TekRADIUS Forum

10.08.2010 16:07:30 pellja Posts: 5	I'm new to setting up a Radius server and from what I can see there are a lot of possibilities. Here's what I need: I have about 300 Windows XP laptops in a Windows 2003 Domain connecting to Cisco access points. I also have a Cisco Wireless LAN Controller to control the access points. We need for these laptops to connect to the wireless BEFORE it even gets to the Windows login so that once the user logs in, it pulls their Network drives and they never have to do anything with authentication because it's already done. We use MAC Reservation on our DHCP server so that's already one form of security we have but I know we need more. I understand we'll likely have to touch every laptop to put in the connection settings which is fine, but once is all we want to do this on each system. I know the most secure form is to have certificates but I don't know if there is any money to spend on this. What is the best method to set all this up? MS-CHAP? Also, all users are of course in Active Directory so if this can be used in some way, that's ok. The main key is that all network drives will be loaded on login. This brings to my next question of will these settings work across all profiles that are created? Each laptop will get used by several different people and we don't want to have to configure this for all profiles. Is this something as simple as copying our administrator profile to the Default profile in Windows? Thanks for any and all suggestions. We're coming up on our deadline to have this done.
	0 • permalink
10.08.2010 19:44:02 pellja Posts: 5	Ok, so I've managed to make this work using TekCert and I also just learned we may have a certificate server on site to manually add in to the laptops. I managed to do this with the TekCert and it's working fine but I know it's not suppose to be used for a production environment so I'll change this after I know it's working. My setup so far is Users: Check User-Password Check TLS-Certificate (with the TEK Cert certificate that I created) Groups: Will set these up as I learn more but I know what this will do. Clients: Using a Default client set to "ietf" My Settings tab is using what the manual says to use. I'm using the Default Authentication Key and Authorization Query. Everything connects fine. On the laptop I'm using PEAP MS-CHAP v2 and then it let's me use the password for the user I created in TEK Radius. Now here's the interesting and good part. It's a dell laptop and the utility let's me check a box to authenticate BEFORE logging into the domain. So after I've typed in my domain username and password, it pops up and asks for the username and password for the Radius server. It works great! My question is how do I just make the Active Directory usernames and passwords be what is used for the authentication so that it just passes right through the wireless authentication? One other question is that I see that Data Encryption on my WLAN Controller is set to WEP 104bits (40 is also an option and so is none) when selecting 802.1x as my Layer 2 Security. Is this normal? It just seems weird that it's using WEP and that's the only option it has. Again, thanks for any help you can give.
	0 • permalink
11.08.2010 15:17:22 Admin Administrator Posts: 1684	TekCERT is not certified by an independent security authority so I've added this limitation as a warning. Please see my latest reply at http://forums.tekradius.com/topic241-tekradius-and-windows-2003-active-directory.aspx When you use WPA or 802.1X, WEP settings must not have any effect.
	0 • permalink

---