Re: 802.1x wireless lan how to?

Hi, Dave. Sorry I missed this thread until now. Thanks for helping
Gary.

Thanks for the kind words about my docs. I always look forward to
feedback from others who have tried the methodology, both kudos and
constructive criticisms. I intend to update the docs as necessary,
especially if errors are found.

RE: I just got ISA 2004 to allow certificate auto enrollment after a
couple of days of battle.

I have been waiting for someone would try this. I have not been in a
position to test the methodology with ISA (either 2000 or 2004),
although I know it works fine with the Basic Firewall. When I gave the
Powerpoint presentation to a small group last summer, no one attending
was using ISA, although there were a few questions about what effect it
had on the methodology.

From your post, it sounds like the following ISA2004 mod is required:

- R-click Firewall in the left pane -> Edit System Policy.
- Choose Active Directory and clear the checkbox (leave the one
that says Enable, clear the one that says strict rpc).
- R-click the protected networks rule -> configure RPC and clear
it there too.

And if autoenrollment still doesn't work, apply KB897716.

Is that right? If so, I will make some updates to my docs.

RE: I think Owen's paper is incorrect and IAS logging is enabled by
default

Thanks, I'll check this. Luckily, that's the one part of the
methodology that doesn't affect the operation of the wireless network.

RE: BTW, it seems that if you have a certificate issue while everything
else is working OK, the client PC will give you a clear error indicating
that when it tries to connect.

Confirmed. I have seen this as well.

In addition to being a diagnostic, it can be used as one test to verify
a network is properly secured. For example, I can take my laptop -
which is set to autoconnect to my own wireless network - to a client's
site configured for 802.1x. My laptop does not have a domain account
nor a certificate from that SBS. The laptop sees the client's network
and attempts to connect, but I get a certificate error pop-up, which
confirms I have not been allowed in.

RE: I'll let you know what I find that differs from Owen's article.

Please do so I can make changes if necessary.

RE: As for Owen's doc, so far I've found him to be right on the money.

Thanks again. I've believed for a long time this was something the SBS
community wanted. I'm glad people are using it and finding that it
works.

-- Owen Williams
.

Relevant Pages

  • Re: 802.1X help needed
    ... the wireless network. ... Normally when I setup windows, I clear the checkbox on the ... the server into the wireless for the laptop. ... The certificate does show, but on the server side I have ...
    (microsoft.public.windows.server.sbs)
  • Re: tired of freezing to death outdoors!!- help!
    ... > The advert literature does not state the broadcast range of the remote ... > to increase the broadcast range of the the remote laptop, ... > laptop with the wireless network card, ... my own software for telescope control. ...
    (sci.astro.amateur)
  • Re: NTFS File Encryption Question
    ... Unfortunately, they are not written in "novice english", but it's supposed to be possible to import the certificate and key and then be able to decrypt the file on another computer. ... I need to be able to move that USB drive to my laptop and be able to access the EFS encrypted files on the laptop. ... I have attempted to export the certificate and keys from the desktop and import them onto the laptop. ... Now, however, I wanted to be able to read those with my laptop, so I thought I would export the encryption keys to a ".pfx" file, which I did and put on the FAT partition, protected with a password. ...
    (microsoft.public.windowsxp.general)
  • Re: ? for notebook users
    ... I didn't mind the laptop being slow, but it also slowed down my two desktop computers. ... I think for my intended use, for Martha to use to study and for me to check mail and eBay when traveling, it will be okay. ... The wireless network is running at 54 something or other. ... One other issue could be the amount of RAM installed. ...
    (sci.med.transcription)
  • Re: Outlook over internet RPC not working
    ... Purely anecdotally, I've found that in the absence of a different, obvious cause, it's the certificate. ... Since you've already compared the settings against the working laptop, I'd try checking to see that they both have the same certificate, and then regardless of the configuration on the working machine, install the certificate into Trusted Root Certification Authorities on the one that's acting up. ... Have you installed the SBS self signed cert on the troublesome laptop by ...
    (microsoft.public.windows.server.sbs)