Configuring Wireless Client Computers

Previous page
Table of content
Next page

Configuring Wireless Client Computers

To configure wireless client computers, complete the tasks described in the following sections:

  • Install the root CA certificate (if needed).

  • Configure 802.1X authentication for PEAP-MS-CHAP v2.

Installing the Root CA Certificate

If the root CA certificate of the issuer of the computer certificates installed on the IAS servers is already installed as a root CA certificate on your wireless clients, no other configuration is necessary. If your issuing CA is a Windows 2000 Server or Windows Server 2003 online root enterprise CA, the root CA certificate is automatically installed on each domain member computer through Group Policy.

To verify whether the correct root CA certificate is installed on your wireless clients

  1. Determine the root CA from the computer certificates installed on the IAS servers.

  2. Check to see whether a certificate for the root CA is installed on your wireless clients.

To determine the root CA from the computer certificates installed on the IAS servers

  1. Click Start, click Run, type mmc, and then click OK.

  2. On the File menu, click Add/Remove Snap-In and then click Add.

  3. Under Snap-In, double-click Certificates, click Computer Account, and then click Next.

  4. Do one of the following:

    • If you logged on to the IAS server, click Local Computer and then click Finish.

    • If you are configuring the IAS server from a remote computer, click Another Computer and type the name of the computer, or click Browse to select the computer name and then click Finish.

  5. Click Close.

    Certificates (Local Computer or Computer Name) appears on the list of selected snap-ins for the new console.

  6. In the console tree, double-click Certificates (Local Computer or Computer Name), double-click Personal, and then click Certificates.

  7. In the details pane, double-click the computer certificate used for wireless authentication.

  8. On the Certification Path tab, note the name at the top of the certification path. This is the name of the root CA.

To see whether a certificate for the root CA is installed on your wireless client

  1. Click Start, click Run, type mmc, and then click OK.

  2. On the File menu, click Add/Remove Snap-In, and then click Add.

  3. Under Snap-In, double-click Certificates, click Computer Account, and then click Next.

  4. Do one of the following:

    • If you logged on to the wireless client computer, click Local Computer and then click Finish.

    • If you are configuring the wireless client computer from a remote computer, click Another Computer and type the name of the computer, or click Browse to select the computer name, and then click Finish.

  5. Click Close.

    Certificates (Local Computer or Computer Name) appears on the list of selected snap-ins for the new console.

  6. In the console tree, double-click Certificates (Local Computer or Computer Name), double-click Trusted Root Certification Authorities, and then click Certificates. Examine the list of certificates in the details pane for a name(s) matching the root CA for the computer certificate issued to the IAS server(s).

If a certificate for the root CA is not installed, you must install the root CA certificate(s) of the issuer(s) of the computer certificate of the authenticating servers on each wireless client for the Windows operating systems that do not contain them. The easiest way to install a root CA certificate on all your wireless clients is through Group Policy, as described below.

To install a root CA certificate on a wireless client using Group Policy

  1. In the console tree of the Certificates snap-in on an IAS server, double-click Certificates (Local Computer), double-click Trusted Root Certification Authorities, and then click Certificates.

  2. In the details pane, right-click the root CA certificate of the issuing CA of computer certificates on the IAS server, point to All Tasks, and then click Export.

  3. On the Welcome to the Certificate Export Wizard page of the Certificate Export Wizard, click Next.

  4. On the Export File Format page, click Cryptographic Message Syntax Standard PKCS #7 Certificates (.PB7).

  5. Click Next. On the File To Export page, type the filename for the exported certificate or click Browse to specify a location and filename.

  6. Click Next. On the Completing The Certificate Export Wizard page, click Next and click OK.

  7. Open the Active Directory Users And Computers snap-in.

  8. In the console tree, double-click Active Directory Users And Computers, right-click the appropriate domain system container, and then click Properties.

  9. On the Group Policy tab, click the appropriate Group Policy object (the default object is Default Domain Policy) and then click Edit.

