Wireless User Config?????!!!!!!!!! I need Help
Last Post: March 1, 2007:
-
About PEAP config. i said that there are some options are not supported in the "zwlancfg" sw. the problem we want to solve is: if there any other way to adjust peap settings??
such as registry modifications??Any hints?i think these settings are stored in the following path at registry
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWZCSVCParametersInterfacesinterfaceID
but this is the problem czo this ID differs from a device to another,is there a way to create an exportable registry entry that will extract values(settings) to what ever interfaceID???
i think PEAP config is a lil bit complicated for end users thats y we are concentrating on ease their job in configuring their own laptops.
about the LDAP, i dont know much but we were asked to use it for some purpose and in fact i dont know if the MS IAS can work with LDAP as it does with AD?????????? -
This is something that may help guide you in the right direction:
As M/Q stated being a member of a domain is best practice: when using AD and IAS.
http://technet2.microsoft.com/WindowsServer/en/library/e9a30a60-7f8b-435f-b210-d47c3b7ecb961033.mspx?mfr=true
Windows 2000 and Windows Server 2003 IAS
IAS resolves a user name with no domain specified by using the following sequence:
?¡é?€?¡é IAS determines a default domain from the registry, if one is specified there.
?¡é?€?¡é If the IAS server is a member of a domain, IAS authenticates the user against that domain.
?¡é?€?¡é If the IAS server is not a member of a domain, IAS authenticates the user against the local SAM database.
?¡é?€?¡é IAS uses the callback permissions for all user objects.
?¡é?€?¡é IAS log files are multi-language and are written in UTF-8.
http://www.microsoft.com/technet/community/columns/cableguy/cg1203.mspx
Active Directory Domain Controller
An Active Directory domain controller is used to store the user accounts database for active customers. When a customer performs the initial sign-up process, the Web application on the provisioning server creates a new account in Active Directory and adds the user account to the appropriate groups.
Instead of Active Directory, a WISP can use a Lightweight Directory Access Protocol (LDAP)-based database that supports dynamic creation of user accounts.
IAS Server:
IAS, the Windows implementation of a RADIUS server and proxy, is used as a RADIUS server to authenticate and authorize users connecting to the WISP network. IAS is configured with remote access policies to allow the following:
?¡é?€?¡é Guest authentication and access to the provisioning resources for wireless clients that do not yet have an account and valid connection credentials.
?¡é?€?¡é Access to the Internet for wireless clients that do have an account and valid connection credentials.
The IAS server must be running Windows Server 2003 with SP1, which includes a new Protected Extensible Authentication Protocol (PEAP) type known as PEAP-Type-Length-Value (TLV). PEAP-TLV is defined in the Internet draft titled "A Container Type for the Extensible Authentication Protocol (EAP)", and provides IAS with the ability to send the location of the provisioning server to wireless client computers in the form of a Uniform Resource Locator (URL). With the URL of the provisioning server, WPS on the wireless clients can download the provisioning XML files and begin the initial sign-up or subscription renewal process.
To provide server-side PEAP authentication to wireless client computers, the IAS server uses a computer certificate, stored in the Local Computer certificate store of the IAS server. The IAS computer certificate contains the Server Authentication purpose in the Enhanced Key Usage property of the certificate and is typically issued by a public, third-party certification authority (CA), such as VeriSign, Inc.
A public, third-party certificate is typically used because in order for the Windows XP wireless client to validate the IAS server certificate, it must have the root CA certificate of the issuing CA of the IAS server computer certificate stored in its Trusted Root Certification Authority certificate store. Windows XP already includes the root CA certificates of many public, third-party certificates in the Trusted Root Certification Authority certificate store.
If you install IAS on the Active Directory domain controller, the computer must have a computer certificate. If the IAS server and the Active Directory domain controller are different computers, only the IAS server needs a computer certificate -
Hi Again:
I promised to keep you update with last news. I've just finished my project and it worked properly.
I used the zwlancfg and made some improvments on it. My new program is able to configure any user device specially who are interested in PEAP advanced configs.
PEAP advanced confgis like
1. Fast Reconnect.
2. Validate server certificate
3. Use my windows credintials. etc.....
Are all automatically configured using the new piece of code. I stepped down to windows Registry in order to accomplish the work.
Plz for more info............................post ur questions. :D :D -
Great to hear this success . Can you share the "secret to the zwlancfg?
It sounds like you are great at scripting and that is somethng that probably took a lot of coordination.
Does it make it easier to implement and more secure of a WLAN now ? -
Very interesting thread. I hope it is to also entertain a slight aside. I reread the entire thread and I am now convinced that MohdSabri is from Minnesota as that is the only other place where "ya sure" is heard. Sorry had to do it.
-
Hi Guys:
Thnx for ur complements. For sorry i cant share the program in public -u know it took alot of efforts- however anyone who feels he/she hilghy wants the program just PM me.
BTW am from Jordan (Middle east). ;-)