Wireless Networks Thread, Managed wireless problem - unable to find certificate to log on in Technical; Hi All,
We have purchased Ruckus to use as a managed wireless solution. We want to start by using it ...
19th August 2011, 11:50 AM #1
- Rep Power
Managed wireless problem - unable to find certificate to log on
We have purchased Ruckus to use as a managed wireless solution. We want to start by using it in a new build to the school. We have 10 AP's. We are using 802.x1 EAP with WPA2 and AES (this is all very new to us!)
Ruckus has helped us set up the Zone Director and configure NPS on our 2008 R2 server. We want users to be authenticated by their AD credentials.
When a user logs on, they can see the wireless network but when they try to connect it shows the message 'Windows was unable to find a certificate to log you on to the network’ I have done quite a bit of searching but can't find out how I can push the certificate generated from NPS to the clients. I can't even find out the location of where it is on the server!
I have been playing around with the wireless settings in GP and we can get clients to automatically connect to wireless networks with preferred settings but can't get passed this certificate issue. If we change some settings on the client to not use a certificate it works but we don't really want to do that on every client and presume using the certificate is the correct way?
Can anyone offer any help, advice or guidance to put us in the right direction?
Thanks very much.
22nd August 2011, 04:30 PM #2
- Rep Power
I assume you are doing EAP-PEAP (username and password authentication). The error message you are seeing is due to the client trying to do EAP-TLS (certificate authentication) In the wireless settings on the client on the security tab set the authentication method to PEAP. Also by default PEAP will try to authenticate the RADIUS server's certificate, so you will also have to either untick the "Validate server certificate" box or export the certificate from NPS and install it on the clients -either manually or use GP to push the certificate out to the clients.
If on the other hand you are trying to do EAP-TLS, you need to set up a CA server and use GP to auto enroll your clients with a computer and user certificate.
Generally on a small network PEAP is the way to go and avoids the hassle of setting up a CA.
Thanks to paulfinlay from:
ronnoco (23rd August 2011)
23rd August 2011, 10:42 AM #3
- Rep Power
Thanks Paul, much appreciated.
We are using EAP-PEAP. From a security point of view, is it ok to untick the box and not have the certificate validated or is it best to export and deploy?
24th August 2011, 11:35 AM #4
- Rep Power
The validate server certificate option ensures that your laptops will only pass their AD credentials to your RADIUS server. Without certificate checking someone could setup a rogue AP advertising your SSID and your clients would happily and unknowingly pass their AD credentials to the rogue.
By chazzy2501 in forum MIS Systems
Last Post: 22nd February 2011, 04:23 PM
By speckytecky in forum Mac
Last Post: 8th September 2010, 03:09 PM
By albertwt in forum Thin Client and Virtual Machines
Last Post: 29th April 2010, 10:55 AM
By laputa01 in forum Network and Classroom Management
Last Post: 8th May 2009, 04:23 PM
By wesleyw in forum How do you do....it?
Last Post: 17th January 2006, 12:38 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)