with no warranties, and confers no rights.

    http://support.microsoft.com

    "Paul Adare - MVP - Microsoft Virtual PC" <> wrote in
    message news:...
    > In article <#>, in the
    > microsoft.public.windows.server.security news group, Al Blake
    > <> says...
    >
    >> I am sorry this is so vague but I thought I had it sorted for a while and
    >> then just got more confused with all the terminalogy and options.
    >> If anyone can point me at a white paper 'setting up IAS to support EAP
    >> and
    >> autoenrolled certificates' I would really appreciate it!
    >>

    > http://www.microsoft.com/technet/Security/prodtech/win2003/pkiwire/swlan
    > .mspx
    > --
    > Paul Adare
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
     
    David Cross [MS], Sep 29, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. RJ45
    Replies:
    0
    Views:
    1,966
  2. jonwoh
    Replies:
    2
    Views:
    506
    jonwoh
    Apr 1, 2005
  3. Ken Rosen [MS]

    MCT enrollment is now open!

    Ken Rosen [MS], Oct 14, 2004, in forum: MCAD
    Replies:
    7
    Views:
    382
    Ken Rosen [MS]
    Nov 5, 2004
  4. Ken Rosen [MS]

    MCT enrollment is now open!

    Ken Rosen [MS], Oct 14, 2004, in forum: MCDST
    Replies:
    7
    Views:
    483
    Ken Rosen [MS]
    Nov 5, 2004
  5. Ken Rosen [MS]

    MCT enrollment is now open!

    Ken Rosen [MS], Oct 14, 2004, in forum: MCSA
    Replies:
    7
    Views:
    465
    Ken Rosen [MS]
    Nov 5, 2004
Loading...

Share This Page