Re: IAS and Wireless
From: James McIllece [MS] (jamesmci_at_online.microsoft.com)
Date: 03/30/04
- Previous message: MrMarlboro: "IAS Log Files"
- In reply to: Linux Penguin: "IAS and Wireless"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Mar 2004 12:48:10 -0800
linux.penguin@tiscali.co.uk (Linux Penguin) wrote in
news:4cd1b995.0403290151.552fd263@posting.google.com:
> We are currently looking into wifi for our London office (meeting
> rooms only).
>
> I have done alot of research and come to the following conclusion
>
> use IAS as RADIUS server
> use RSA as authentication - Windows Server 2003 IAS supports RSA
>
> Now I am a bit confused about certificates - do I need certificate
> using Microsoft Server 2003 CA or not.
Hi there --
I noted from your other post (sorry never personally tried the DLink AP you
asked about) that you are interested in deploying PEAP with 802.1X, which
is a great choice for wireless as it has strong security (TLS channel,
encrypted traffic between client and AP with encryption keys supplied by
IAS, etc) and cool features like fast reconnect.
When you deploy PEAP, you choose the authentication type that you use.
PEAP-MS-CHAP v2 is a password-based authentication method that provides
mutual authentication, which means that the client is authenticated by the
server with the user's password based credentials (and/or machine account
and password) AND the client authenticates the server with the server
certificate.
Thus your IAS server needs a server certificate when you deploy PEAP-MS-
CHAP v2, but client computers do not (although they must trust the CA that
issues the server certificate). To get the server cert you can deploy your
own public key infrastructure (PKI) (Windows Server comes with Certificate
Services so that you can do this) or you can obtain a server certificate
from a company like Verisign.
For information on IAS, see
http://www.microsoft.com/windowsserver2003/technologies/ias/default.mspx
Great PEAP info is found in docs at that link. In particular read
"Enterprise Deployment of Secure 802.11 Networks Using Microsoft Windows"
and "The Advantages of Protected Extensible Authentication Protocol (PEAP)"
For information on how to deploy a public key infrastructure, see
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deplo
yguide/en-
us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguid
e/en-us/dssch_pki_overview.asp
For information on how to deploy VPN, please see the Resource Kit chapter
"Deploying a VPN Remote Access Server Solution" at
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deplo
yguide/en-
us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguid
e/en-us/dnsbf_vpn_scnu.asp
You can also find comprehensive information on these topics in the product
Help.
-- James McIllece, Microsoft Please do not send email directly to this alias. This is my online account name for newsgroup participation only. This posting is provided "AS IS" with no warranties, and confers no rights.
- Previous message: MrMarlboro: "IAS Log Files"
- In reply to: Linux Penguin: "IAS and Wireless"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
