-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I am following this thread with interest as I am in the middle of
preparing our domain for this also. I have one (possibly redundant)
question, below in line.
On 20 Apr 2006, at 14:09, Jef Kazimer wrote:
Dave,
The certs can be used in fifferent ways. If you are using EAP-TLS
which uses the Certs to authenticate the user and the server, you
will need a CA to issue this. This would require a PKI solution to
be in place. While not hard or impossible in 2003, just something
you want to be cautious about.
using EAP-PEAP method, the Cert is only used to identify the server
to the client, and open a secure tunnel so the password credentials
can be sent over. Once the user is authenticated, then the
connection is secured through the 2 choices of wireless
encryption. You do not need a CA For this, and can request an IAS
certificate from Verisign I believe still.
Is there actually a requirement for the cert? From an operational
POV. Can I get away with not using a cert from VS?
With IAS as the middleman between the WLAN device and the
directory, you can set Access policies from as simple as "If useri
s member of domain grant access, else deny" kind of stuff, to more
granular rules.
There is a nice MS doc, showing how this can be done, from building
the 2k3 domain from scratch, to actually applying the group policy
entries.
Now one thing though, where I am, we use Dell for our laptops
which come standard with the built in WiFi Modem (1450 card). Dell
has their own client tool that can utilize PEAP as well. The one
benefit is the Dell cllient does have a GINA addition, which allows
a pre-logonWLAN authentication. Some people like this so their
logon script runs, etc. So while not needed, it's a 3rd party tool
some people like. It also allows us to do EAP-PEAP on WIndows 2k
boxes which do not support it natively.
has anyone applied WiFi GPs with Toshiba laptops? Specifcally Toshiba
S100s, and (I think) the new M5s?
tia,
bernard
- -------
Bernard Tyers
Dublin 1
Ireland
e-mail: [EMAIL PROTECTED]
sip:[EMAIL PROTECTED]
skype: bernard_tyers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFEpmu2lbEshEwOH3sRAjr3AJ903OIUqOn+nQSLlT+hxvCHUmU7CACeMXfN
hX4pyrlIdU0wIEhlQpjAEx8=
=SL9K
-----END PGP SIGNATURE-----
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
