Wireless Access

Reply
Contributor I
Posts: 48
Registered: ‎01-19-2012

AD & IAS Without Certificate

Hi Forum,

 

I have a scenerio (attached as JPEG).  In it there is a Domain Controller with Active Directory and Internet Authentication Service (IAS), i didn't want to use Certificates.    

 

In my scenerio i want  wireless users(cliets) are connected to domain through ARUBA CONTROLLER & AP68 by using there username and passwords configured in Active Directory and after that when they are trying to connect or going to network they must provide there same credentials configured in AD and IASconfigured Policies without Certificates .

 

 Plese guide me step by step to achive this target.

MVP
Posts: 1,414
Registered: ‎11-30-2011

Re: AD & IAS Without Certificate

Contributor I
Posts: 48
Registered: ‎01-19-2012

Re: AD & IAS Without Certificate

links that  u send me using certificates but i dont want sertificates in my scenerio.

 

Regards,

Faisal

MVP
Posts: 1,414
Registered: ‎11-30-2011

Re: AD & IAS Without Certificate

they might suggest a server certificate for the IAS server, but that has little influence. as long as you configure your client to ignore server certificate. the authentication happens with username / password, that is what counts right?
Occasional Contributor II
Posts: 27
Registered: ‎01-29-2009

Re: AD & IAS Without Certificate

A certificate will provide encryption for the username and password that are transmitting over the wireless link.

 

If you only want user authentication, and not machine authentication, you can enable termination on the Aruba controller.  It is found in the 802.1X Authentication profile.

This option uses the built-in certificate on the Aruba controller, and still passes the authentication requests to the IAS server.  No certificate is required on the IAS server.

 

You can easily put a self-signed free certificate on the IAS server.  Microsoft IIS 6.0 has a toolkit that can be downloaded that includes a tool called self.exe.  It works very simply in creating a basic certificate.

http://www.microsoft.com/en-us/download/details.aspx?id=17275

 

You should be aware that neither of these solutions provide a highly secure enviroment.  YOu would want to use a unique generated certificate signed by a Trusted third-party CA for that.

 

Sorry I am not able to provide a step by step guide to solve your problem.

 

Contributor II
Posts: 146
Registered: ‎05-12-2010

Re: AD & IAS Without Certificate

You should have a trusted RADIUS certificate on your server for security reasons. Otherwise a malicious server could intercept the user credentials. 

 

We had this setup with Sindows Server 2008R2 NPS servers (IAS is Server 2003 only). We are currently using Aruba ClearPass Policy Manager as our RADIUS server,

 

There are programs that make it easier to get the student computers setup for your 802.1X network.

 

Feel free to contact me off-list if you wish more information,

Bruce Osborne - Wireless Engineer
ACCP, ACMP
Search Airheads
Showing results for 
Search instead for 
Did you mean: