securing wireless access

**argie01** · 15-04-2009

Hi,

I'm trying to config my wireless for a secure access, by using RADIUS and IAS.
I found that tutorial, which is very helpful:

http://www.microsoft.com/downloads/d...displaylang=en

So, I followed that tutorial step by step, with the only modification that the DC, IAS, and IIS are in the same Windows 2003 Standard.
The problem start when I try (page 51 of that tutorial) to enable my new Certificate Template: I can't do that, because I generated that certified with a W2003 Standard, and not with a W2003 Enterprise.

My infrastructure include 3 different offices with a DC running W2003 Standard on each of them, all in the same domain. Of course, in each office I have an wireless Access Point connected to the network.
But I also have a 4th office connected to that domain where there are servers running W2003 Enterprise.

So, the problem is I don't know whether I can (and how to do it) configure 1 W2003 Enterprise as the root Certified Server, and them configure the rest of DC on my offices as secundary Certified Server. ¿Would this be a problem if the communications between offices are cutted? I mean, in the case 1 office is unconnected of the rest of my network, the users on that office still can use the wireless access point?

Thank you for your help.

**FaMe FacToR** · 15-04-2009

Hey!
This article describes the steps required to setup a resiliant 802.11x Wifi RADIUS authentication infrastructure; a must for any SMB. This article assumes you have configured your Wireless Access Point with the desired radius server IP addresses / FQDNs and a shared secret. Refer this link : http://www.cb-net.co.uk/index.php?op...-2003&Itemid=3

Secondly try this : http://www.isaserver.org/img/upl/vpn...andaloneca.htm

**argie01** · 16-04-2009

Thank you for your answer.

But I still don't know whether there is a certificate replication (or something similar) from, for example, and Enterprise Root CA and its Enterprise Subordinate CA's.

If this is possible, I would configure my W2003 EE as Enterprise Root CA, and then configure every DC W2003 SE in my offices as Enterprise Subordinate CA.
So, that configuration should be permit connections to the Wireless Access Point in each office even in the case the link between any of them and the Enterprise Root CA doesn't works.

Is it right?

Thank you!

**argie01** · 20-04-2009

Hello again,

I just configured the RADIUS server, the IAS, and also 2 GPO to deploy certificates trought the network. All that works fine.

The configuration is that:

http://articles.techrepublic.com.com...1-6148560.html
http://articles.techrepublic.com.com...tag=rbxccnbtr1

The problem I have now is only user and computers in my AD can authenticate in the wireless point of access.
But how can a anonymous user (for example, a client visiting my office) do get a connection in my wireless network?

Thank you again!