Re: Wireless AP wants Radius Server, advice?
From: Gary V. (GaryV_at_discussions.microsoft.com)
Date: 01/13/05
- Next message: Brennon Bortz: "Re: POP3 Headaches"
- Previous message: Jimmy: "How I can access Server by using Web access"
- In reply to: Stuart Mackie [MCP, MSP]: "Re: Wireless AP wants Radius Server, advice?"
- Next in thread: Stuart Mackie [MCP, MSP]: "Re: Wireless AP wants Radius Server, advice?"
- Reply: Stuart Mackie [MCP, MSP]: "Re: Wireless AP wants Radius Server, advice?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 12 Jan 2005 20:25:03 -0800
1st thanks! I read the Windows Server 2003 wireless test lab guild. Simple
enough, I could walk through the server, ap, and cleint part then that would
secure the wireless network, both client to server and client to ap? Also SBS
is based on server 03 std, is all the ias and cert install miss with anything
with the wizards and SBS stuff? I would also expect I would inable WPA and
not WEP? In the setup with PEAP, does the windows domain logon take care of
the wireless authintication? I don't want the end user to have to logon
twice. What about WPA2 if the ap can upgrad firmware to support it does that
affect the server setup or is that a ap to client security messure? One last
one for now, I don't want the end users to have to pick what wireless network
to conect to, can I configure it so it the wireless network is there it just
conects just like being pluged into a wired lan?
for background info the wireless clients are going to be in our warehouse
running a pricing application i have made for them. They are touch monitor
driving and therefore do not have keyboards or mice. So the users don't have
to know anything at all about computers or logins, they just touch a price
and out pops the tag. I'm haveing the puter auto login on bootup into a very
tightly secured user profile.
Thanks again for all your time and help.
"Stuart Mackie [MCP, MSP]" wrote:
> No problem. I'll watch this topic so if you have any problems or aren't
> sure of something please post back and I'll try and help.
>
> --
> Stuart Mackie [MCP, MSP]
> www.stu.uk.com
>
>
> "Gary V." <GaryV@discussions.microsoft.com> wrote in message
> news:65D6CD13-91A6-4150-B7E1-754E4D487D2F@microsoft.com...
> > Very Cool! Thanks for all your help and direction pointing. Now I got lots
> > to
> > read on my lunch break.
> >
> > "Stuart Mackie [MCP, MSP]" wrote:
> >
> >> Hi Gary, no problem, if everyone knew everything it wouldn't be any fun
> >> :)
> >>
> >> EAP-PEAP, EAP-TLS, EAP-TTLS all provide secure authentication between the
> >> client and server. PEAP and TTLS are the best two options of the three.
> >> TLS transmits parts of the authentication in clear text making it
> >> vulnerable. PEAP and TTLS were both developed to resolve this problem by
> >> first creating an encrypted tunnel before any communications take place.
> >> Radius accomodates the various authentication protocols.
> >>
> >> EAP-PEAP and EAP-TTLS require your server to have a Certificate which is
> >> installed on each client. It is optional whether you install a
> >> certificate
> >> on each client. EAP-TLS required both the client and server to have
> >> certificates. The links below (the O'Reilly link should have most of the
> >> information you need) covers the various authentication types and
> >> explains
> >> their differences.
> >>
> >> Personally I would use EAP-PEAP or EAP-TTLS with a Server Certificate,
> >> avoid
> >> TLS. The second link on my last email
> >> (http://wireless.dweezle.org/Docs/IAS2003config.pdf) includes configuring
> >> PEAP as part of the test lab environment.
> >>
> >>
> >> O'Reilly Explanation of the three above protocols :
> >> http://www.oreillynet.com/pub/a/wireless/2002/10/17/peap.html
> >>
> >> iLabs Comparison (very similar to O'Reilly)
> >> http://www.ilabs.interop.net/WLANSec/TTLS-PEAP-lv03.pdf
> >>
> >> Microsoft Document explaining Authentication Protocols
> >> http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prcg_cnd_pysl.asp
> >>
> >> Cisco Presentation (Very basic information)
> >> http://www.cisco.com/application/pdf/en/us/guest/products/ps430/c1161/ccmigration_09186a00800fb7db.pdf
> >>
> >>
> >> --
> >> Hth,
> >> Stuart Mackie [MCP, MSP]
> >> www.stu.uk.com
> >>
> >>
> >> "Gary V." <GaryV@discussions.microsoft.com> wrote in message
> >> news:870A398C-E304-495D-B279-A45B1B439C83@microsoft.com...
