Re: Mobile 2003 Radius authentication requirements

From: David (David_at_discussions.microsoft.com)
Date: 02/25/05

Next message: David: "Does WINDOWS 2003 IAS require Certificate services"
Previous message: Timo: "Locking down IAS and NAS"
In reply to: Mark Gamache: "Re: Mobile 2003 Radius authentication requirements"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 24 Feb 2005 18:11:02 -0800

The Vendor is HP and useless. I have consulted them concerning this issue and
they have no clue. They basically play the card, saying it is a Windows
issue.

I would really like to know what exactly happens when IAS is implemented
using Peap-MSCHAPv2. I have researched thoroughly and do not quite understand
why the device requires the certificate.

If certificate services is required, then why did RADIUS authentication work
fine without it in my domain? Maybe someone else will reply to this thread.
Thanks for the help.

"Mark Gamache" wrote:

> You actually have me stumped on the first part. There are times when
> windows services will generate self signed certs if needed, but I didn't
> think IAS would. You can use MMC to look at the computer's certificate
> store and see where the cert came from. I'd be curious to know.
>
> As for the PPC 2003. I'm not familiar enough with the device. I know if
> you use the Aegis client, PEAP will work with certs or username password. I
> assumed you had the password option with the native tools. You may want to
> consult the vendor.
>
> Cheers.
>
>
> --
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
>
>
>
> "David" <David@discussions.microsoft.com> wrote in message
> news:A7879FF2-60AA-408F-8A64-8A5B896FF9B0@microsoft.com...
> > Thanks for the info.
> >
> > So where does the cert com from "using TLS"? I implemented 802.1x RADIUS
> > authentication on my domain and did not have a CA installed. All was well
> > with PC's and Laptops. So you are saying that IAS creates its own
> > Certificate
> > without the need for Windows Certificate services installed or existing on
> > the Domain.
> >
> > My other question is why must you have certificate services installed in
> > order to use 802.1x RADIUS authentication on Mobile 2003 PPC. My IPAQ
> > supports PEAP, however once credintials are used, I recieve an error
> > concerning the certificate issued, unless I install a personel certificate
> > on
> > the PPC.
> >
> > Thank you in advance.
> >
> > "Mark Gamache" wrote:
> >
> >> PEAP protects the EAP conversation using a TLS tunnel. It does this by
> >> using the certificate on the IAS server. Once the TLS session is opened,
> >> you can then authenticate inside the tunnel using MS-CHAP v2 (username
> >> password) or via a client cert (TLS). Either works. Additionally, you
> >> can
> >> force the initial protection to validate the IAS server certificate.
> >> This
> >> is vital with wireless, otherwise you cant be sure that you are not being
> >> spoofed by a malicious AP with the same SSID as the one you are looking
> >> for.
> >>
> >> Cheers,
> >>
> >> --
> >> Mark Gamache
> >> Certified Security Solutions
> >> http://www.css-security.com
> >>
> >>
> >>
> >> "David" <David@discussions.microsoft.com> wrote in message
> >> news:E0A32471-11CD-433C-A325-E4AF19AED791@microsoft.com...
> >> >I currently have a RADIUS server (Windows 2003) setup and configure for
> >> >my
> >> > access points on my domain. I connect with PC's or Laptops using PEAP,
> >> > 802.1x
> >> > authentication, AD username and pw.
> >> >
> >> > I have an IPAQ device (HP Windows Mobile 2003) that I finally got
> >> > connected,
> >> > but do not thoroughly understand the requirements. First, why must the
> >> > IPAQ
> >> > have a certificate from the CA in my domain (Which I had to install for
> >> > this
> >> > sole purpose) when my laptops or pc's never required this. What exactly
> >> > is
> >> > the issue, and the difference.
> >> >
> >> > PLease help.
> >> >
> >> > Thanks
> >> >
> >> > dw
> >>
> >>
> >>
>
>
>

Next message: David: "Does WINDOWS 2003 IAS require Certificate services"
Previous message: Timo: "Locking down IAS and NAS"
In reply to: Mark Gamache: "Re: Mobile 2003 Radius authentication requirements"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Certificate Services fails to start
... However for the certificate services has corrupted, ... For now the certificate service is running properly, ... Microsoft CSS Online Newsgroup Support ... If you see a User DSN named CertSrv that is using the Access database, ...
(microsoft.public.windows.server.sbs)
Re: Certificate Services fails to start
... Under Database, click Select. ... you may need to reinstall the Certificate ... Backup the CA private key, certificate, and database. ... Uninstall Certificate Services. ...
(microsoft.public.windows.server.sbs)
Re: Certificate Services fails to start
... Microsoft CSS Online Newsgroup Support ... certificate service is now running. ... However for the certificate services has corrupted, ... >>Please follow below steps to try to resolve the issue: ...
(microsoft.public.windows.server.sbs)
Re: Questions
... deployment tool and certificate services. ... we do have more convenient means to create server /client certificate ...
(microsoft.public.dotnet.framework.webservices)
RE: Certificate Services
... out after install Certificate Services on SBS 2K3 Server. ... 262262 "Unexpected Error" When Attempting to Use the Smart Card Enrollment ... To install certificate services on the SBS 2003 box. ...
(microsoft.public.windows.server.sbs)