+ Post New Thread
Results 1 to 6 of 6
Network and Classroom Management Thread, Authenticating Non domain machines on a RADIUS wireless system using IAS. in Technical; I've got RADIUS authentication successfully working on our domain now, and it's been happily managing our wireless system for the ...
  1. #1

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,069
    Thank Post
    210
    Thanked 430 Times in 310 Posts
    Rep Power
    144

    Authenticating Non domain machines on a RADIUS wireless system using IAS.

    I've got RADIUS authentication successfully working on our domain now, and it's been happily managing our wireless system for the last 3 months now. However, one of the things I've been unable to do is to get non-domain devices to authenticate to the wireless system using certificates or simelar, because quite honestly I have no idea how to get this to work!

    At the moment our RADIUS system is using IAS on windows 2000 to provide it's authentication and the clients are set up to use WPA/TKIP and PEAP for authentication. It works flawlessly as it is, but obviously that type of authentication is no good if the devices aren't part of the domain.

    Is there a guide anywhere that someone could point me to that will tell me to also use a certificate authentication using IAS so I can authenticate non-domain machines to allow me to add a few items to the wireless system that I need to? I've tried googling, but I can't find the right information, I'm assuming of course that this is possible, if it isn't then so be it, but I'm sure it is.

    Many thanks,

    Mike.

    P.S I don't want to turn on user authentication on IAS as it would then allow kids with wi-fi enabled devices to connect to our system without us knowing. I want to find a way of using certificates if possible so we can control who has access.

  2. #2

    Join Date
    May 2009
    Location
    UK
    Posts
    107
    Thank Post
    3
    Thanked 10 Times in 10 Posts
    Rep Power
    12
    i have a Radius setup at the school im in now, it has a WPA key which i just add to anything not on the domain when i need it to access the network as you would normally.

    my laptop in used in all my schools to i enter the WPA key for each school so i can use the network etc, it's no different in the Radius school, it just see's the wireless network and ask's for the key(for new devices).

  3. #3
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    40
    We have just setup WPA/IAS Radius with certificates My techie was a bit miffed that he couldn't access the network from his phone/pda to retrieve emails. A bit of digging around for that particular phone and how to import certs to it solved the problem. Basially each device needs to be able to import the cert and normally this will have to be done manually.

  4. #4
    maestromasada's Avatar
    Join Date
    Apr 2009
    Posts
    166
    Thank Post
    93
    Thanked 14 Times in 13 Posts
    Rep Power
    13
    ey guys, I know this post is 3 years old, but I've got exactly the same problem as described by maniac: my non-domain laptops cant' authenticate to our WPA-TPKI wireless network, how do you fix it? I have manually imported the certificate from the trusted CA into the machine, but the IAS still gives access denied to the non-domain laptops saying that the specified user account does not exist (I'm using machines authentication only)

    Any help you could provide will be greatly appreciated, this thing is driving me mad!!

  5. #5

    Join Date
    May 2011
    Posts
    1
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    In order to join non-domain devices to your network, you have to achieve one of the following:

    1. Supply the certificate used for authentication and install it in the "trusted root certification authorities" store if it's a windows device.

    2. Uncheck the box that says "Validate Server Certificate" in the PEAP settings... Make sure you're using Microsoft: Protected EAP(PEAP) and not "smartcard or other certificate".

    Thanks,
    Tony

  6. Thanks to tadavis from:

    maniac (11th May 2011)

  7. #6

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,069
    Thank Post
    210
    Thanked 430 Times in 310 Posts
    Rep Power
    144
    I gave up with this in the end, and created a new user group for 'guest wireless users' and setup a new rule in IAS to auththenticate this group without the use of certificates. Not quite a high security, but it works.

    We only have a few users requesting this access so it was the easiest option in the end.

    Thanks for your reply thou @tadavis.

    Mike.

SHARE:
+ Post New Thread

Similar Threads

  1. RADIUS and IAS
    By HodgeHi in forum Wireless Networks
    Replies: 98
    Last Post: 30th April 2009, 10:39 AM
  2. Troubleshooting a RADIUS wireless lan
    By maniac in forum Wireless Networks
    Replies: 8
    Last Post: 23rd October 2008, 09:10 AM
  3. Wireless and RADIUS
    By jamin100 in forum Wireless Networks
    Replies: 8
    Last Post: 22nd July 2008, 10:50 PM
  4. Wireless 802.1x RADIUS authentication using IAS server
    By spc-rocket in forum Wireless Networks
    Replies: 0
    Last Post: 3rd January 2008, 06:15 PM
  5. Problem accessing machines from a sub-domain
    By mark in forum Wireless Networks
    Replies: 13
    Last Post: 22nd August 2005, 03:52 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •