Jump to content

Wireless computer account authentication project

  • Please log in to reply
No replies to this topic

#1 jamessimo


    Advanced Member

  • Members
  • PipPipPip
  • 191 posts
  • Gender:Male
  • Location:Watford

Posted 25 May 2010 - 09:25 PM

Hi All

I am trying to get a lap top to authenticate against Active directory using a computer account,

I have configured an 1131 Cisco Ap to use a windows 2003 radius server that has IAS set up on it. It in turn authenticates AD that is on a domain controller.

I have mangaged to get it working on user ccounts but, I wanted to get it working on computer accounts. I am using WPA and TKIP & PEAP

To Cater for the compuetr account I have configured the following

Export "Brighthouse CA" certificate from AD Trusted Root Cert Authority
Create new OU, called "Radius Test"
Create new group, called "Radius_Test"
Add laptop "BRIGHTHO-CD1557" to new group
Create new GPO, called "Radius Test GPO"
Configure new GPO as below;
Computer Configuration / Admin Templates / Network / click on Network Connections / IEEE 802.1x Certficate Authority for Machine Authentication - enable and add Certificate Authority Hash
Computer Configuration / Windows Settings / Security Settings / Wireless Network (IEEE 802.11) Policies - create a new Wireless Network Policy and configure as below
Networks to access - Access point networks only
Add preferred network - BLLN (SSID)
EAP Type - Protected EAP (PEAP)
Computer Authentication - Computer Only
Assign GPO to new OU

RADIUS config - configure RADIUS in IAS as per RIFLOR IAS config. Straight forward with only a couple of items to configure

Test wireless / RADIUS access using laptop specified in AD group

also I have

pasted the thumbprint/hash of the certificate authority used for 802.1x authentication in Certificate Authority Hash. I obtained the thumbprint from Thumbprint field on the Details tab from the properties of a certificate in the Certificates snap-in.

Any one have any ideas that help it would be much apprecitaed

  • 0

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users