Have look at this guide.
I had some time to spare at the weekend so I thought I'd play around with an old Windows 2003 installation to see if I could get RADIUS and 802.1x to work. I thought it would be easy to follow tutorials ... but far from it! Before I go on, I'd like to clarify something because if my basic understanding is wrong, I need to stop now.
I have a laptop and a wireless router which I can configure to use 802.1x. The laptop has not been joined to the domain and the Windows 2003 installation is a DC (the domain is "test.local"). I have created a user in ADUC (named "Draytek") and given the user Dial-in access. If I use this laptop to connect to the wireless router, will I simply have to give the username "Draytek" and Draytek's password to connect to the router (thence out to the internet)? I don't want to be able to logon to the domain (at this stage). I *hope* that I don't have to have joined the laptop to the domain previously in order to be able to connect it to the wireless router using WPA Enterprise.
Ignatius (7th March 2012)
That was a "Doh!" moment. How on earth did I miss that?
I've been playing around for the last few hours and CANNOT get the certificate to show in the Trusted Root Certification Authorities of the added SSID > Properties > Authentication > EAP type > Properties. I exported it from my Enterprise CA and imported it into my XP SP3 laptop. It shows in Internet Options > Content > Certificates > Trusted Root Certification Authorities. I'll look again when my brain has cooled down. Any idea why the certificate should show up in one Trusted Root Certification Authorities panel but not the other?
You need to use the certificates mmc to import certificates. However if its a enterprise CA then all your domain joined stations should have your enterprise CA's root certs already under "Trusted Root Certification Authorities".
You do need to generate a certificate for your IAS (radius) server from your CA or get a commercial authority.
I see what my problem was - I logged in to my XP system as a limited user and installed the certificate (by right-clicking) but I had to configure the wirelesss NIC as an administrator. I did this via <runas /user:administrator cmd> then <explorer /separate> which opened an administrator-privilege Explorer then access to Control Panel with admin rights. That trick prevents a lot of switching logins!
There are currently 1 users browsing this thread. (0 members and 1 guests)