[Dshield] Wireless MAC Authentication options.
John B. Holmblad
jholmblad at aol.com
Thu Aug 25 15:19:06 GMT 2005
in a Microsoft environment you CAN if you choose support certificate
based authentication of the client as well. I have tested this out and
it does work. This is useful because, it is possible to configure the
client (in a Microsoft network) to authenticate to the AP when the
system is powered up so that the computer can authenticate to the AD
domain controller and computer based (as opposed to user based AD/Group
Policy profiles can be downloaded even before a user logs on. In fact,
in such a scenario it is also possible to have a re-authentication to
the AP occur once the user does log on. That way the sysadmin can make
sure that not only is the computer allowed to enter the network via the
wireless AP but also that the specific user is permitted to do so.
Clearly MS-CHAP-V2 is easier for the sysadmin to set up, especially in a
Windows Workgroup network that does not have a server configured with,
say Certificate Services, to easily create and issue computer
certificates for the clients or. alternatively, have such client
certificates requested by the clients..
Here is the url to the results of my research on this:
and there is plenty of info available from the Microsoft www site on how
to set up certficate based authentication in an 802.11 wireless
environment. Microsoft Press also has a Mictext, "Windiwos 2003 PKI
Certificate Security" that has a section pertaining to wireless networking.
GSEC Gold,GCWN Gold,GGSC-0100,NSA-IAM
(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388
primary email address: jholmblad at aol.com
backup email address: jholmblad at verizon.net
More information about the list