none
802.1x Authentication With IAS

    Question

  • I am trying to Implement Some EnGenius EAP350 with Radius authentication based on the domain user.

    We have a Windows 2000 Domain Controller 

    I added IAS and Setup Policys (Windows user group) and Clients. 

    Added users to the group and Allow them to Dial In

    When I try to Automatically Connect from a Windows 7 it fails.

    If I manually Change the Wifi Profile to Use User Authentication it works fine. 

    How do I Make it so the computers will automatically use User Authentication. 

    Pushing Wifi Settings out via GP is not possible in Windows 2000 DC. But I would also like Non-domain computers to be prompted for domain user/pass if they try to connect. 


    Thursday, May 23, 2013 2:10 PM

Answers

  • The certificate you need to make this work must be created from a v2 certificate template. The templates do not exist on Windows 2000.

    BUT you need minimally a Certificate Authority (certificate services) running on a Windows 2003 Enterprise server or newer for the v2 option.

    Please read my documentation on how to create the certificate.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    Tuesday, May 28, 2013 3:36 PM

All replies

  • Hi,


    Which authentication protocol do you use?


    Please try to use EAP-MS-CHAP v2 and see how it works.


    Understanding 802.1X authentication for wireless networks

    http://technet.microsoft.com/en-us/library/cc759077(v=ws.10).aspx


    Hope this helps.


    Jeremy Wu
    TechNet Community Support

    Monday, May 27, 2013 4:25 PM
  • I believe you may need Windows 2003 or newer, IAS, because of the v2 certificate that's required for EAP. And version 2 certs weren't available on a Windows 2000 CA, if I remember correctly, and would required Windows 2003 Enterprise to get the v2 cert.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, May 28, 2013 5:23 AM
  • I thought It may be the case that it would not work in Windows 2000. However the Version 2 does show up in IAS on windows 2000. But maybe its substituting it with an incompatible cert.  

    I  Did look under The CA though and that cert shows as "Version: V3" any ideas.

    Here are some of the IAS settings:

    Tuesday, May 28, 2013 12:56 PM
  • The certificate you need to make this work must be created from a v2 certificate template. The templates do not exist on Windows 2000.

    BUT you need minimally a Certificate Authority (certificate services) running on a Windows 2003 Enterprise server or newer for the v2 option.

    Please read my documentation on how to create the certificate.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    Tuesday, May 28, 2013 3:36 PM
  • Alright. I guess until I can get the funding for some new windows 2012/2008 server I guess my only option will be to use something like Packet Fence as a in-between I believe it will tie-in to AD.

    Thanks for the Help

    Tuesday, May 28, 2013 3:43 PM
  • I've never used Packet Fence, but if it works, go for it!

    Cheers!


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, May 28, 2013 3:57 PM