+ Post New Thread
Results 1 to 4 of 4
Wireless Networks Thread, Managed wireless problem - unable to find certificate to log on in Technical; ...
  1. #1

    Join Date
    Nov 2009
    Location
    North Walsham
    Posts
    118
    Thank Post
    45
    Thanked 8 Times in 8 Posts
    Rep Power
    11

    Managed wireless problem - unable to find certificate to log on

    Hi All,

    We have purchased Ruckus to use as a managed wireless solution. We want to start by using it in a new build to the school. We have 10 AP's. We are using 802.x1 EAP with WPA2 and AES (this is all very new to us!)

    Ruckus has helped us set up the Zone Director and configure NPS on our 2008 R2 server. We want users to be authenticated by their AD credentials.

    When a user logs on, they can see the wireless network but when they try to connect it shows the message 'Windows was unable to find a certificate to log you on to the network’ I have done quite a bit of searching but can't find out how I can push the certificate generated from NPS to the clients. I can't even find out the location of where it is on the server!

    I have been playing around with the wireless settings in GP and we can get clients to automatically connect to wireless networks with preferred settings but can't get passed this certificate issue. If we change some settings on the client to not use a certificate it works but we don't really want to do that on every client and presume using the certificate is the correct way?

    Can anyone offer any help, advice or guidance to put us in the right direction?

    Thanks very much.

    Gary

  2. #2

    Join Date
    Dec 2009
    Location
    Woking
    Posts
    95
    Thank Post
    0
    Thanked 17 Times in 17 Posts
    Rep Power
    12
    I assume you are doing EAP-PEAP (username and password authentication). The error message you are seeing is due to the client trying to do EAP-TLS (certificate authentication) In the wireless settings on the client on the security tab set the authentication method to PEAP. Also by default PEAP will try to authenticate the RADIUS server's certificate, so you will also have to either untick the "Validate server certificate" box or export the certificate from NPS and install it on the clients -either manually or use GP to push the certificate out to the clients.

    If on the other hand you are trying to do EAP-TLS, you need to set up a CA server and use GP to auto enroll your clients with a computer and user certificate.

    Generally on a small network PEAP is the way to go and avoids the hassle of setting up a CA.

  3. Thanks to paulfinlay from:

    ronnoco (23rd August 2011)

  4. #3

    Join Date
    Nov 2009
    Location
    North Walsham
    Posts
    118
    Thank Post
    45
    Thanked 8 Times in 8 Posts
    Rep Power
    11
    Thanks Paul, much appreciated.

    We are using EAP-PEAP. From a security point of view, is it ok to untick the box and not have the certificate validated or is it best to export and deploy?

    Cheers.

    Gary

  5. #4

    Join Date
    Dec 2009
    Location
    Woking
    Posts
    95
    Thank Post
    0
    Thanked 17 Times in 17 Posts
    Rep Power
    12
    The validate server certificate option ensures that your laptops will only pass their AD credentials to your RADIUS server. Without certificate checking someone could setup a rogue AP advertising your SSID and your clients would happily and unknowingly pass their AD credentials to the rogue.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 20
    Last Post: 22nd February 2011, 03:23 PM
  2. imac unable to log on to MS Domain
    By speckytecky in forum Mac
    Replies: 6
    Last Post: 8th September 2010, 02:09 PM
  3. VMware ESXi zombie problem: Unable to reset kill or register VM in ESXi 4
    By albertwt in forum Thin Client and Virtual Machines
    Replies: 3
    Last Post: 29th April 2010, 09:55 AM
  4. Managed Wireless System unable to log into Ranger
    By laputa01 in forum Network and Classroom Management
    Replies: 0
    Last Post: 8th May 2009, 03:23 PM
  5. Only allow certain users to log on to a machine?
    By wesleyw in forum How do you do....it?
    Replies: 7
    Last Post: 16th January 2006, 11:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •