Wireless authentication to a W2K3 domain

[Ignatius]

I support a small office in a workgroup environment. There's a Windows 2003 server which is a member file server and the clients (approximately 16 and rising) are all XP.

I'm close to persuading them to move to a domain and I'm happy with the configuration processes for the wired network but I've never configured wireless authentication to a domain. The wireless ADSL router is a typical home use Netgear model and it provides DHCP so it all runs itself when the clients associate. I realise that I'll have the Windows 2003 providing DHCP and turn off DHCP on the router, but what other kit would I need?

Is the process of configuring wireless authentication straightforward? Any noobie links? I suspect that someone will yell "Ruckus" but I'd rather do this from scratch myself to "get my hands dirty" and learn the process in Windows 2003.

[glennda]

I support a small office in a workgroup environment. There's a Windows 2003 server which is a member file server and the clients (approximately 16 and rising) are all XP.

I'm close to persuading them to move to a domain and I'm happy with the configuration processes for the wired network but I've never configured wireless authenitication to a domain. The wireless ADSL router is a typical home use Netgear model and it provides DHCP so it all runs itself when the clients associate. I realise that I'll have the Windows 2003 providing DHCP and turn off DHCP on the router, but what other kit would I need?

Is the process of configuring wireless authentication straightforward? Any noobie links? I suspect that someone will yell "Ruckus" but I'd rather do this from scratch myself to "get my hands dirty" and learn the process in Windows 2003.

as long as the laptops have the wireless key in them they will just log in as normal,

enless you want to use AD computer accounts to authenticate then it starts getting complicated, and im guessing you netgear wireless point isn't designed for it so probly won't support it ( i have never used a netgear designed for home use so couldn't tell you, but all the home use ones i have havn't done this.

[Ignatius]

Thank you. Yes, I want to authenticate the wireless clients and make full use of the facilities available on the domain, as if the laptops had been connected via an ethernet cable. I'm not sure what additional hardware I'll need.

[glennda]

Thank you. Yes, I want to authenticate the wireless clients and make full use of the facilities available on the domain, as if the laptops had been connected via an ethernet cable. I'm not sure what additional hardware I'll need.

the way we do it here with over 300 laptops, is once installed joined to the domain on the cable put the wireless key it and log out reboot with the cable out and the machines just connect to the domain. you will need a wireless router that can talk to the DC, but i have never used one and no doubt somebody will shout ruckus at you (im guessing this does it but i don't know!)

[Ignatius]

I'm expecting "Ruckus" too, as mentioned in my OP! Does anyone have a recommendation for a reliable AP or wireless router that will talk with my Windows 2003 DC? What about any recommendations about the actual configuration of the DC?

[glennda]

I'm expecting "Ruckus" too, as mentioned in my OP! Does anyone have a recommendation for a reliable AP or wireless router that will talk with my Windows 2003 DC?

from a bit of googleing most people are mentioning you need to install Internet Authentication service on the server to run the wireless authentication. Which from the fourm question poster at Wireless Authentication via AD? you can use pretty much any wap aslong as you have one of those.

Internet Authentication Service

What about any recommendations about the actual configuration of the DC?

what do you mean in general or for the connection between the wireless and AD

Toby

[Ignatius]

Thanks Toby. I'm interested in recommendations for makes/models of APs that will definitely work for the wireless authentication to the W2K3 DC. I'll check out the link to the forum that you gave. I'm fairly happy to research the configuration of the IAS but don't want to go out and waste money on an AP that won't work.

[glennda]

well what size of office are you talking about? im guessing its not going to be a large office block, but depending on the amount of connections you are going to need + the size of the office block is what you need to consider i think most buisness class access points can support the IAS but don't know as i have never tried it. As with us we just use a standard WPA key for our 300+ laptops in school using a site wide cisco managed wireless system

Toby

[ozzy]

I can recomend these DWL-3200AP: 108Mbps Enterprise Managed Wireless AP with PoE - Outdoor access point, ethernet access point, wireless G access points, wireless N access point, outdoor access point and more wireless access points - D-Link, from D-Link Business ours easly handle 20 laptops logging on at the same time and are a good price at around £130.00

[chazzy2501]

I have had the dwl-3200AP for almost 3 years now and can recommend them. The central management program sucks, as it crashes, refuses to apply all settings to all aps etc.

BUT! The APs them selves never fail! I've got 27 of them and they've run almost continually for 3 years, no hassles. (my old 900's used to crash over the weekends and I'd have to run a ping sweep on them to see if they were still running!)

I don't have the experience to use 802.1x RADIUS (IAS) authentication with my APs so I use a single 63 digit random ascii wpa2 personal key. The only real issue here is if someone hacks a laptop to reverse the key out of it.

If this was a corperate environment this'd be unacceptable as any disgruntled employee could install a program allowing him to sniff all the traffic in the air as he has the same key as everyone else.

[spc-rocket]

Thanks Toby. I'm interested in recommendations for makes/models of APs that will definitely work for the wireless authentication to the W2K3 DC. I'll check out the link to the forum that you gave. I'm fairly happy to research the configuration of the IAS but don't want to go out and waste money on an AP that won't work.

Try this guide for setting up IAS in 802.1x authentication.

Wireless 802.1x RADIUS authentication using IAS server

Ash.

[grahamd22]

We use Linksys 4400n business ap's and they work really well probably because Linksys are actually Cisco!

I am having a problem though as the Curriculum domain is working perfectly well with the help of Radius but I wish I could say the same for the Admin domain as it is no connecting to the wireless at all which is annoying the head and me !! It's a win2k3 domain and there is a relay trust between the 2, I copied the policy's and the computers are in the allowed group. I don't have to add IAS settings on the admin server do I???

[Ignatius]

I'm grateful for all the suggestions. It looks like I have to do a bit of reading!