> >> > You know that is a very good question, and brings to light that I have
> >> > no
> >> > idea! Now that is a bad thing for the admin to say. What would you
> >> > suggest? I
> >> > though that is what the IAS/Radius server did? or are you talking about
> >> > the
> >> > auth between the terminals and AP? But I honestly dont know, someone
> >> > please
> >> > help. Thanks for your help. I'll read both links. Thanks.
> >> >
> >> > "Stuart Mackie [MCP, MSP]" wrote:
> >> >
> >> >> Hi Gary. Yes you can use IAS for Radius, and as you've said it would
> >> >> be
> >> >> more efficient to use IAS since you wouldn't have to reproduce all you
> >> >> users
> >> >> accounts on the Dlink AP. The first link below has a basic run
> >> >> through
> >> >> of
> >> >> configuring IAS as a Radius Server for Wireless clients. The second
> >> >> link
> >> >> is
> >> >> an MS document which has a full explanation on creating a secure
> >> >> wireless
> >> >> environment using ISA on Win2k3 (test lab example) [second link is
> >> >> best]
> >> >>
> >> >> http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_ias_depl_wap.asp
> >> >>
> >> >> http://wireless.dweezle.org/Docs/IAS2003config.pdf
> >> >>
> >> >>
> >> >> What are you planning on using for authentication e.g. PEAP, EAP-TTLS
> >> >> etc
> >> >> ?
> >> >>
> >> >> --
> >> >> Hth,
> >> >> Stuart Mackie [MCP, MSP]
> >> >> www.stu.uk.com
> >> >>
> >> >>
> >> >> "Gary V." <GaryV@discussions.microsoft.com> wrote in message
> >> >> news:90F32484-7E94-417B-A6DE-A35CDE50134D@microsoft.com...
> >> >> > Got some questions. Our SBS 2003 server is in our warehouse. I'm
> >> >> > putting
> >> >> > some
> >> >> > wireless AP in the rafters to cover the warehouse and some mobile
> >> >> > terminals.
> >> >> > Reading through the AP's manual they recommend for the best
> >> >> > security,
> >> >> > WPA
> >> >> > with Radius CCMP (AES) and TKIP. The AP (Dlink DWL-2210AP) has an
> >> >> > onboard
> >> >> > Radius server but that would require me to add users to the AP, I
> >> >> > don't
> >> >> > want
> >> >> > to have to do that. However you can also specify the ip address of
> >> >> > your
> >> >> > Radius server. My question, does/is SBS 2003 Prem a Radius server?
> >> >> > Does
> >> >> > IAS
> >> >> > (Not ISA) count as a Radius server? There is also a WPA-PSK that is
> >> >> > the
> >> >> > 2nd
> >> >> > recommendation for security on the wireless network, but they
> >> >> > recommend
> >> >> > using
> >> >> > the built in Radius server over the PSK option. Thanks for any input
> >> >> > or
> >> >> > any
> >> >> > setups that you all have used for security on a wireless network.
> >> >> >
> >> >> > PS. I would rather have it all be wired but they do want the
> >> >> > mobility
> >> >> >
> >> >> > Thanks Gary V.
> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
- Next message: Brennon Bortz: "Re: POP3 Headaches"
- Previous message: Jimmy: "How I can access Server by using Web access"
- In reply to: Stuart Mackie [MCP, MSP]: "Re: Wireless AP wants Radius Server, advice?"
- Next in thread: Stuart Mackie [MCP, MSP]: "Re: Wireless AP wants Radius Server, advice?"
- Reply: Stuart Mackie [MCP, MSP]: "Re: Wireless AP wants Radius Server, advice?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
