Re: Create a wireless domain?
- From: "James McIllece [MS]" <jamesmci@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 01 Jun 2005 13:42:30 -0700
=?Utf-8?B?V2VidGVjaGll?= <Webtechie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:9236C497-2494-48A8-820D-D1F96C101D55@xxxxxxxxxxxxx:
> I searched the posts and didn't see this question, so I apologize if
> it has been asked already.
>
> I have an office building with three rooms spread out and not next to
> each other. I want to create network for the pcs. I will load
> windows server and create a domain controller. There will be no
> internet connectivity. Can I wirelessly add pcs? Set a router on
> domain controller and then add pcs with wireless usb devices and a
> couple access points?
>
> Do I need to string wire throughout the place (which would be a pain).
>
> Thanks,
>
> Tony
>
As Robert said, you can do this. You only need to run cable between the
access points and the server.
As Robert also mentioned, security is a concern -- so you should use PEAP-
MS-CHAP v2 as the authentication method for clients.
For details on this authentication method, see "The Advantages of Protected
Extensible Authentication Protocol (PEAP): A Standard Approach to User
Authentication for IEEE 802.11 Wireless Network Access"
http://www.microsoft.com/windowsserver2003/techinfo/overview/peap.mspx
In general/overview, you need to do the following to use this
authentication method (which uses a server certificate but allows users to
log on securely with user names and passwords):
Purchase access points that are compatible with 802.1X and RADIUS.
Install Active Directory and DNS on the server. Raise the domain functional
level to Windows 2000 native or Windows Server 2003 (preferred, but only do
this if all of your domain controllers/global catalogue servers are WS03).
Create user accounts for each user and set the remote access permission
setting on the user accounts to "Control access through remote access
policy."
Also install Internet Authentication Service (which is Microsoft RADIUS).
Add each wireless access point as a RADIUS client in IAS. Create a secure
wireless remote access policy using the instructions in the IAS Help. For
details see "Enterprise Deployment of Secure 802.11 Networks Using
Microsoft Windows" at
http://www.microsoft.com/windowsserver2003/technologies/ias/default.mspx
Obtain a server certificate from Verisign or another public trusted root CA
that the clients already trust. See "Obtaining and Installing a VeriSign
WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication" at
http://www.microsoft.com/downloads/details.aspx?FamilyID=1971d43c-d2d9-
408d-bd97-139afc60996b&DisplayLang=en
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Prev by Date: Re: basic firewall: how to unblock services for a second IP address
- Next by Date: Re: Users unable to access network share via vpn
- Previous by thread: Re: basic firewall: how to unblock services for a second IP address
- Next by thread: Re: Users unable to access network share via vpn
- Index(es):
Relevant Pages
|
