Wireless 802.1x with Window 7

Answered Question
Jun 13th, 2010

I have a WLC 6.0,  ACS 3.3 and the SSID is setup to use 802.1x with Peap Authentication.   The clients are using Windows 7 to connect to wireless.     To get the clients connected they have to go into there network properties if the wireless card,  configure the client to use PEAP,  uncheck validate server certificate, and also uncheck use computer name to login into windows.  This works fine and the user to able to connect to to wireless after dong all these steps and then entering in there Windows Username and Password.    The customer is saying that this is to many steps for the end user and they just want the user to to click on the SSID and connect.  If wireless could also be setup to use  there windows username and password   would be a bonus.  I'm basically looking for a solution that is simple but is also secure as well.  I know that's an oxymoron.   Is there anything I could do to make the wireless process simpler.  Either by going with a different security authentication or by doing something different on the clients computers.   Thanks for any help and suggestions. 

I have this problem too.
0 votes
Correct Answer by BRYN JONES about 3 years 9 months ago

This is a script that we use on our campus (University of Leeds), that self configures an 802.1x connection and when a user connects to an 802.1x connection merely asks them for their username and password, which then remained cached.


The .exe you create takes away all the techy bits that do 'confuse' some users, even if they are provided with well written documentation.



/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

https://sourceforge.net/projects/su1x/


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

http://lsayregj.swan.ac.uk/su1x/SU1X_User_Guide-v104.pdf

Features include:

- Automation of configuration of a PEAP wireless connection on XP(SP3),Vita and Win 7

- Can set EAP credentials without additional user interaction (avoids tooltip bubble)

- Installation of a certificate (silent)

- Checks for WPA2 compatibility and falls back to a WPA profile

- Third party supplicant check -SSID removal and priority setting

- Support tab: (checks: adapter, wzc service, profile presence, IP)

- Outputs check results to user with tooltip and/or to file

- Printer tab to add/remove networked printer

This tool is very cleverly written by Gareth Ayres at Swansea University

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
eshawd777 Fri, 06/18/2010 - 19:39

What do clients' Windows usernames and passwords authenticate against as it stands now? I would set up an Active Directory if that's not what's currently set up and integrate your ACS with the AD.

Secondly, you have two options to make it easier on your lazy users. You could look into scripting your profile for Wireless Zero Config or look at supplicants which make it easy to import profiles. Intel Proset Tools lets you import/export profiles, although I've never used it.

Correct Answer
BRYN JONES Fri, 06/25/2010 - 03:54

This is a script that we use on our campus (University of Leeds), that self configures an 802.1x connection and when a user connects to an 802.1x connection merely asks them for their username and password, which then remained cached.


The .exe you create takes away all the techy bits that do 'confuse' some users, even if they are provided with well written documentation.



/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

https://sourceforge.net/projects/su1x/


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

http://lsayregj.swan.ac.uk/su1x/SU1X_User_Guide-v104.pdf

Features include:

- Automation of configuration of a PEAP wireless connection on XP(SP3),Vita and Win 7

- Can set EAP credentials without additional user interaction (avoids tooltip bubble)

- Installation of a certificate (silent)

- Checks for WPA2 compatibility and falls back to a WPA profile

- Third party supplicant check -SSID removal and priority setting

- Support tab: (checks: adapter, wzc service, profile presence, IP)

- Outputs check results to user with tooltip and/or to file

- Printer tab to add/remove networked printer

This tool is very cleverly written by Gareth Ayres at Swansea University

stsargen Fri, 06/25/2010 - 10:43

All of these setings can be controlled using "netsh" form the command line.  I would suggest getting one system setup how you wnat.  Then export the Wireless profile and import on other manchine.  You could of course script the import so the users would not have to do anything but click on a single file.

http://technet.microsoft.com/en-us/library/dd878511%28WS.10%29.aspx

Here is a quick turotial to show you how to export and import your profiles.

http://www.home-network-help.com/export-wireless-network-profile.html

sbeauton Fri, 06/25/2010 - 10:47

Thanks for everyone's help.   I thought I was going crazy but everyone has posted some good suggestions.  Thanks

Actions

Login or Register to take actions

This Discussion

Posted June 13, 2010 at 5:30 PM
Stats:
Replies:4 Avg. Rating:5
Views:1034 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard