Re: 802.1X help needed
- From: "Andy" <ajj3085@xxxxxxxxxxxx>
- Date: 1 Dec 2006 17:31:32 -0800
Owen,
I'm trying again with my new router. I'm back to getting an
Authentication Error.
Vortex is the SBS server, hellknight is the laptop.
The IAS logs look like something is happening with hellknight, although
I can't figure out what. The logs on hellknight indicate the the
domain contorller can't be contacted, and that auto-enrollment is
failing. I'm guessing that's the source of my problem, but I'm not
sure what would be causing that to fail.
Andy
Owen wrote:
In article <1164801572.083588.264980@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
ajj3085@xxxxxxxxxxxx says...
Thanks for sticking with me. The vortex certificate does appear to be
on the laptop, although I'm not sure which one it is.
Am I correct in assuming that the GPO settings will be 'setup' on the
laptop? If so, how does the laptop get to vortex if it hasn't yet
authenticated?
I thought "vortex" was the laptop, but is it actually the SBS?
If so, the certificate you are seeing is probably the Domain Controller
certificate. You should also have a (different but similar)
certificate: the self-signed one created as part of the CEICW. This is
probably why you see 2 "vortex" certificates.
You still need a computer certificate for the laptop. "Automatic
Certificate Request Settings" is configured in the wireless GPO to make
this happen.
The laptop (briefly) "gets to" the SBS during the authentication
process. More specifically, credentials are sent to Internet
Authentication Service (Microsoft's RADIUS) on the SBS. The WAP
mediates this information exchange which is why it must be configured to
talk to a RADIUS server. IAS determines whether the credentials passed
to it are valid. The credentials include the wireless computer name
(there must be a matching computer account on the SBS) and the wireless
computer certificate (it must be valid).
Just curious to know how the settings on the laptop should work (or if
they should seem unchanged). At this point my new WAP arrives
tomorrow, so I'm not going to futz with the old on anymore... but
knowing how things should look on the laptop should help me if I have
problems with the new WAP.
I _strongly_ recommend that you start from scratch with the new WAP and
closely follow the steps in my docs. The most common reason the secure
wireless network fails to work is a configuration error - a step is
skipped or something is not configured correctly. As you know, there
are a LOT of steps and it's important that you get all of them right.
If you do, there is a very good chance secure wireless will work on the
first try.
-- Owen Williams (SBS MVP)
.
- Follow-Ups:
- Re: 802.1X help needed
- From: Andy
- Re: 802.1X help needed
- References:
- Re: 802.1X help needed
- From: Andy
- Re: 802.1X help needed
- From: Owen Williams [SBS MVP]
- Re: 802.1X help needed
- Prev by Date: Re: 802.1X help needed
- Next by Date: Re: Verizon Q
- Previous by thread: Re: 802.1X help needed
- Next by thread: Re: 802.1X help needed
- Index(es):
Relevant Pages
|
