Re: IAS - Security template for WAP, PEAP
- From: "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
- Date: Tue, 31 Jan 2006 01:01:46 -0500
In news:eTthXBdJGHA.3492@xxxxxxxxxxxxxxxxxxxx,
Fredrick A. Zilz <fzilz@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I commented
on below:
> I changed my security template, and lost the ability for my wireless
> clients to authenticate. I use WAP, PEAP with certificates generated
> by my in house Windows 2003 cert server.
>
> Is there an example template somewhere of what security settings need
> to be applied. My IAS server is a DC.
>
> Currently my wireless clients see my wireless network, connect, but
> then they sit for an extended period of time attempting to "validate
> identity" eventually failing and the connection is ended.
>
> I can go back to my old template, but I would prefer to understand the
> security template better and what needs to be enabled / disabled in
> order to make this work. I have gone through the security wizard a
> number of times, and am not sure what I am missing.
>
> I would be happy to supply more information, as to my configuration,
> etc. All was working well, then I ran the security wizard in order to
> trouble shoot an LDAP issue I was having with another application -
> resolved that and lost my RPC for exchange and my authentication for
> my wireless. Corrected the RPC issue, but have not been able to
> figure out what is missing for WAP PEAP.
>
> Thanks.
I think if you can reapply the old template first to get you working.
My first thought is to think the template you applied included an IPSec
policy preventing this machine from communicating with others. Keep in mind,
if you apply a policy to one machine with restrictions, you need to apply
similar settings for all other machines to follow, such as in a GPO. Keep in
mind the sec templates can actually be applied as part of a GPO, under
Windows Settings, rt-click Security Settings, and choose to import. Be
careful and test this out with a test machine in a test OU.
Read this article on how templates work.
Overview to the Windows Server 2003 Security Guide:
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
And run the Security and Analysis snapin to find out what exactly got
changed:
Security Configuration Tool Set in Windows 2000 and 2003:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/seconfig.mspx
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
Not sure how? It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile.
Infinite Diversities in Infinite Combinations.
The only thing in life is change. Anything less is a blackhole consuming
unnecessary energy.
===========================
.
- References:
- IAS - Security template for WAP, PEAP
- From: Fredrick A. Zilz
- IAS - Security template for WAP, PEAP
- Prev by Date: Re: performance tuning on the TCP and network parameters of W2k and W2
- Next by Date: Re: Port 1723
- Previous by thread: IAS - Security template for WAP, PEAP
- Next by thread: Re: DHCP Client question
- Index(es):
Relevant Pages
|
