Re: Windows 2000 IAS Server Configuration Setting

yhatami · ‎09-16-2003

I have setup Windows 2000 IAS Server with SP-4, I am trying to utilize the IAS server (Radius), I also need to import a cert from a Windows 2000 Certificate Server which have in the house. I am not a windows person can anyone assist me with importing the cert and making sure the configuration for the IAS is setup to except the EAP request from Windows PEAP clients.

Report Inappropriate Content · ‎09-22-2003

To Download and install the certificate for the client, follow these steps:

a. open the CA, goto http://IP_of_CA_server/certsrv/

b. select Retrieve a CA certificate, and click next

c. select Base64 Encoding, and "download CA certificate"

d. save the file to the desktop

e. Once downloaded double click on the certificate, and select "install certificate"

f. click next

g. select "Place all certificates in the following store", then click browse

h. check the box "show physical stores"

i. expand "trusted root certification authorities", select local computer, and click ok.

j. click next, FINISH, and click ok for "the import was successful" box

To Setup XP SP for the certificate, perform these:

a. open network connections on the control panel (click Start -> control panel)

b. right-click the wireless network and select properties

c. on the wireless network tab, make sure "use windows to configure..." is checked.

d. if you see the SSID in the list click configure, if NOT click ADD.

e. Put in SSID, check the boxes WEP and "Key is provided for me automatically".

f. select authentication tab, make sure "enable network-access control using..." is checked

g. EAP type select "PEAP", click properties

h. Under "trusted root certificate" select the name of the certificate you downloaded.

i. click ok, ok, and OK

yhatami · ‎09-24-2003

Thanks for the feedback, however I am trying to use PEAP on Windows machines to authenticate to IAS server, but I am not sure how to point IAS server to use the certificate I have download on the IAS server?

And what about the user, since you can create any users in IAS server? How can I use the IAS server which is also my stand alone CA server to direct the user request to the domain controller to verify user identity?

andrew.butterworth · ‎10-01-2003

You need to have a computer certificate installed on the IAS server (the replies above detail this). Next open IAS go to remote access policies, in click properties of 'Allow access if dial-in permission is enabled', then 'Edit Profile'. Click the Authentication Tab and check the 'Extensible Authentication Protocol' box and the drop-down box then allows you to select PEAP. If you click configure you can select the certificate to use for PEAP.

Andy

yhatami · ‎10-02-2003

Hi Andrew,

When I click on "Edit Profile" and click on Authentication Tab, when I choose PEAP, and when I click on Configure, the IAS server reports this message "a ceritificate could not be found to be used for the EAP." As I mentioned before, this server is also by CA server in stand alone mode. Just an FYI, I have cisco ACS on the same machine and when I requested for the cert for the ACS everything as far as PEAP works fine. I am not sure If I have to get a cert just for IAS??? even though this machine already has a Cert, due to CA setup.

andrew.butterworth · ‎10-04-2003

Check to see what certificates are installed:

load mmc (start, run, mmc). Click Console and select Add/Remove Snapin. Click add and then select Certificates, select Computer Account and then local computer. You could also add Certificates again but select User account to see what User Certificates are installed. when you have done that you should be able to navigate and see what certificates are installed.

Under Local Computer and Personal Certificates I have a certificate installed that was issued to my computer (with its FQDN) and issued by our CA. This is the certificate that IAS uses. This certificate is automatically pushed down to all member computers (W2K) via a Group Policy.

Andy