Re: 802.1x Authentication over Wireless

---

• From: Lutz <Lutz.MHipper@xxxxxxxxx>
• Date: Sat, 17 Nov 2007 13:57:06 -0800 (PST)

---

Hi, a few things are not clear to me. But if you would have WLAN with
separated VLANs, you could allow WLAN-clients without authentication
to the certificate enrollment page. After that with the certificate
you can but the user on VLAN 2 with access to the company's network.
How it can also work. Let the users request certificates when they are
on the wire!
Otherwise you have to train the users to connect to different SSIDs or
you have to think about are more sophisticated access point and radius
server.
Keep it simple!
R, Lutz





On Nov 15, 12:05 pm, mike.e...@xxxxxxxxx wrote:

I have implemented 802.1x with certificates in my Windows domain. I am
able to autoenroll computers and user certificates at login if they
are connected to the wire. Is it possible for the computer to push the
user certificate over the wireless link. I don't want to have my users
log on with the wire before they can connect onto the wireless. The
machine connects as a computer to the wireless and allows a domain
account to login. Once the domain account logs in, the wireless
disconnects with "Windows was unable to find a certificate to log you
on to the network XXXXXXX".

I can't really see why if the certificate was already issued to the
user and is published in Active Directory, why it IAS server can't
provide the certifcate to the machine and connect the user to the
wireless network.

My IAS is using Server 2003. My Certificate Authority is on another
Server 2003 machine. I am using Cisco Access Points controlled by a
Cisco WLAN Controller.

Please help.

.

---

• References:
  • 802.1x Authentication over Wireless
    • From: mike . elam

• Prev by Date: security of stored passwords, especially in IE
• Next by Date: Re: I receive the same email from "Microsoft Customer Support" ev
• Previous by thread: Re: 802.1x Authentication over Wireless
• Next by thread: Re: "Security Toolbar 7.1"
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: NPS RADIUS with Cisco wlc ... There is no layer 3 security assigned. ... And you must issue a certificate to the NPS server that is based on the IAS ... Connection request policy (ran through the wireless 802.1x wizard) ... (microsoft.public.internet.radius) Re: "Validating identity" on wireless connect ... Validate server certificate) ... Microsoft Small Business Server Support ... > have created GPO for a wireless LAN. ... > diable ISA to see if that is blocking it. ... (microsoft.public.windows.server.sbs) RE: Wireless connection problem from XP Pro SP2 to SBS 2003 ... "Cuervolush" wrote: ... This computer can connect to other wireless networks without problems. ... Automatic Certificate Enrollment for local system failed to enroll ... The RPC Server is ... (microsoft.public.windows.server.sbs) Re: Need help with 802.1x peap authentication ... If you open an mmc console on the server and add ... the Certificate snap-in for the 'Computer Account' then 'Local Computer', ... wireless Remote Access Policy, select Edit Profile, click the Authentication ... (microsoft.public.windows.server.general) Re: Wireless connection problem from XP Pro SP2 to SBS 2003 ... As long as you're sure the certificate is properly installed on the PC, I guess the priority would be to get wireless working, then worry about the auto enrollment later. ... compare all the settings between the non-working PC and the one that works. ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2007-11