Re: Anyone got 802.1x working on a wireless network?
- From: "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 7 Mar 2006 18:26:27 -0500
Sorry I missed this when you posted it. I'm wrestling with the same thing
myself. Let me give you a few pointers and if you're still watching this
thread post back:
- Probably the best step-by-step guide is in the SBS Admin Companion book by
Jason Gerend from MS Press. It appears that there's a second edition coming
out around now that's probably worth waiting for - the original was pre-SP1.
Owen Williams, who posts here, wrote a great step-by-step guide, but it's
not currently available on the web AFAIK.
- All your hardware, software, and drivers need to support WPA plus the
authentication you're using (TKIP is always supported, AES may or may not
be). The group policy for WS03 apparently won't let you choose WPA2, which
is AES and better than regular WPA. I'm surprised by this and would like to
find out I'm wrong, but I have not been able to see any way to enable WPA2
in a WS03 GPO.
- XP SP2 and WS03 (or SBS) SP1 should get you up to speed as far as Windows
goes. As for your wireless NIC, see if you can choose WPA manually. If
not, you need new NIC drivers. You also need to be able to support "WPA
with RADIUS" or something similarly named in the wireless access point.
- One of my problems is that the GPO will let me choose WPA with AES, but my
access point will only let me choose WPA with TKIP or WPA2 with AES. So the
laptop gets configured with WPA with AES, which prevents it from connecting
to the WAP. So I have to get everything set to WPA with TKIP because the
access point won't accept WPA with AES. Short answer - everything has to
agree.
- ISA 2004 can block some of the things you're relying on. Specifically,
certificate auto enrollment will fail. I'm told that if you install the ISA
patch from KB 897716 or SP2, and turn off strict RPC compliance, auto
enrollment will work. I'll be trying that this evening.
- One thing I do have working is that my WAP is connecting with IAS OK. I
see that in both the IAS log and the WAP log. If you're not getting a log
entry from the WAP's fixed IP, you've got a RADIUS issue. One suggestion
for that would be to try a shorter key (maybe 20 characters). If you're
generating a random "shared secret" and pasting it into the IAS and WAP
settings, that could be part of the problem if the key is longer than the
WAP will accept and it's getting truncated not to match that in IAS.
If you have other questions after reading all this, please post back.
"Karl Middleton" <nospam@xxxxxxxxxx> wrote in message
news:Osb6auzPGHA.1696@xxxxxxxxxxxxxxxxxxxxxxx
Good afternoon NG,
Has anyone out there in SBS world ever got 802.1x PEAP working for their
SBS network? Does anyone know of an idiotproof step by step guide that is
proven to work?
I have followed the sequence of events to the letter on Technet at
http://go.microsoft.com/fwlink/?LinkId=49453 but without success.
I have tried it with both a Belkin F1PI241EGau and a D-Link DWL2100Ap
wireless access point without success.
I am not sufficiently familiar with Certificate Authority or IAS to fully
understand what the Technet article is telling me to do.
If I turn off the 802.1x I can get the group policy objects detailed in
the Technet article to "autoconfigure" the wireless client so that part
appears to be working.
If I turn 802.1x back on, I can't see the wireless AP issuing a RADIUS
request on the server in the IAS logs or using Network Monitor.
If anyone has a good article I can refer to, I would be very grateful.
Best Regards
Karl from Oz
.
- Follow-Ups:
- Re: Anyone got 802.1x working on a wireless network?
- From: Karl Middleton
- Re: Anyone got 802.1x working on a wireless network?
- References:
- Anyone got 802.1x working on a wireless network?
- From: Karl Middleton
- Anyone got 802.1x working on a wireless network?
- Prev by Date: Re: How do you open port 110?
- Next by Date: Re: Blackberry or WindowsMobile?
- Previous by thread: Anyone got 802.1x working on a wireless network?
- Next by thread: Re: Anyone got 802.1x working on a wireless network?
- Index(es):
Relevant Pages
|
