Wireless Access

Hi Forum,

 

I have a scenerio (attached as JPEG).  In it there is a Domain Controller with Active Directory and Internet Authentication Service (IAS), i didn't want to use Certificates.    

 

In my scenerio i want  wireless users(cliets) are connected to domain through ARUBA CONTROLLER & AP68 by using there username and passwords configured in Active Directory and after that when they are trying to connect or going to network they must provide there same credentials configured in AD and IASconfigured Policies without Certificates .

 

 Plese guide me step by step to achive this target.

this link provides a setup for IAS and wireless, the Aruba side isn't that dificult: http://www.techrepublic.com/article/ultimate-wireless-security-guide-microsoft-ias-radius-for-wireless-authentication/6148579 and here from Aruba: http://community.arubanetworks.com/aruba/attachments/aruba/authentication-and-access-control/80/1/IAS+Config.pdf

links that  u send me using certificates but i dont want sertificates in my scenerio.

 

Regards,

Faisal

they might suggest a server certificate for the IAS server, but that has little influence. as long as you configure your client to ignore server certificate. the authentication happens with username / password, that is what counts right?

A certificate will provide encryption for the username and password that are transmitting over the wireless link.

 

If you only want user authentication, and not machine authentication, you can enable termination on the Aruba controller.  It is found in the 802.1X Authentication profile.

This option uses the built-in certificate on the Aruba controller, and still passes the authentication requests to the IAS server.  No certificate is required on the IAS server.

 

You can easily put a self-signed free certificate on the IAS server.  Microsoft IIS 6.0 has a toolkit that can be downloaded that includes a tool called self.exe.  It works very simply in creating a basic certificate.

http://www.microsoft.com/en-us/download/details.aspx?id=17275

 

You should be aware that neither of these solutions provide a highly secure enviroment.  YOu would want to use a unique generated certificate signed by a Trusted third-party CA for that.

 

Sorry I am not able to provide a step by step guide to solve your problem.

 

You should have a trusted RADIUS certificate on your server for security reasons. Otherwise a malicious server could intercept the user credentials. 

 

We had this setup with Sindows Server 2008R2 NPS servers (IAS is Server 2003 only). We are currently using Aruba ClearPass Policy Manager as our RADIUS server,

 

There are programs that make it easier to get the student computers setup for your 802.1X network.

 

Feel free to contact me off-list if you wish more information,