Re: IAS and Wireless

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Tony Su (anonymous_at_discussions.microsoft.com)
Date: 03/26/04 

Date: Fri, 26 Mar 2004 02:36:10 -0800

Unless this is a new development, it's my understanding
that MS supports only EAP.

Somewhere there is a list of hardware which supports
Microsoft EAP (the other main implementation is Cisco
PEAP).

Two manufacturers I know support Microsoft's
implementation are Sonicwall and Lucent/Proxim/Orinotco.

Tony Su

>-----Original Message-----
>Brandon,
>
>That will depend on the device's capabilities you will
need/want to access
>the access point. As well as, what capabilities do you
need for the users..
>For example... you may want to allow a user, once
authenticated, access to
>the wireless network, but not allow the device itself to
authenticate on
>it's own so that any one could use the device
wirelessly.. In this
>example, if you were using PEAP-MSCHAPv2 you could allow
the users access,
>but not have say the laptops that are a member of the
domain to authenticate
>using their machine account. Where the user could boot
up the device and
>logon locally, but wouldn't have access to the wireless
net until providing
>credentials, however, in this example, the user would not
be domain
>validated as far as the client OS (XP for example) is
concerned... If you
>allowed the machine account to authenticate then users
should be able logon
>to the domain over the wireless network. If you wanted
to use say
>PEAP-TLS, then you would need to have certificate(s) to
use for the devices
>and/or users.
>
>Course you will also need to verify/know whether or not
your access point
>supports 802.1x authentication.. You may want to start
with using WPA and
>802.1x with PEAP-MSCHAPv2 to test.
>
>
>--
>
>Hope that helps,
>David Copeland
>Microsoft Small Business Server Support
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>Newsgroups:
>SBS v4.x : microsoft.public.backoffice.smallbiz
>SBS 2000: microsoft.public.backoffice.smallbiz2000
>SBS 2003: microsoft.public.windows.server.sbs
>
>
>"Brandon S." <bsmith@presentationsdirect.nospam.com>
wrote in message
>news:OHDhI4qEEHA.2076@TK2MSFTNGP09.phx.gbl...
>> I'm wanting to use IAS to protect a wireless access
point. What is the
>> best
>> authentication method to use for this (peap, eap, etc.)?
>>
>> --
>> Brandon
>> IT Director
>> Presentations Direct - Office Equipment & Supplies
>> http://www.presentationsdirect.com
>>
>>
>
>
>.
>

Relevant Pages

  • Re: PEAP-TLS vs EAP-TLS
    ... -- IEEE 802.11 Wireless LAN Security with Microsoft Windows), ... in the PEAP-MS-CHAP v2 Authentication section: ... Although EAP provides authentication flexibility through the use of EAP ...
    (microsoft.public.windows.server.security)
  • OT: Problems with radiusd and EAP-PEAP
    ... I keep trying in order to radius authenticate and authorize users from XP. ... Module: Loaded eap ... leaving group authorize for request 0 ...
    (Debian-User)
  • OT:Problems with radiusd and EAP-PEAP
    ... I keep trying in order to radius authenticate and authorize users ... Module: Loaded eap ... leaving group authorize for request 0 ...
    (Ubuntu)
  • Re: IAS and Wireless
    ... what capabilities do you need for the users.. ... but not have say the laptops that are a member of the domain to authenticate ... but wouldn't have access to the wireless net until providing ... SBS v4.x: microsoft.public.backoffice.smallbiz SBS 2000: microsoft.public.backoffice.smallbiz2000 SBS 2003: microsoft.public.windows.server.sbs "Brandon S." ...
    (microsoft.public.windows.server.sbs)
  • Re: help with server config
    ... Wireless cards can complicate a things a bit in that often the wireless ... the startup process [both computer and user authenticate to the domain]. ... resources until a domain controller can be contacted which it usually can be ... > in one) and am using 1 PCI wireless NIC in the server. ...
    (microsoft.public.cert.exam.mcse)