Re: IAS as RADIUS
- From: "James McIllece [MS]" <jamesmci@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 07 Sep 2006 15:42:21 -0700
"the" <shirtrippa@xxxxxxxxxxx> wrote in
news:eRRzkvs0GHA.5072@xxxxxxxxxxxxxxxxxxxx:
"James McIllece [MS]" <jamesmci@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:Xns983792BAA6BCBjamesmcionlinemicros@xxxxxxxxxxxxxxxx
"the" <shirtrippa@xxxxxxxxxxx> wrote in
news:eDpR1iq0GHA.2072@xxxxxxxxxxxxxxxxxxxx:
"Neteng" <neteng.ccie@xxxxxxxxx> wrote in message
news:OwW5wEq0GHA.1588@xxxxxxxxxxxxxxxxxxxxxxx
You need to deploy 802.1x. Your switches need to support it and
each client
may need a supplicant. It will not be free by any means and I do
not know of
any free solutions out there.
i thought the client in 802.1x was the supplicant? maybe im going
about this all wrong, so let me simplify this, is there a way to
deny network access to unauthorized users that plug into our
network? We're in a non AD enviroment, have windows and linux
servers, and catalyst 2950 switches.
My impression was all i needed to do was set up my switches to talk
to a RADIUS server, wich i wanted to be IAS since it comes with
windows 2k3, then when someone plugs into an ehternet jack they
would be denied access unless they could provide valid credentials.
What am i really looking at to get this to work?
Yes, you can do this with IAS in Windows Server 2003.
To do so without using AD, you need to create user accounts on the
IAS server in the local Security Accounts Manager database (Local
Users and Computers.)
Your switch must be compatible with both RADIUS and 802.1X, and you
configure the switch as a RADIUS client in IAS.
When you deploy IAS with 802.1X authenticating switches, you must use
the authentication method Extensible Authentication Protocol (EAP)
with Transport Layer Security (TLS), or EAP-TLS.
EAP-TLS requires a server certificate on the IAS server and client
certificates on the client computers.
To deploy certificates, you can use Certificate Services, which is
included
with Windows Server 2003.
The following whitepaper provides information on how to deploy this
solution:
"Deployment of IEEE 802.1X for Wired Networks Using Microsoft
Windows" at
http://www.microsoft.com/downloads/details.aspx?FamilyID=05951071-6b20
- 4cef-9939-47c397ffd3dd&DisplayLang=en
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online
account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no
rights.
Excellent, excellent excellent. thanks so much James, im working on it
now. thanks a ton.
You're welcome. And when you get around to configuring certificate
templates as per the whitepaper, the minimum client and server certificate
configuration requirements are found in this Help topic, "Network access
authentication and certificates" in Windows Server 2003 IAS or VPN Help, or
on the web at
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- IAS as RADIUS
- From: the
- Re: IAS as RADIUS
- From: Neteng
- Re: IAS as RADIUS
- From: the
- Re: IAS as RADIUS
- From: James McIllece [MS]
- Re: IAS as RADIUS
- From: the
- IAS as RADIUS
- Prev by Date: Re: IAS as RADIUS
- Next by Date: Re: Adding Windows XP Client to Windows Server 2003 Domain
- Previous by thread: Re: IAS as RADIUS
- Next by thread: Re: IAS as RADIUS
- Index(es):
Relevant Pages
|
