IAS with Wireless in AD Network

[-->AL]

I have a small company which I do work for...I would like do the following:

- Windows 2003 Std
- Linksys 54G - several (I would like all of these to authneticate as
RADISU clients against Windows 2003 IAS)
- XP SP2 clients


Requirements:
--------------

(1) Have IAS centralize the wireless authentication (IAS performs the
authentication into the network against AD); if not the right account - no
entry

(2) Those authenticating must supply username/password against AD (for
their account)

(3) I do NOT want to deploy Certificates at all - please don't try to
change my mind - actually management

(4) Has to be secure enough (wireless); I know havibg cets services is most
secured, but not an option


Question:
---------

What meets these criterias?



Thanks.

 

[Herb Martin]

I have a small company which I do work for...I would like do the following:

- Windows 2003 Std
- Linksys 54G - several (I would like all of these to authneticate as
RADISU clients against Windows 2003 IAS)
- XP SP2 clients


Requirements:
--------------

(1) Have IAS centralize the wireless authentication (IAS performs the
authentication into the network against AD); if not the right account - no
entry

That's easy IF the linksys supports being a RADIUS
client -- install IAS as you have guessed and setup
an IAS Profile (or use the default 24 hour everyone
profile) to specify when they are allowed in.

If you are in native mode you get better control of
the access through IAS-RADIUS but that is not
necessary.

(2) Those authenticating must supply username/password against AD (for
their account)

That is part of the conversation from the RADIUS
client (?Linksys) to the IAS to the DC.

(3) I do NOT want to deploy Certificates at all - please don't try to
change my mind - actually management
Ok.

(4) Has to be secure enough (wireless); I know havibg cets services is most
secured, but not an option

IAS-RADIUS doesn't secure data, but it can secure
the authentication.

Question:

IAS comes close or does it depending on your
access point and your precise meaning of "Secure
enough."

 

[Guest]

I have this setup on my home network with SBS2003. The WAP54G just needs to
be configured for RADIUS and I turned on WPA-AES. Works like a charm. If
they don't supply a UID/password that is on the domain they don't get
connected. No certificates needed.

 

[-->AL]

How do you REQUIRE to supply entering the user name and password? For
example, if the machine is not part of the domain, but you would like to use
it just for Internet access - how do you get a prompt for a username and
password?

If you could elaborate more - that would be great - thanks.

 

[Guest]

You need to add your access point as a RADIUS client in IAS. I configured a
remote access policy for wireless that requires all 802.11 connections
authenticate with IAS and I further locked it down to only include members of
a group I called WirelessAuthUsers. Now when the clients try to connect via
that access point they will require authentication.

 

[Herb Martin]

You need to add your access point as a RADIUS client in IAS. I configured a
remote access policy for wireless that requires all 802.11 connections
authenticate with IAS and I further locked it down to only include members of
a group I called WirelessAuthUsers. Now when the clients try to connect via
that access point they will require authentication.

Don't the clients (generally) need to be at least
XP also?

XP has the required dialog boxes for configuring
the wireless authentication but I don't belive that
Win2000 has them.

(Unless the wireless card driver/config program
provides this feature.)

 

[Guest]

That may be true as I only have Windows XP clients. I have not tried with
Win2k.