IAS question

[Jeff Miller]

We currently have a cisco wireless access point authenticating users through
PEAP and a certificate authority. It appears as if only users who's
machines are part of the domain can connect. If the client has the cert on
their machine, and you force the wireless to not auto use user/domain/pass,
should they be able to connect?

 

[Herb Martin]

I don' t believe that Win2000 supports this but I suspect that
Win2003 does (PEAP etc.)

I am at the edge of my expertise here so only use the above
comment as a hint and for further investigation.

 

[Jeff Miller]

yes we are using 2003 for the IAS server, and it is working properly. Just
want to know if laptops that aren't in the domain will ever be able to
connect properly.

 

[Herb Martin]

yes we are using 2003 for the IAS server, and it is working properly. Just
want to know if laptops that aren't in the domain will ever be able to
connect properly.

I don't know, but if you set it up to authenticate using certificates
as you suggest there should be a chance -- maybe not with PEAP
but with perhaps L2TP is that is a choice.

 

[Manjari Bonam [MSFT]]

Yes! You can connect with just the certs installed on machines which need
not be joined to the domain.
Just we need to make sure we have the user cert and the root cert installed.