+ Post New Thread
Results 1 to 6 of 6
Wireless Networks Thread, Wireless Access Authentication using PKCS#12 certificate in Technical; This one has me scratching my head, and that's not a good thing as it's rubbing off what little hair ...
  1. #1
    mrmontymick's Avatar
    Join Date
    Mar 2009
    Location
    Peterborough, UK
    Posts
    64
    Thank Post
    7
    Thanked 16 Times in 10 Posts
    Rep Power
    13

    Unhappy Wireless Access Authentication using PKCS#12 certificate

    This one has me scratching my head, and that's not a good thing as it's rubbing off what little hair I have left!

    We have a HP MSM-750 Wireless Access controller (formerly a Colubris MSC-5500). As part of it's functionality you can get it to authenticate by Active Directory Username and Password to issue a wireless connection.

    Steps as follows:

    1. User boots laptop
    2. Logon screen displayed
    3. User enters AD username/password combo
    4. Laptop pre-authenticates to wireless using AD username/password combo
    5. If AD username/password correct then issue IP address and then pass logon request over to AD to perform logon on the machine as normal.

    However, the machine has to have two certificates on it to accomplish this, one is the Trusted Root Authority Certificate, this has been put on.

    The second one is a PKCS#12 certificate which it asks for in the name of the controller and to be issued by the Trusted Root Authority. My root authority is my MS Enterprise CA. Can I get this beast to issue a PKCS#12 certificate - in your (or my) dreams!

    I have tried creating a template and issuing it to the Certification Authority and then generating a custom certificate request in the name of my controller ( wireless.school.local for arguments sake) but the CA responds with the following error:

    The DNS name is unavailable and cannot be added to the Subject Alternate Name. 0x8009480f (-2146875377) Denied by policy module.

    This is a lot of hours work and the sum total is at present a fairly irritating error message!

    So, what I'm asking is:

    1. Anyone got one of these beasts and made it work successfully in this mode rather than giving up and using a RADIUS server?
    2. Anyone know how to generate a PKCS#12 certificate using MS Enterprise CA and not get annoying error messages?
    3. Anyone want to buy a lightly used Wireless Controller???
    4. Anyone got a walkthrough they found out on the great unwashed web that explains things more clearly than the HP MSM-750 manual which is translated from the Serbo-Croat by a goat?
    5. Anyone here able to say - "You dummy - don't do that - do this!"


    Scratch number three but any help on any of the others would be gratefully received.

  2. #2
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    But doing this means problems right?

    It will not load up your computer policy nor install managed software because your not connected to the wireless right?


    This is something I would like to do, hate having to enter the wireless keys everytime a student takes a laptop out the trolley and uses it elsewhere

  3. #3
    mrmontymick's Avatar
    Join Date
    Mar 2009
    Location
    Peterborough, UK
    Posts
    64
    Thank Post
    7
    Thanked 16 Times in 10 Posts
    Rep Power
    13
    Hi,

    I don't even have machines connecting at the moment never mind lack of GPO's. Without getting this certificate sorted I can't even make a wireless connection...

  4. #4

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by mrmontymick View Post
    Hi,

    I don't even have machines connecting at the moment never mind lack of GPO's. Without getting this certificate sorted I can't even make a wireless connection...
    Can you please elaborate on how this is all setup at the moment? are you using a radius server? what kind of authentication and encryption have you got set for 802.1x authentication? i.e. PEAP with MSCHAP v2? or TLS?

    Ash.

  5. #5
    mrmontymick's Avatar
    Join Date
    Mar 2009
    Location
    Peterborough, UK
    Posts
    64
    Thank Post
    7
    Thanked 16 Times in 10 Posts
    Rep Power
    13
    Hi,

    No, not using a RADIUS server at the moment, the MSM-750 can be joined as a member server to the domain so effectively it can perform an AD login for wireless authentication purposes.

    What I can't do is generate the appropriate machine certificate for the MSM-750....

    When you create a VSC (Virtual Service Controller) under the wireless protection settings you can specify local or remote authentication - under the remote tab you have the option of RADIUS or Active Directory but the access controller is failing to be trusted by the DC because it doesn't have an appropriate machine certificate generated for it.

    What I can't do is get my CA to generate this certificate. Hope that makes sense.

    The option do do authentication this way isn't one I have come across before I have only ever used RADIUS before.

  6. #6
    mossj's Avatar
    Join Date
    Dec 2008
    Location
    Leicester
    Posts
    1,466
    Thank Post
    157
    Thanked 189 Times in 174 Posts
    Rep Power
    52
    Quote Originally Posted by p-dave View Post

    This is something I would like to do, hate having to enter the wireless keys everytime a student takes a laptop out the trolley and uses it elsewhere
    Why do you have to do that, we simply login as admin set it, and forget it.

SHARE:
+ Post New Thread

Similar Threads

  1. Wireless authentication to a W2K3 domain
    By Ignatius in forum Windows Server 2000/2003
    Replies: 18
    Last Post: 7th May 2013, 09:05 PM
  2. Remote access and Two Factor Authentication
    By gjames in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 8th February 2010, 09:16 AM
  3. 802.1x-Radius Wireless Authentication
    By jayemm in forum Wireless Networks
    Replies: 5
    Last Post: 22nd September 2009, 10:50 AM
  4. Outlook Web Access Certificate
    By Friez in forum How do you do....it?
    Replies: 9
    Last Post: 24th October 2008, 09:41 PM
  5. How to get a wireless network certificate onto a HP PDA
    By woody in forum Wireless Networks
    Replies: 4
    Last Post: 10th October 2006, 01:49 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •