Certificates to 802.1x LEAP ethernet and wireless clients

Hello guys, I have just configured a radius server, active directory domain controller and certificate server on one windows 2003 pc. I have generate a self-signed digital certificate and used certificate server to generate a root certificate from it. I have exported it as a 'public key only' and saved it on the desktop of the radius server.
1) I configure the radius server policy to accept connections from wireless and Ethernet connections using 'PEAP'
2) And that the user must supply a user name and password from active directory. Before entering the network.
3) I am planning on using 802.1x port security ( config-if # dot1x port-security auto )on the switch connecting to the pc
4) i am planning on pointint the switch to server and server to switch. i will also configure the client network cards for PEAP.
What I don't know is how will the client pc get this certificate that is on my radius server? Do they need to have a copy on their own machines for them to be able to communicate with the server? This is where I am lost
Thanks

Certificates are a matter of trust - if an entity trusts the root (your CA) of a user certificate, and the certificate itself has no other problems, then it automatically trusts the certificate. If your RADIUS server and user/machine certificates all came from the same root (your self-signed CA), and you put the root certificate (public key version) in the trusted list, then you are good to go.
If you are using the Microsoft PKI services on your server (that is also your domain controller), then I'm pretty sure that your windows computers will automatically trust your root once the windows computers have been joined to your domain.
Also - for PEAP on Windows computers, you can completely disable the client's verification of the (RADIUS) server certificate. It's great for testing, but I recommend deploying with server certificate validation enabled.
Lastly - if you're building a lab, you may also want to investigate user and computer certificates and EAP-TLS. Windows CA with windows clients makes it very simple to deploy. Macintoshes are a pain, no matter what kind of CA you use.

Similar Messages

  • How to install Ethernet and Wireless adapters after fresh install

    My laptop's hard disk died. I got a new hard disk and did a fresh install. But I can't see the Ethernet and Wireless icons on the tray. I am assuming that I have to install those drivers. How do I go about that?
    Terry

    The easiest way is to download
    1, Go to Lenovo's support site, find the driver matrix for your model of ThinkPad, download the Ethernet driver, and install it.
    2. Then download and install ThinkVantage System Update.
    3. Run TVSU and let it find and install all the drivers, utilities, etc. that you need.
    You'll also want to do a Microsoft Update at the Microsoft site.
    Cheers... Dorian Hausman
    X1C2, TPT2, T430s, SL500, X61s, T60p, A21p, 770, 760ED... 5160, 5150... S360/30

  • How Do I Network Multiple Base Stations Using Ethernet AND Wireless?

    Hi, everyone. I am having great difficulty setting up a network using multiple Airport Extreme base stations that are connected using both ethernet and wireless connections. I have one main base station connected to a cable modem, and I want to create a unified network and share its internet connection with three other base stations: one that is connected on an ethernet network, one connected to it wirelessly, and the fourth that would be connected wirelessly to the base station on the ethernet network.
    The "Designing Airport Networks" manual explains how to build roaming networks of base stations that are connected to one another via ethernet. And it also explains how to build a WDS of wirelessly connected base stations. What it doesn't explain is how to build a network employing both ethernet AND wireless!
    I spent most of today trying to get the base stations to work in various configurations to no avail. I could get part of the network working, but not all of it. I'm at the point where I'm going to need to do a hard, factory reset on all the base stations and start over, but I wanted to see if anyone had any suggestions for me. Any help would be incredibly appreciated! Thanks so much...
    Message was edited by: Bill Ryan2

    If you have stations connected via Ethernet and want them to appear as a single seamless wireless network, configure them as follows:
    Same SSID (network name).
    Different channels. As far apart as possible.
    Same wireless encryption type/level/password.
    Only the base station connected to the Internet source distributes IP addresses. All the others are configured as bridges.
    If you have stations connected wirelessly using WDS and want them to appear as a single seamless wireless network, configure them as follows:
    Same SSID (network name).
    Same channel.
    Same wireless encryption type/level/password.
    It appears that you want to mix the 2 type of connections. This is easily done and here is a simple example:
    base1 Ethernet base2
    In this example base1 and base 2 are configured as I suggested above for Ethernet connections.
    Now add base3 connected wirelessly:
    base1 Ethernet base2 wireless base3
    Now base2's configuration must be modified slightly so that it acts as a WDS main. base3 is configured to act as a WDS remote (or relay).
    No changes are needed to base1 since it is completely unaware and uninvolved in the WDS link between base2 and base3.

  • How to configure use of Ethernet and wireless simultaneously, with different Windows´s?

    Hello friends,
    My network has two Win XP-laptops connected via ethernet to a Dovado-router, and from the Dovado-router another ethernet cable to a Win 7 PC.
    The Win 7 PC connects to the internet via a D-Link wireless network to my ISP wireless router Huawei E589.
    Problem: the PC refuses to work with both ethernet and wireless at the same time.
    I use the ethernet for tranferring vast amounts of graphical data (astronomy photographs at 3-4 GB each), and I can only access the internet through the wireless. Neither XP nor 7 wizards are able to fix it. Both networks were visable in Network Center,
    now only the wireless is available. Ethernet is gone.
    What do I do, to make it work?

    Hi,
    What's your purpose? My understanding is that you want Windows 7 PC wireless use internet and wired use Lan. If I am misunderstand please point me fault.
    For the situation you can do like this:
    1) Setting for your both routers. 
    Make sure both routers have different Router IP's and SUBNETS, you should try to set the subnet of Dovado-router to 255.255.255.252(this router should be used as local Lan, not connect to internet).
    Set the subnet of D-link to 255.255.255.0
    2) Setting For the LAN adapter. 
    Under the TCP/IP properties(Lan adapter),  please assign a unique IP address (which coincides with the subnet of Dovado-router ), set the subnet to 255.255.255.252 (or whatever you set it to Dovado-router). The very important things is that
    don't assign any GATEWAY to Lan adapter, leave it blank.
    3) Setting For the WIRELESS adapter.
    Under TCP/IP properties(wireless adapter), please assign a unique IP address (that coincides with the wireless router), set the subnet to 255.255.255.0 (or whatever the default is for the wireless router), and make sure to type gateway IP address ( D-link
    IP address).
    Now you can test if they are work normally.
    Hope this helps.
    Regards.
    Spencer
    TechNet Community Support

  • Apple TV 2nd Gen - ethernet and wireless

    Can you use ethernet and wireless connections at the same time?  I am trying to improve movie watching on Netflix and want a direct connection.  However, I dont want to give up wireless for music and photos, etc.

    No.
    It's one or the other. Plugging an ethernet cable in will disable the wireless on the Apple TV.

  • Both ethernet and wireless time-out trying to connect

    I'm having a problem with getting my laptops' IP assigned by dhcp. Both over ethernet and wireless.
    I have no problem connecting to my WPA connection at home, but now I'm at my parents for a week or two, it refuses to connect to their WEP network.
    To connect to my WPA network I run this script from rc.local, which works fine on startup.
    ifconfig ra0 up
    iwconfig ra0 essid *********
    iwconfig ra0 ap **:**:**:**:**:**
    iwconfig ra0 rate auto
    iwconfig ra0 channel auto
    iwconfig ra0 mode Managed
    iwconfig ra0 txpower auto
    iwpriv ra0 set AuthMode=WPAPSK
    iwpriv ra0 set EncrypType=AES
    iwpriv ra0 set WPAPSK=***************************************
    iwpriv ra0 set TxRate=0
    dhcpcd ra0
    So for the WEP network, I have commented all that out and changed rc.conf like so:
    lo="lo 127.0.0.1"
    eth0="dhcp"
    ra0="dhcp"
    wlan_ra0="ra0 essid ***** key *******************"
    WLAN_INTERFACES=(ra0)
    INTERFACES=(lo eth0 ra0)
    gateway="default gw 192.168.0.1"
    ROUTES=(!gateway)
    But when I try to connect it just returns "Error, ra0: timed out".
    I have also tried modifying rc.local (appropriately i think), but that seems to time-out too.
    This wouldn't be so bad if I had the option to connect by ethernet, but that doesnt work either! It also times out, just like the wireless. I don't think it is the router, as all the other computers in the house work fine, both wired and wireless. But I don't think it's a driver issue either, as I can see all the AP's in kismet, and also I used the ethernet port when I first installed Arch a couple of months ago. I assume it's dodgy config files or clashing commands or something, but I've looked in the wiki and other forums etc, and I can't see what I'm doing wrong.
    Any help would be very appreciated.
    Thank you.
    Paul

    Make sure about the addresses for the LAN the router at your parents is using - they are not necessarily the same.

  • [SOLVED] Can't get ethernet and wireless working on timelineX 3820TG

    Hi folks I am new around here, but wanted to try arch for a while now.
    So here is my problem and description :
    I installed Arch (everything in order there and the guide is great! ), but when I come to the part of connecting to the internet I seem to be left without an option for internet conection. Which is strange because I have Ubuntu installed on the machine and wireless works (propriatary drivers) and ethernet kind of works (atheros driver).
    Now from Ubuntu I know that for my wifi I need  the wl kernel module (Broadcom wireless card) and that I need the atl1c module for the Ethernet.
    So here is some basic info about the machine:
    installed image 2010.05 x64 with kernel:
    2.6.33-ARCH #1 SMP PREEMPT Thu May 13 11:32:37 CEST 2010 x86_64 Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz GenuineIntel GNU/Linux
    ifconfig -a output :
    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
    Even if I load the atl1c module the output is the same, I tried loading the atl1e instead. I also tried blacklisting atl1c and atl1e and adding them with modprobe command.
    here are the two adapters (wireless and lan) :
    03:00.0 Ethernet controller: Atheros Communications AR8151 v1.0 Gigabit Ethernet (rev c0)
    05:00.0 Network controller: Broadcom Corporation Device 4357 (rev 01)
    EDIT:
    Well...
    After a quite extensive research I see that the atl1c and atl1e are quite buggy... so I guess in my case they won't work.
    But I am not giving up yet...
    all I need is internet conection (wireles or wired), so I did some research on the Broadcom 4357.
    It turnes out that I can find it in the AUR repository. And there is also a tar from broadcom.
    I also found this guide which describes how to install the driver.
    That however presents new problems...
    make command output for the broadcom driver :
    make: *** /lib/modules/"release"/build: No such file or directory. Stop.
    while "makepgk" tells me that makepgk is not installed.
    I also searched in the packages section for build-essential, makepgk... but found nothing relevant. Maybe I did something wrong ?
    Any Ideas on how to get it all working and compile the driver? (preferably with the files from AUR)
    Any help is greatly appreciated.
    Last edited by fizk-jnk (2011-01-10 15:12:08)

    thanks. i found this one: http://aur.archlinux.org/packages.php?ID=19514
    that's too bad. i was hoping i wouldn't have to use it, but maybe i have no choice.
    but now that broadcom has released the driver as open source (see this: http://thread.gmane.org/gmane.linux.ker … ral/55418), will broadcom-wl become obsolete?
    Last edited by anti-destin (2010-09-11 14:02:26)

  • Why can't the 6700 support both ethernet and wireless simultaneously?

    I have two desktop computers connected to my wirless router/cable modem via ethernet and two laptops that connect via wireless.  Can I configure my new 6700 to accept both? 

    Hi,
    Any consumer product support either Ethernet or Wireless connection, the connections cannot be used simultanly..
    However connecting the pritner to your network (either by Ethernet or Wireless) will allow installing the printer on ANY pc connected to the same network, either by Wireless opr Ethernet connection..
    Once the printer connected to your network, simply install the CD on any of your computers...
    hope that clarifies,
    Shlomi
    Say thanks by clicking the Kudos thumb up in the post.
    If my post resolve your problem please mark it as an Accepted Solution

  • Radius for 802.1x; Remote Access and Wireless authentication

    Looking to use a single Radius platform for authenticating Remote, wired and wireless users and machines. Anyone with some experience with that use to share some lessons learns...

    Hello Richard,
    there is a previous post from a user who wants to add authentication to his Cisco ACS Radius server for wireless clients, it might be worth contacting that user to see how he resolved this...here is the link to the thread:
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Getting%20Started%20with%20LANs&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd9504e
    Also, have a look at the document below, which talks about the issue:
    Selecting an EAP Method: the RADIUS Authentication Server Component
    http://www.interlinknetworks.com/news/newsletters/20031104/tech.htm
    HTH,
    GP

  • Airport Extreme (4th generation) and "Wireless Client Mode"

    Hello All,
    I am using  an Airport Extreme (4th generation) and I wonder why in "Wireless Client Mode" I am unable to connect my network using the Ethernet connection.
    Basically, what I wish to do is a bridge between a Base Station Wireless N <--> Base Station Wireless N (Airport Extreme) distributing the connection via its integrated Ethernet ports.
    Thanks,
    Sebastian

    I wonder why in "Wireless Client Mode" I am unable to connect my network using the Ethernet connection.
    The Ethernet ports are not enabled if you configure the AirPort Extreme to "Join a wireless network". Oddly, the USB port is enabled.
    If you have another Apple "n" wireless router as your main base station, you could configure the AirPort Extreme to "Extend a wireless network". This would provide more wireless coverage and enable the Ethernet ports on the device.
    Ironically, the less expensive AirPort Express 802.11n will do what you want.
    When the Express is is manually configured to "Join a wireless network", there is a special feature  to "Enable Ethernet clients", which will activate the Ethernet port.

  • Bridge Mode and Wireless Clients

    I have my network up and running fine, but I am now thinking I may need to tweak it a bit. I have an AEBS(n) and an Airport Express both set up with WDS. The Extreme is the base station and the Express is set in WDS Remote and in Bridge mode under the internet tab. The Express is hooked up via a wired ethernet connection to my PS3. Everything works.
    I am wondering if in bridge mode, the express accepts wireless clients as well as providing net access to my PS3 over the ethernet cable. Both the extreme and express stations are close enough together that I am not sure which one I am connecting to when I use my laptop wifi.
    Thanks in advance for your help.

