Re: Wireless Radius Clients
- From: "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
- Date: Wed, 8 Mar 2006 01:35:45 -0500
In news:8F814973-64C4-4070-B024-74A9D660E7E9@xxxxxxxxxxxxx,
Steven <Steven@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I commented on
below:
Hello MVP,
I am setting up a Wireless Network and trying to take advantage of
IAS with EAP-TLS in Windows Server 2003. The client is prompted for a
cert but when I select the cert it just tries and tries then prompts
me again. This continues....
I have a linksys wrk54g using WPA - Radius. I have both user certs and
computer certs on the client. I have a computer cert on the IAS
server. Auto entrollment is working as it should.
Note: I am using L2TP/IPsec successfully over the same Windows
system. Also note that currently I am having to just use WEP which
hopefully is just temporary.
Any help would be greatly apprciated.
I just did this recently using a Cisco Aironet 1231 and it's still pretty
fresh in my mind. I didn't use WEP, not necessary since I used WPA and
TKIP.Works great.
I'm assuming you used a Windows 2003 Enterprise for the CA to give you the
ability to duplicate the User and Computer certs to create your
autoenrollment certs, and in the certs, you are allowing user and computer
certs to login.
From what you've posted, if you've verified by checking the workstation(certifcates snap-in) that it has received a cert thru autoenrollment, and
depending on how the clients wireless interfaces are setup, whether static
settings or controlling the clients thru a GPO, it should pretty much work.
Are you using a GPO for a wireless policy? If so, what do you have set in
there as far as the client settings (WPA, WEP, SSID, etc)?
Is the key length on the CA and the certs no larger than 1024? Cisco, and
what I understand many others, do not support keys larger than 1024. If it
keeps prompting you for the cert, than that may be a better guess as to why
this is happening.
Make sure your RADIUS Linksys client and IAS server shared secrets match.
(You'd be suprised how this one can be easily overlooked).
Did you create an IAS policy to allow 802.1?
Controlling access by groups in the IAS policy? If so, are the users part of
that group?
What do the ISA logs, ISA server and client Event viewer logs, and possibly
the Linksys logs say? Any errors on the Event logs on the CA?
Sorry for all the questions, too many places this can go wrong, and need to
narrow it down.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile
Infinite Diversities in Infinite Combinations
"Very funny Scotty. Now, beam down my clothes."
The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy.
.
- Follow-Ups:
- Re: Wireless Radius Clients
- From: Steven
- Re: Wireless Radius Clients
- Prev by Date: Re: Server login via LAN...
- Next by Date: Re: WINS
- Previous by thread: Re: Server login via LAN...
- Next by thread: Re: Wireless Radius Clients
- Index(es):
Relevant Pages
|
