IAS EAP - TLS Policies question
- From: Nelson <Nelson@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 19 Jan 2007 12:20:33 -0800
Hi, I'm trying to setup a wireless access to my network using EAP-TLS. I
have a Root Certification Authority - windows 2003 enterprise edition, a LDAP
installed on Windows 2003 enterprise edition, each of them in different
machines. I've a linux box as a DHCP. So, The configuration of my AP(Access
point) has been done according to the official guide of the cisco. My idea: A
visitor, will find my access point, will connect and will be redirected to
the web page to obtain the user certificate. This part is now working
properly. After receive the certificate the user should change of wireless
network to the secure network. The winxp sp2 client is configured to use
certificates, and to use the simple certificate selection, and its also
configured to validate the server certificate, choosing from the list my
network certification authority. When the client tries to connect receives a
message that indicates to clic to select the certificate or credentials, when
I clic on it a window with the certificates is displayed. Then the
certificate is selected and pressing OK the information is sent to validate
the information. Back to the IAS server I've the connection request policies
call "Use Windows authentication for all users" with the policiy conditions
permited to connect any time of day. In the profile configuration i have
"Authenticate request on this server" selected, and in the "configure
certificate" window my internal network certificate is selected. If I go to
attribute tab in the edit profile the default attribute selected is
user-name. Facts, with this configuration nothing is showed in the IAS log.
If I turn the option to "Accept users with out autthentication" the IAS Log
shows me the loggin information and the connection is accepted, but I want to
validate against the certificate issued by my Internal network CA. In the IAS
there is also the folder Remote Access Policies, there I is my Wireless
policie that is working with groups of the domain that includes a group
previously created by me to allow my wireless users. My question: What IAS
does when it receives the request? Is the connection request policie
processed first and in case is accepted the next step is to process the
remote access policies? If I want to validate my users against certificates
why should I add a user policie indicating the users that are going to use
the wireless are not part of the domain? I used the document " Cofiguring IAS
for WPS thecnology" posted by microsoft as a base to configure the core of my
solution. That guide doesnt include an exact description of the EAP-TLS
configuration. Can anybody help me? Do you guys know any document similar
that the one that I just mentioned to configure the EAP-TLS using Microsoft
IAS and using the guest user? Is this all information clear or do you need
any detailed explanation? Thank you.
.
- Prev by Date: Re: DC Admin question
- Next by Date: Re: Unable to apply patches
- Previous by thread: DC Admin question
- Next by thread: Install Microsoft PKI for Windows Server 2003
- Index(es):
Relevant Pages
|
|
