Question : WPA-TKIP and RADIUS authentication

Hi All Experts,

I configured two nk Access Points (802.11g) on a Microsoft 2003 AD environment. I use MS Internet Authentication Server (ruiining on a Windows 2003 DC) as a RADIUS server to authenticate wireless users through the APs (APs are configured as RADIUS clients). All our desktops and notebooks are Windows XP SP2 (patched). We use roaming profiles (for users) in this enviornment.
Hi Experts,
I posted this question on 01/03/2005 wihtount much response to date. Therefore I am reposting it.

Hope there is atleat on expert out there who will shed some light....
L

---
My problem is this:

We have a Windows 2003 AD environment with Windows 2003 Server IAS acting as a RADIUS server. Wireless APs are D-Link D-Link DWL-7100AP.

I first configured wirelss cards (various makes) and APs to use WPA/TKIP with (P)EAP ( I point APs to the RADIUS server). If a user tries to logon (to the domain using domain credentials), it complains that user roaming profile can not be found and the user will be logged in with a temporary user profile. Once the user is logged in using the cached credentials (and temporary profile), the wireless connection gets established.

On the other hand if I configure the wireless cards and APs to use WPA-PSK/TKIP (and then I key in the pre-shared key at the desktop/notebook) it works OK.

I want to integrate the authentication to the domain (so that only pre-authorized domain logon accounts can establish wireless LAN connections through pre-authorized desktops/notebooks). I had this working with a previous set of APs using WEP. By the way I already use MAC address filtering on APs but Iam trying to establish a "higher" level of security.

This is driving me crazy for three days now. HELP!!

Answer : WPA-TKIP and RADIUS authentication

I have had this issue and i havent found a solution, however i have found a workaround (but this may not be acceptable for you). i removed any auth key for the AP to access the radius server so the communication between the AP and radius server is unencrypted. however this solved the problem albeit with slightly reduced security, however since the AP only communicates with the radius server over a cabled link it wasnt an issue for me.

however i have in my research found post regarding a time out period for recieving the roaming profile, but this was solved my enabling a machine policy setting something to do with enabling slow links support for logon etc.., which increases the time to log on as drawback, but this i believe is the same setting if you logon to your lan over VPN connection.

i didnt try the slow logon as the workaround worked for me. but i am sorry i am a bit vague as i messed with this ages ago and i cant remember exactly what policy setting it is, someone else can probably fill that part in for me :)

regards

stuart buchanan

Random Solutions

Secure email service

Question on NIC's speed and duplex

Need to set up RADIUS server on Windows Server 2003

Multiple Emails

DNS not resolving intranet address when connected via VPN

How to connect a cat5 jack?

Windows XP Professional Slow browsing network

Windows services are not able to access share Keep getting Error: Bad Network name \Device\NetWareRedirector\<wbr />Path\to\my<wbr />\file

Cannot connect to SBS 2003 VPN