IAS & Wireless policy

Hi,

I"m trying to configure IAS as a RADIUS server to authenticate users
with PEAP (EAP-MSCHAPv2) through a Cisco AP and I'm not sure where I link the
'802.1x authentication for wireless networks' policy. Do I link this to the
container(s) where the laptops are located in AD.

Also, do all laptops wanting access have to join the AD domain? Thanks.

Riley

In news:518EFD80-03DD-49A7-A82C-(E-Mail Removed),
rileymartin <(E-Mail Removed)> typed:
> Hi,
>
> I"m trying to configure IAS as a RADIUS server to authenticate
> users with PEAP (EAP-MSCHAPv2) through a Cisco AP and I'm not sure
> where I link the '802.1x authentication for wireless networks'
> policy. Do I link this to the container(s) where the laptops are
> located in AD.
>
> Also, do all laptops wanting access have to join the AD domain?
> Thanks.
>
> Riley

If it is a user policy (you stated to authenticate users), you would link it
to where the users exist.

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations

Thanks for the reply, I'm really lost with this.

I was looking at a Microsoft article 'Access Active Directory-based wireless
network policies' and it directed me to the computer configuration policy so
I assumed it was to be linked to the OU with the computers?


"Ace Fekay [MVP]" wrote:

> In news:518EFD80-03DD-49A7-A82C-(E-Mail Removed),
> rileymartin <(E-Mail Removed)> typed:
> > Hi,
> >
> > I"m trying to configure IAS as a RADIUS server to authenticate
> > users with PEAP (EAP-MSCHAPv2) through a Cisco AP and I'm not sure
> > where I link the '802.1x authentication for wireless networks'
> > policy. Do I link this to the container(s) where the laptops are
> > located in AD.
> >
> > Also, do all laptops wanting access have to join the AD domain?
> > Thanks.
> >
> > Riley
>
> If it is a user policy (you stated to authenticate users), you would link it
> to where the users exist.
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Infinite Diversities in Infinite Combinations
>
>
>
>

In news:E0A39D61-C7DA-4618-A22E-(E-Mail Removed),
rileymartin <(E-Mail Removed)> typed:
> Thanks for the reply, I'm really lost with this.
>
> I was looking at a Microsoft article 'Access Active Directory-based
> wireless network policies' and it directed me to the computer
> configuration policy so I assumed it was to be linked to the OU with
> the computers?

I've set it up with GPO controlled cert based user authentication and
wireless policies with a Cisco Aironet 1231 using Radius to IAS. There are
quite a number of steps that must be performed to get it to all work.

So if you are looking to set the wireless policy, and now that I re-read
your original question (my bad for not reading it closer), a wireless
setting is actually a machine setting because you're specifying a Wireless
AP's SSID settings on the client side. So that would be under Computer
Config\Windows Settings\Security Settings\Wireless Networks (IEEE 802.11)
Policies. Right click, choose new Wireless Network Policy and create a
policy, then edit it to add your SSID and its settings. Here's a step by
step:

Ultimate wireless security guide Automatic PEAP deployment with Microsoft
Active Directory GPO:
http://articles.techrepublic.com.com...5-6148576.html

See if the following helpas well. I built that system using these articles.

Step-by-Step Guide for Setting Up Secure Wireless Access in a Test Lab:
http://www.microsoft.com/downloads/d...DisplayLang=en

Building the Network Certification Authority:
http://www.microsoft.com/technet/sec...tc/peap_4.mspx

Checklists Configuring IAS for Wireless Access:
http://technet2.microsoft.com/window....mspx?mfr=true

Deploying a Certificate Infrastructure Wireless:
http://www.microsoft.com/technet/pro...ea4e6fc18.mspx

PEAP with MS-CHAP Version 2 for Secure Password-based Wireless Access:
http://www.microsoft.com/technet/com...uy/cg0702.mspx

PEAP with MS-CHAP Version 2- for Secure Password-based Wireless Access:
http://www.microsoft.com/technet/com...uy/cg0702.mspx

Ultimate wireless security guide Microsoft IAS RADIUS for wireless
authentication:
http://articles.techrepublic.com.com...5-6148579.html

Wireless Networking in Windows 2003:
http://www.windowsnetworking.com/art...dows-2003.html

WLAN Radius configuration - (Linksys shown here as well as how to configure
the client):
http://www.hansenonline.net/Networking/wlanradius.html

Release Notes for Aironet 802.11a-b-g Client Adapters (CB21AG and PI21AG)
Install Wizard 1.1 [including bug ID- CSCee01822]:
http://www.cisco.com/en/US/products/...080238976.html


I don't know if you want to go this far, but check out how Microsoft IT
deployed their Vista wireless GP:

TechNet Radio - How Microsoft IT Deployed Windows Vista Wireless Group
Policy
http://channel9.msdn.com/ShowPost.aspx?PostID=286598

Sorry about all the articles, but they are pretty informative.

Ace