+ Post New Thread
Results 1 to 5 of 5
Wireless Networks Thread, IAS and certificate "weirdness" (WiFi Radius Auth) in Technical; Hi Gang, Got a weird one this week. I setup my WLAN Auth via the famous Ashby Radius doc thats ...
  1. #1
    amfony's Avatar
    Join Date
    Jul 2007
    Location
    Sydney
    Posts
    161
    Thank Post
    29
    Thanked 13 Times in 13 Posts
    Rep Power
    17

    IAS and certificate "weirdness" (WiFi Radius Auth)

    Hi Gang,

    Got a weird one this week.

    I setup my WLAN Auth via the famous Ashby Radius doc thats floating around edugeek for quite a while now and it has been working flawlessly since.

    This week I got a report that some of our macs were dropping of the WLAN (ruckus) and via troubleshooting/investigating it appeared the certificate that was instaled on the macs (imaged) was no longer valid and i went around and manually installed the "same" certificate over the existing one and hey presto it worked. Same certificate, didnt expire, same method of installing into mac osx 10.6 (wifi system profile, certificate trust etc).

    Now my XP Laptops do occasionally fall off, its just the way its always been so i know quite well what needs to be done to resolve the issue. Via the guides help i know that i should expect a certficate (named here IASServerCert) in my trusted root store in my laptops because they are domain clients and the cert was issued via an enterprise domain-bound CA

    Now however the cert doesn't appear in the clients trusted root store, after many domain join-leave-rejoins. I can however export and install the cert without issue. This is not the point im more interested in why the cert is now longer in the enterprise trust store.

    Upon investigating i can see in the CA's personal managment, that is the CA's certmgr.msc rather then the domain CA interface that there are 2 certificates in the "intemediate cert authorities > cert revocation list" folder. This is definatley not expected but i definatley dont want to start moving/deleting certs particulary if i have to re-config all few hundred laptops.

    Can anyone assist here please? Any ideas how to troubleshoot?

    Thanks Gang, as always - mucho apprecaited.

  2. #2
    amfony's Avatar
    Join Date
    Jul 2007
    Location
    Sydney
    Posts
    161
    Thank Post
    29
    Thanked 13 Times in 13 Posts
    Rep Power
    17
    ok well no info re: certs and CAs however i did deploy the cert via the Trusted Root Authentication Store in Group Policy which sent the certs out again and resolved all PC related cert issues.

    Thanks for the views atleast.

  3. #3

    Join Date
    Jun 2011
    Posts
    110
    Thank Post
    0
    Thanked 15 Times in 15 Posts
    Rep Power
    19
    Quote Originally Posted by amfony View Post
    I setup my WLAN Auth via the famous Ashby Radius doc thats floating around edugeek for quite a while now and it has been working flawlessly since.
    Famous Ashby Radius? Can you please give a link?

  4. #4

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    738
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    37
    Hi,

    Have you made sure that your domain's CA root's certificate has not expired? This CA's certificate is automatically copied to the trusted root ca when you join a station to the domain if its a enterprise CA. This is so that any certificate issues by the CA is automatically trusted by the client i.e. if you IAS server's certificate should be trusted by your clients if its issues by your internal CA.

    I think you may want to have a look at the IAS certificate and find out who issued that certificate, if it is your CA then it should be fine and the issue may be somewhere else i.e. distance, singnal loss. Are you getting any error in the system log when on the client or IAS server when client's can't connect. It might get give some clues as to what it is happening.

    @snoeere

    the guide is located here --> http://www.edugeek.net/forums/networ...as-server.html

    Ash.

  5. #5
    amfony's Avatar
    Join Date
    Jul 2007
    Location
    Sydney
    Posts
    161
    Thank Post
    29
    Thanked 13 Times in 13 Posts
    Rep Power
    17
    thanks spc i have checked that the cert has not expired and it was issues from a domain bound enterrpise CA (2003r2). I am at a loss but i will recheck all.

    The issue is definatley certificate related however and not anything else.

    Thanks for the help and more so thank you for guide.

SHARE:
+ Post New Thread

Similar Threads

  1. Wireless GPO Radius Auth + Home access
    By contink in forum Windows Server 2000/2003
    Replies: 8
    Last Post: 8th July 2011, 02:57 PM
  2. Windows 7, SCCM and Certificate Authorities
    By sllorep in forum Windows 7
    Replies: 6
    Last Post: 8th April 2011, 11:40 AM
  3. Wifi clients, Radius auth, and Ipods
    By amfony in forum Wireless Networks
    Replies: 7
    Last Post: 9th February 2011, 01:34 PM
  4. RADIUS and IAS
    By HodgeHi in forum Wireless Networks
    Replies: 98
    Last Post: 30th April 2009, 10:39 AM
  5. ISA Server 2004 and RADIUS
    By spc-rocket in forum Wireless Networks
    Replies: 0
    Last Post: 11th December 2005, 12:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •