Announcement

Collapse
No announcement yet.

Windows 2003 IAS / Cisco Help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2003 IAS / Cisco Help

    Hello,

    I am running windows 2003 server and want to setup a wireless radius service. I have Certificate Services configured and running. All client workstations have been issued a computer cert. I installed IAS and configured a Remote Access Policy for Domain Users & Domain Computers. I have a Cisco Aironet 1130AG Access Point. I setup the security with WPA and pointed it at my Radius Server.

    When I try to join the wireless from one of the workstations, i get...

    Windows was unable to find a
    certificate to log you on to the network myssid

  • #2
    Re: Windows 2003 IAS / Cisco Help

    Have you setup the RADIUS client(s) in IAS? (note that the RADIUS client would be the AP, not the computers connecting to the AP)

    EDIT - I should note that there are several other settings to look at if you have configured the above. For instance, are you using smart cards? If not then you need to use PEAP instead of EAP-TLS.
    Last edited by JeremyW; 6th August 2007, 14:14.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Windows 2003 IAS / Cisco Help

      Yes on the radius client, and no on the smart cards. I will try PEAP. Also, do I have to import the ssl cert of the radius server to the client? Or will it negotiate that on connection? Will OS X and linux clients support PEAP?

      Comment


      • #4
        Re: Windows 2003 IAS / Cisco Help

        Originally posted by ntwaddell View Post
        Also, do I have to import the ssl cert of the radius server to the client?
        You will not be using an SSL cert but rather a User and/or Computer cert. And whether you need to import (or request) depends on how you have your CA set up. If it's an Enterprise CA then the users and computers probably already have their certs.

        If it's a Stand Alone CA then you will need to request and approve certs for the users (and computers if necessary), import the certs, and add the CA to the trusted CAs (can be done through Group Policy).

        Will OS X and linux clients support PEAP?
        I can only guess but probably. I'm sure a quick search on will tell you for sure.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment

        Working...
        X