neteng
2008-05-19 18:56:00 UTC
Hello all,
Thanks in advance for any advice you may have.
I need to secure wireless access to the company LAN. I've got AD
username/password authenciation via MS-CHAPv2 PEAP working just great.
What I need to do is make sure that users cannot use this login
information on a laptop that is not issued by the company. I figure
the easiest way to do this (since the company does not have a PKI) is
to also configure authentication through the computer accounts. I can
see this option on the Windows Wireless Zero Configurator. What I
would like to do is enforce authentication through both the username
and computer account.
I guess I'm having trouble understanding how exactly to enforce this
on the server side. What type of configuration do I need to create on
the IAS box to enforce this authentication. I'm a little confused as
to the order of operations within the policy configuration....I'm a
route/switch guy, so I'm a little outside of my comfort zone with
this. :)
As a side question, is it possible to set up Intel's PROSet with this
configuration? I did not see an option for computer authentication
there.
Thanks for your time and assistance folks!
neteng
Thanks in advance for any advice you may have.
I need to secure wireless access to the company LAN. I've got AD
username/password authenciation via MS-CHAPv2 PEAP working just great.
What I need to do is make sure that users cannot use this login
information on a laptop that is not issued by the company. I figure
the easiest way to do this (since the company does not have a PKI) is
to also configure authentication through the computer accounts. I can
see this option on the Windows Wireless Zero Configurator. What I
would like to do is enforce authentication through both the username
and computer account.
I guess I'm having trouble understanding how exactly to enforce this
on the server side. What type of configuration do I need to create on
the IAS box to enforce this authentication. I'm a little confused as
to the order of operations within the policy configuration....I'm a
route/switch guy, so I'm a little outside of my comfort zone with
this. :)
As a side question, is it possible to set up Intel's PROSet with this
configuration? I did not see an option for computer authentication
there.
Thanks for your time and assistance folks!
neteng