  10. In the console tree, open Computer Configuration; then Windows Settings; then Security Settings; then Public Key Policies. The Public Key Policies node is shown in the following figure.

    graphic

  11. Right-click Trusted Root Certification Authorities and then click Import.

  12. In the Certificate Import Wizard, specify the file that was saved in step 5.

  13. Repeat steps 8 12 for all appropriate domain system containers.

The next time the wireless client computers update their computer configuration Group Policy, the root CA certificate of the issuing CA of computer certificates on the IAS servers is installed in their local computer certificate store.

To manually install a root CA certificate on a wireless client

  1. Export the root CA certificate to .PB7 file by following steps 1 6 of the previous procedure.

  2. In the console tree of the Certificates (Local Computer) snap-in on the wireless client computer, double-click Certificates (Local Computer), double-click Trusted Root Certification Authorities, and then click Certificates.

  3. Right-click Certificates, point to All Tasks, and then click Import.

  4. The Welcome to the Certificate Import Wizard page of the Certificate Import Wizard displays. Click Next.

  5. On the File To Import page, type the filename of the certificate file saved in step 1 in File Name, or click Browse and use the Browse dialog box to locate it.

  6. Click Next. On the Certificate Store page, click Place All Certificates In The Following Store. By default, the Trusted Root Certification Authorities folder should display as the import location.

  7. Click Next. On the Completing The Certificate Import Wizard page, click Finish.

Configuring 802.1X Authentication for PEAP-MS-CHAP v2

If you configured Wireless Network (IEEE 802.11) Policies Group Policy settings and specified the use of PEAP-MS-CHAP v2 authentication for your wireless network the Protected EAP (PEAP) type with the Secured Password (EAP-MSCHAP v2) authentication method no other configuration for wireless clients running Windows XP (SP1 or later) or Windows Server 2003 is needed.

To manually configure PEAP-MS-CHAP v2 authentication on a wireless client running Windows XP (SP1 or later) or Windows Server 2003

  1. Obtain properties of the wireless connection in the Network Connections folder. Click the Wireless Networks tab; then click the name of the wireless network in the list of preferred networks and click Properties.

  2. Click the Authentication tab and then select Enable Network Access Control Using IEEE 802.1X (enabled by default) and the Protected EAP (PEAP) EAP type.

  3. Click Properties. The Protected EAP Properties dialog box displays.

  4. In the Protected EAP Properties dialog box, the Validate Server Certificate check box is selected by default. If you want to specify the names of the authentication servers that must perform validation, select Connect To These Servers and type the names. The Secured Password (EAP-MSCHAP v2) PEAP authentication method is selected by default.

  5. To enable PEAP fast reconnect, select the Enable Fast Reconnect check box.

To configure PEAP-MS-CHAP v2 authentication on a wireless client running Windows 2000 and Microsoft 802.1X Authentication Client

  1. Obtain properties of the wireless connection in the Dial-Up and Network Connections folder.

  2. Click the Authentication tab and then select Enable Network Access Control Using IEEE 802.1X (enabled by default) and the Protected EAP (PEAP) EAP type.

  3. Click Properties. The Protected EAP Properties dialog box displays.

  4. In the Protected EAP Properties dialog box, the Validate Server Certificate check box is selected by default. If you want to specify the names of the authentication servers that must perform validation, select Connect To These Servers and type the names. The Secured Password (EAP-MSCHAP v2) PEAP authentication method is selected by default.

  5. To enable PEAP fast reconnect, select the Enable Fast Reconnect check box.

    NOTE
    By default, the PEAP-MS-CHAP v2 authentication uses your Windows logon credentials for wireless authentication. If you are connecting to a wireless network that uses PEAP-MS-CHAP v2 and you want to specify different credentials, click Configure and clear the Automatically Use My Windows Logon Name And Password check box. Windows 2000 IAS does not support fast reconnect.


Previous page
Table of content
Next page
Deploying Secure 802.11 Wireless Networks with Microsoft Windows
Deploying Secure 802.11 Wireless Networks with Microsoft Windows
ISBN: 0735619395
EAN: 2147483647
Year: 2000
Pages: 123
Authors: Joseph Davies
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Agile Project Management: Creating Innovative Products (2nd Edition)
Java for RPG Programmers, 2nd Edition
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy