|
Posted by =?Utf-8?B?VmFzdQ==?= on June 13, 2006, 4:23 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi:
I am currently trying to deploy EAP-TLS for Wireless authentication for
clients. The clients are Windows XP and Windows CE.
Currently I have tried and got the authentication working successfully,
meaning when my client tries to connect, the authentication passes from AP to
IAS Server which then looks up the user/computer in AD (Win2k3 mixed mode)
and authenticates.
However, I have some 'branch offices' that require wireless authentication
locally even when the domain controller is offline.
I don't of-course have a DC at the branch office. Here is what I have
currently at every 'branch office'
1. Windows 2003 Standard Server
2. IAS
3. Subordinate CA (not sure if I need this)
I don't plan to issue any certificates at the branch office level (as all
my provisioning is done at the headquarters and I am authenticating computers
ONLY)
Has anyone else had the same issue or solved this problem.
I don't want to deploy the branch office server as DC because of the number
of clients (4-8). Does anyone know of any innovative ways to solve this?
I am currently experimenting with funk radius and storing the certificates
locally on the radius server and authenticating. However, I am not convinced
of the elegance of that solution. If there is some way ADAM can be used in
conjunction with IAS, that someone can think of, I'd be willing to try that
and post my results for everyone's benefit.
Thanks,
--Vasu.
| 
XML site map