    I am wondering if in bridge mode, the express accepts wireless clients as well as providing net access to my PS3 over the ethernet cable.
    Yes if you enable that option.

  • WRT150N (New) Gateway IP stops responding to LAN and wireless clients. Hangs, stops, loss of service

    WRT150N Firmware Version: v1.51.3 : From LAN and wireless connected devices, Internet connectivity is lost. I try to ping the LAN side gateway IP address from my laptop and desktop, no response. Web management does not work either. Power re-cycle of the WRT150N fixes the problem. The problem is infrequent, it can happen twice per day or once every 2 days.
    When the problem occurs,
    the DHCP info in my clients looks fine and shows the correct gateway IP address, mask etc. ;
    the desktop and laptop can still ping each other;
    The gateway is unreacheable and all out going connectivity is lost
    Does anybody have any solution or maybe has had the same experience.
    I cannot track the problem happening to any particular event or usage pattern however I am using the Azureus bit torrent client all the time.
    I have an incident raised with LinkSys Technical Support but no response so far from them.
    WRT150N Firmware Version: v1.51.3  

    Hi - please go to this thread for more details:
    http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&message.id=103033#M103033
    or search for the other thread started by (fb2k). But briefly over the 1 year period since this thread started my local store replaced my wrt150n 3 times and then gave me a wrt160n which was replaced and its still having the problem. I am now running Open Source wireless software (DD-WRT) on the WRT160N and it has been up 18 days with no restart. I didnt want to do this but I got fed up taking my unit back to the store. Thanks to fb2k (on the other thread) for taking the plunge and reporting success with the DD-WRT software.
    Message Edited by NetGuy-Dubai on 08-23-2008 01:06 PM
    Message Edited by NetGuy-Dubai on 08-23-2008 01:07 PM

  • 802.1x over ethernet and airport impossible together ??

    I am connected to my University network (and to the internet) through a 802.1x network (Through Ethernet, not Airport).
    I have an iPod Touch with which I want to connect to the Internet.
    I went under Sharing, and created a Wireless network sharing the Ethernet internet. I was able to connect my Mac WITHOUT 802.1x to the internet for some time (authorised for a short time by the university) and was able to access the Wifi network and the internet with the iPod Touch.
    However, as soon as I connect to the 802.1x network, Airport dismisses it's network, it just disappears ...
    Why does it do that, can I prevent it and if not, is there any alternative for my problem ?

    Yeah, I was just going on/hoping for... the 802.1x likeness.
    Have you repaired Permissions lately?
    Might try trashing these files & reboot...
    /Users/nnnn/Library/Preferences/com.apple.internetconnect.plist
    /Library/Preferences/SystemConfiguration/preferences.plist
    /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist
    /Library/Preferences/com.apple.sharing.firewall.plist
    ... of course you dont have to trash them, you can just move them to the desktop to drag back if it doesn't work.

  • HT2822 I want to use my Apple TV on ethernet and wireless...

    I watch iTunes programs on TV via my Apple TV and prefer an ethernet connection for transfer speed and reliability, but I also want to watch live (internet) TV via my iPAD through Apple TV Airplay and this requires a wireless connection.
    I don't seem to be able to do this switch automatically on an as required basis, as Apple TV prioritises the ethernet connection and drops the wireless,so I've had to revert to a wireless connection for both scenarios in lieu of tedious manual switching from one to the other and back.
    Can anyone suggest a better way.
    I have a wireless modem router and Powerline adaptors around the house. Apple TV is latest generation.
    iPad3 is on latest iOS.
    pc is Win 8.1.
    iTunes is 11.1.5.5.
    Thanks

    I assure you it only needs to connect to your network via one or the other.
    Then there is an issue with AirPlay.
    iOS: Troubleshooting AirPlay and AirPlay Mirroring
    Flagship23 wrote:
    Difference being LAN or WLAN I suppose.
    Nope.
    LAN is local area network or the ethernet connections for your network.
    WLAN is wide are network and refers to your connection to the internet.

  • M45 S359 laptop auto switch between ethernet and wireless

    Had a HDD failure, replaced the HDD and rebuilt system.  Everything is working with the exception of autoswitching the connecting to the internet.  The machine used to auto switch to wireless if the ethernet cable was removed and connect via wireless or vise versa.  I now have to manually switch to the connection, do a repair before it will connect.  Once the repair is done, the connection is solid. It is probably a simple?? configuration somewhere, but I do not know where.   Need some guidance,  Tx..

    Let's keep things in this thread.
    -Jerry

Maybe you are looking for