+ Post New Thread
Page 3 of 7 FirstFirst 1234567 LastLast
Results 31 to 45 of 99
Wireless Networks Thread, RADIUS and IAS in Technical; @sahmeepee: There is a WPA2 supplicant that you need to install on your clients. This appears to work OK. I ...
  1. #31

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,600
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181

    Re: RADIUS and IAS

    @sahmeepee: There is a WPA2 supplicant that you need to install on your clients. This appears to work OK. I have also noticed that the Intel Pro/Wireless tool for the 2200BG chipset includes this and seems to work better.

  2. #32
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34

    Re: RADIUS and IAS

    @Ric_: we've installed the WPA2 patch from Microsoft. Are you saying there's a way of enforcing WPA2 via group policy?

    We're using laptops with the 2200BG cards in and the Intel tools seemed quite good, but pure Windows seems to be working fine with computer authentication so I decided to remove a variable!

  3. #33
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,464
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113

    Re: RADIUS and IAS

    WPA2 is not available as one of the options in group policy last time I looked, as the template wasn't updated at the time.

    Edit: I should point out that WPA is an option though

  4. #34

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,600
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181

    Re: RADIUS and IAS

    @sahmeepee: Sorry, I thought you meant that WPA2 wasn't available.

    The Intel tool is the business though and you can enforce WPA2 at the AP level.

  5. #35

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    738
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    37

    Re: RADIUS and IAS

    @sahmeepee

    Why would you need to roll out the certificate to the client if they use PEAP (MS-CHAP v2)? If all the clients are joined to the domain then the CA cert will be automatically be copied in the root authority of the client when they join the domain.

    I do agree with you point about only doing machine authentication, if people require more granular support then i suppose people should do both machine and user authentication.

    As for the Becta's WPA2 requirement, not all requirements can be fulfilled and i don't really see a reason for deploying WPA2 in school at the moment because WPA is good enough in my opinion.

    Shame about good old Microsoft supporting on a max of 50 radius clients on standard edition. The enterprise edition doesn't have any limit.

    Ashok.

  6. #36

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: RADIUS and IAS

    You can push out client certificates with GPO's in AD anyway.

  7. #37
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34

    Re: RADIUS and IAS

    Quote Originally Posted by ashok
    @sahmeepee

    Why would you need to roll out the certificate to the client if they use PEAP (MS-CHAP v2)? If all the clients are joined to the domain then the CA cert will be automatically be copied in the root authority of the client when they join the domain.
    That's interesting. When I tried it, the root CA I'd created wasn't copied down by default to the client, so I popped it into a GPO which seemed to work. Maybe it's something to do with my root CA being "standalone" rather than "enterprise"? Or not giving it enough reboots? I'll try it without the GPO again at some point.

    Quote Originally Posted by ashok
    Shame about good old Microsoft supporting on a max of 50 radius clients on standard edition. The enterprise edition doesn't have any limit.
    Yes, you can only have 50 RADIUS clients with standard, but that means 50 access points per IAS server, because you set the server up to look at the AP not the (laptop) client. If I get to the point where I have over 50 APs I wouldn't be too phased by sticking IAS on my other DC as well. If we get over a hundred APs I'm changing jobs .

  8. #38

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    738
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    37

    Re: RADIUS and IAS

    Hi,

    Yeah i know the clients are actually APs. At our place we are trying to do both the APs and also the switches for (using 802.1x for wired connections) and we already have about 45 switches! and i know we will be drawn into the wireless bandwagon sooner than later i guess.

    You're right about installing more ias servers, this will solve the problem or alternativily use the enterprise edition - maybe an overkill.

    Regarding the certificate we tested it using the enterprise CA, so you may be right that if you use the stand-alone CA then it may not copy.


    Ashok.

  9. #39

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: RADIUS and IAS

    A Linux server running FreeRadius will also overcome the limitation.

  10. #40
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34

    Re: RADIUS and IAS

    Ashok,

    Maybe stacking your switches where possible would reduce the number that the RADIUS server sees. With our 3com kit i think we can stack upto 8 switches into 1. I guess it depends on your switching kit and the layout of your cabinets though.

    Well done for tackling 802.1x for your wired connections by the way. It's definitely a project I'd be interested in doing at some point. At the moment I'm a bit put off by the complexity of making port-by-port exclusions for "dumb" devices like printers/photocopiers/EPOS.

  11. #41

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    738
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    37

    Re: RADIUS and IAS

    @sahmeepee

    Yeah we got few students who likes to plug in their own laptops on the network and also we're trying to tie down the ports from a security point of view. We use all cisco kit here and i'm trying to phase out older switches i.e. 2900xl and 3500xl which sadly don't support 802.1x.

    enabling the 802.1x on cisco siwtches is not hard, cisco also supports the stacking but i'd like to have them seperate because of the vlan logging and also managing them via AAA authentication.

    Ashok.

  12. #42

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    19

    Re: RADIUS and IAS

    Dumb question but do all swiches have to be 802.1x aware before it can be implemented? If most switches in the network support it, especially the ones connecting the servers, can the older switches just pass along the extra information without processing it?

  13. #43

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    738
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    37

    Re: RADIUS and IAS

    Here's the completed step-by-step guide for configuring 802.1x wireless authentication using IAS and PEAP.

    Please feel free to provide feedback and suggestions for improvements.

    Thanks.

    Ash.
    Attached Files Attached Files

  14. 11 Thanks to spc-rocket:

    ahuxham (3rd September 2008), amfony (20th November 2008), dezt (29th October 2008), joe90bass (9th April 2009), MattCrick (6th November 2008), meastaugh1 (31st October 2008), OverWorked (24th November 2008), superdooley (1st July 2010), timzim (8th August 2008), tomscaper (20th November 2008), wagnerk (26th March 2009)

  15. #44
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    730
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25

    Re: RADIUS and IAS

    Quote Originally Posted by CyberNerd
    BECTA say WPA2 and RADIUS for wireless
    is that in a whitepaper on the BECTA site, I am trying to look for it. If you could let me know where that information is, it would be much appreciated.

    thanks

  16. #45
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    Re: RADIUS and IAS

    Quote Originally Posted by sahmeepee
    Linksys WRT54GL with DD-WRT v23 SP1 firmware (I can't express how good these are for under £40 each)
    Would you still recommend these as good AP's to play with?

    I'm currently considering more expensive units but if these will do the job as well as anything else out there I'd like to have a play with a couple of these first.

SHARE:
+ Post New Thread
Page 3 of 7 FirstFirst 1234567 LastLast

Similar Threads

  1. radius with guests
    By strawberry in forum How do you do....it?
    Replies: 9
    Last Post: 16th July 2008, 04:10 PM
  2. How does Radius work?
    By ranj in forum Wireless Networks
    Replies: 3
    Last Post: 4th January 2008, 12:42 PM
  3. Radius Testing Software
    By plexer in forum Wireless Networks
    Replies: 0
    Last Post: 25th September 2007, 04:00 PM
  4. HP NX6325 Radius PEAP
    By plexer in forum Wireless Networks
    Replies: 0
    Last Post: 1st December 2006, 10:15 AM
  5. ISA Server 2004 and RADIUS
    By spc-rocket in forum Wireless Networks
    Replies: 0
    Last Post: 11th December 2005, 12:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •