07-23-2012 12:03 AM
I have a scenerio (attached as JPEG). In it there is a Domain Controller with Active Directory and Internet Authentication Service (IAS), i didn't want to use Certificates.
In my scenerio i want wireless users(cliets) are connected to domain through ARUBA CONTROLLER & AP68 by using there username and passwords configured in Active Directory and after that when they are trying to connect or going to network they must provide there same credentials configured in AD and IASconfigured Policies without Certificates .
Plese guide me step by step to achive this target.
07-23-2012 12:10 AM
07-23-2012 04:37 AM
07-23-2012 05:52 AM
A certificate will provide encryption for the username and password that are transmitting over the wireless link.
If you only want user authentication, and not machine authentication, you can enable termination on the Aruba controller. It is found in the 802.1X Authentication profile.
This option uses the built-in certificate on the Aruba controller, and still passes the authentication requests to the IAS server. No certificate is required on the IAS server.
You can easily put a self-signed free certificate on the IAS server. Microsoft IIS 6.0 has a toolkit that can be downloaded that includes a tool called self.exe. It works very simply in creating a basic certificate.
You should be aware that neither of these solutions provide a highly secure enviroment. YOu would want to use a unique generated certificate signed by a Trusted third-party CA for that.
Sorry I am not able to provide a step by step guide to solve your problem.
07-23-2012 07:47 AM
You should have a trusted RADIUS certificate on your server for security reasons. Otherwise a malicious server could intercept the user credentials.
We had this setup with Sindows Server 2008R2 NPS servers (IAS is Server 2003 only). We are currently using Aruba ClearPass Policy Manager as our RADIUS server,
There are programs that make it easier to get the student computers setup for your 802.1X network.
Feel free to contact me off-list if you wish more information,