Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WLAN with PEAP-MS-CHAP v2 authentication

Status
Not open for further replies.
Knutern

Knutern

Technical User
Mar 5, 2002
285
NO
Hi,

dont't know if this is the right place to post this, but i'll give it a try.

I've just been testing numerous ways of authenticate wireless lan clients, WPA/TKIP and PEAP-MS-CHAP v2.

What wonders me is, Microsoft says that
Windows wireless clients include the root CA certificates of many third-party CAs. If you purchase your IAS server certificates from a third-party CA that corresponds to an included root CA certificate, no additional wireless client configuration is required. If you purchase your IAS server certificates from a third-party CA for which your Windows wireless clients do not include a corresponding root CA certificate, you must install the root CA certificate on each wireless client.
Click to expand...
Now, since we have our own CA, I would suppose i'd need to install our root-certificate on each client that wants wlan. However, and that surprises me a bit, i'm able to do wlan even without our root-certificate installed on the client machine.

What does this imply for me? Is the communication unsecure without?

Cheers
Knutern
 
Sort by date Sort by votes
A couple of things to check:

Are you sure you don't have your root CA installed on the clients you have tested with?
Are your clients part of a domain? If they are then I think you will automatically trust a CA for your domain.
Also your domain could be pushing certificates down to domain workstations automatically.

Andy
 
Upvote 0 Downvote
Hello,

1. Yes, i've removed (the certificates) them all.
2. Yes, i've tried both (domain member and not).
3. Yes, we do publish certificates.

Re 1: i even removed every certificate on the computer, using the certificates snap-in (local computer and personal).

Re 2: I was suspecting this might be an issue too, so I've tried both as domain member and as standalone.

Re 3: We do in fact publish certificates, because we normally use WPA/TKIP and certificate authentication, using our own CA, not from some 3rd party provider.

Cheers
Knutern
 
Upvote 0 Downvote
I had the opposite when I set mine up - I couldn't get a PC that wasn't part of the domain to connect without installing the root-certificate on it. If I remember it came up with a message about not being able to trust the certificate or something. I had the same issue with some Wireless PDA's (iPAQ 5450 with WM2003), these wouldn't connect until the root-certificate was installed (similar message on the iPAQ I think).

Are you part of a bigger organisation and your certificate path is trusted?

Andy
 
Upvote 0 Downvote
Well, big is relative, but we don't use any 3rd party root certificate if that is what you are thinking of.

We have created our own CA, and before trying to enable the WIFI NIC, I did check to see if the local computer had our root certificate installed (and if so, i'd remove it for this test scenario). Thereafter i'd boot the machine and have no problems whatsoever connection.

*confused*

Cheers
Knutern
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
758
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
387
DrB0b
DrB0b
sburgess73
  • Locked
  • Question
MSIPCCache Folder
Replies
0
Views
232
sburgess73
sburgess73
Scparks
  • Locked
  • Question
Trouble with setting up a SMTP Relay to Office 365
Replies
0
Views
271
Scparks
Scparks

Part and Inventory Search

Sponsor

Back
Top