Re: Mobile 2003 Radius authentication requirements

From: David (David_at_discussions.microsoft.com)
Date: 02/25/05 

Date: Thu, 24 Feb 2005 17:01:01 -0800

Thanks for the info.

So where does the cert com from "using TLS"? I implemented 802.1x RADIUS
authentication on my domain and did not have a CA installed. All was well
with PC's and Laptops. So you are saying that IAS creates its own Certificate
without the need for Windows Certificate services installed or existing on
the Domain.

My other question is why must you have certificate services installed in
order to use 802.1x RADIUS authentication on Mobile 2003 PPC. My IPAQ
supports PEAP, however once credintials are used, I recieve an error
concerning the certificate issued, unless I install a personel certificate on
the PPC.

Thank you in advance.

"Mark Gamache" wrote:

> PEAP protects the EAP conversation using a TLS tunnel. It does this by
> using the certificate on the IAS server. Once the TLS session is opened,
> you can then authenticate inside the tunnel using MS-CHAP v2 (username
> password) or via a client cert (TLS). Either works. Additionally, you can
> force the initial protection to validate the IAS server certificate. This
> is vital with wireless, otherwise you cant be sure that you are not being
> spoofed by a malicious AP with the same SSID as the one you are looking for.
>
> Cheers,
>
> --
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
>
>
>
> "David" <David@discussions.microsoft.com> wrote in message
> news:E0A32471-11CD-433C-A325-E4AF19AED791@microsoft.com...
> >I currently have a RADIUS server (Windows 2003) setup and configure for my
> > access points on my domain. I connect with PC's or Laptops using PEAP,
> > 802.1x
> > authentication, AD username and pw.
> >
> > I have an IPAQ device (HP Windows Mobile 2003) that I finally got
> > connected,
> > but do not thoroughly understand the requirements. First, why must the
> > IPAQ
> > have a certificate from the CA in my domain (Which I had to install for
> > this
> > sole purpose) when my laptops or pc's never required this. What exactly is
> > the issue, and the difference.
> >
> > PLease help.
> >
> > Thanks
> >
> > dw
>
>
>

Relevant Pages

  • Re: TLS
    ... On the receive side, once you install the certificate, it is ... A client connecting to your server may use it but is not required. ... On the sending side, once you enable the "use TLS" setting, ... The procedure involves "installing" a certificate on the receiving side. ...
    (microsoft.public.exchange.connectivity)
  • Re: Certificates/SSL Connections From Behind ISA
    ... but I can't seem to get the certificate from the ... for web chaining to work that way you don't install a server ... actually install a client certificate used for authentication to the ... Did you install Sun's JVM, ...
    (microsoft.public.isaserver)
  • Re: TLS
    ... The procedure involves "installing" a certificate on the receiving side. ... soon as you install the certificate, your server will begin to advertise ... On the remote side you can require TLS on the send connector. ... Ive been asked to setup encypted emails for one of our sister companies ...
    (microsoft.public.exchange.connectivity)
  • Re: TLS
    ... Is it possible to enable TLS but not enforce it? ... The procedure involves "installing" a certificate on the receiving side. ... soon as you install the certificate, your server will begin to advertise ... Ive been asked to setup encypted emails for one of our sister companies ...
    (microsoft.public.exchange.connectivity)
  • Re: Authentication Certificate
    ... retail version but have lost the authentication ... >> purchased a new PC and I'm trying to install XP on it. ... >> Unfortunately I've lost my authentication certificate ...
    (microsoft.public.windowsxp.setup_deployment)