Re: RADIUS and Certs
- From: Sudhakar Pasupuleti <sudpas@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 3 May 2006 14:51:02 -0700
Another option is to buy comercial certificates from third parties. That
might not be bad idea if you want to get away with maintanence problems with
CAs.
--
Thanks,
Sudhakar
"James McIllece [MS]" wrote:
=?Utf-8?B?bmVzZG9n?= <nesdog@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in.
news:15CD5AD0-71AD-49C1-844E-404C5AA01B20@xxxxxxxxxxxxx:
Hi,
Currently, I have several Cisco AP's that use Open Auth. and are
configured to pass information to a Free RADIUS server that has a list
of MAC addresses we allow for wireless cards. I'd like to switch to
IAS on our Windows 2003 server so we can use AD and stop having to
track MAC addresses.
The first thing I notice is that the D-Link AP we are testing doesn't
even allow using Open/RADIUS; there is no option for this. The only
way I can specify a RADIUS server is by selecting WPA [orig or ver2]
and then MS-Chap, etc. Of course if I do that, then I need a
certificate authority.
We are a Windows 2000 domain with W2003 member servers. Is there any
problem with my setting up an enterprise CA on one of the member
servers for testing purposes? I think I can always blow that out later
by just uninstalling the CA? but I don't want to mess something up
within our production network.
I'm planning on using a setup guide from MSFT called Securing Wireless
with PEAP....to see if this works.
Thanks!
Sheldon
Hi Sheldon --
If you install a CA on your production network you won't be able to easily
undo what you have done -- it will create a very undesirable situation for
you. Once you install an Enterprise CA with Cert Services you can't
uninstall it that easily. And if you allow it to issue certs to clients
that you later need to revoke...well let's just say you don't want to do
this. Installing a CA is a permanent gesture.
The only safe way to do what you are discussing is to deploy a CA on a test
network.
The best deployment guides that I know are:
"Enterprise Deployment of Secure 802.11 Networks Using Microsoft Windows"
at http://www.microsoft.com/windowsserver2003/technologies/ias/default.mspx
and
"Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home
Office or Small Organization Networks" at
http://www.microsoft.com/downloads/details.aspx?familyid=269902e8-fc41-
4eb1-9374-44612e64f0fb&displaylang=en
It will also be helpful to read the Help topic "Network access
authentication and certificates" in Windows Server 2003 IAS or VPN Help, or
on the web at
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
- References:
- Re: RADIUS and Certs
- From: James McIllece [MS]
- Re: RADIUS and Certs
- Prev by Date: Re: IAS Basic AD Question
- Next by Date: Some basic advice needed: RADIUS "light"
- Previous by thread: Re: RADIUS and Certs
- Next by thread: Some basic advice needed: RADIUS "light"
- Index(es):
Relevant Pages
|
