Linksys WAP54G on Windows 2000 IAS (Radius)

Hi!

I need to setup a wireless network using Linksys WAP54G v3 thru a radius
server (windows 2000 server AD). It seems my setup didn't work thru:
http://www.windowsnetworking.com/kb...adiustoauthenticatewireless802.1xclients.html

Hope that you'll support me on this.

Me

 

Hi MP. I see that this was cross-posted in the radius newsgroup and some
other places.

Not sure where you're havintg trouble, but if you still need help, I can try
answer here if you want. The most common problems I've experienced setting
up radius are...

- the radius client settings are not correct on the IAS server
- the radius server settings are not correct on the radius client (the AP)
- the secret doesn't match
- the IAS sever is not registered in the domain
- there is some default on the policy or user account that needs changed to
actually permit authentication
- your cert server is not set up correctly (too many or too few certs, is
the right one selected in the IAS policy?)
- a modification has been made to policies such that no IAS policy is
actually matching the request
- a firewall is blocking traffic

After you doublecheck for all those settings, check the system event log for
IAS events to see whether you're getting failures or whether it's not
getting that far.

I forget whether Windows 2000 supports PEAP, but if you can enable
PEAP/MSCHAPv2 on the server and disable cert validation and using your
winlogon creds on the wireless supplicant, you should be prompted for your
password.

Using PEAP w/o cert validation on the supplicant removes the PKI requirement
on the client, making troubleshooting easier.

Here are some links that might be useful, too:

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifitrbl.mspx

http://technet2.microsoft.com/WindowsServer/en/Library/1d497af2-be8a-4e9f-a586-e01bff1862d01033.mspx



Hope this helps!

-Carl

 

Hi Carl,

thanks for the reply. Do I need to set my windows 2000 domain mixed mode to
native mode? Will there be no problem on my windows nt workstation clients &
98 connected to this server if I will switch to native mode? The reason why
I ask is that Remote Access Policy was disabled on AD Users and Group and as
I read some articles, AD must be in native mode to support RAP. I do have
W2K Server DCs and some WNT Server for some of my applications.

If you need more details on my configuration just let me know.


MP

 

Sorry - I can't remember all the details of supporting older OS's.

: )

The microsoft.public.internet.radius newsgroup will be better for that.

But as I recall, only certain user dialin properties are available in mixed
mode (this is because when NT4 handles user account it can't accomodate the
extra dialin data from the AD). If you have a radio button that says "grant"
or "permit" on the user (but "policy" is disabled) then you can still use
most of the features - "policy" is a NULL setting on the user object that
allows a setting on the profile to be used instead.

You can tweak other properties of the profile to cause access to be denied
(other than the grant/deny setting, which is overriden if there's a setting
on the user anyway).

There are probably a lot of options for your deployment but I wouldn't want
to recommend anything that would upset your downlevel clients.

I would say you should test with an XPSP2 wireless client. That will prove
whether your basic backend infrastructure is working. Then it becomes an
issue of helping along the older clients.

You can also try setting up a private AP for testing, along with a custom
policy that matches the IP address of the AP. Then try to allow everything.
If you get it working, you can then modify it to be more restrictive about
granting access.

-Carl

--
Standard Disclaimers -
This posting is provided "AS IS" with no warranties,
and confers no rights. Please do not send e-mail directly
to this alias. This alias is for newsgroup purposes only.