WAC 802.1x Detail Summary

User Name Password Authentication

Certificate authentication: No need to lose the account password

WAC itself: has applied for a public network certificate. The automatic configuration tool is not required.

If the external, it still needs to be configured automatically.

The WAC itself is radius:

One-way authentication (user name password)

Verify that the server certificate vs or do not validate.

Configure the network manually (download root certificate import automatically)

Manually download the root certificate import

Automatic configuration:

If you enable certificate autoenrollment (write templates), certificates are automatically issued for each user.

Bidirectional authentication: (no password to lose)

Manual configuration

Manually import CA certificates and personal certificates

Automatic configuration

Install root certificate

Install personal certificates

Second, the external radius

Environment: Server1:rootca/ad Server2:radius

Server1 set up Group Policy and configure automatic issuance of certificates to computers in AD.

Result: Server2 Personal certificate has server2 certificate, Server2 's trusted certificate has ROOTCA.

Perform:

When configuring IAS (RADIUS), issue to Server2?

The root certificate is imported to WAC, the SERVER1 certificate

Why external RADIUS guide certificate?

Since both 802.1X and WPA require certificates for IAS server authentication and encryption key generation, you must install a certificate to the IAS server, or you will not be able to find the certificate when you configure IAS.

Several nouns of a field:

Computer:

User:

Security group:

There are 1 in the security group: Software Settings 2:windows settings 3: Administrative Templates

Organizational unit: such as sales department, marketing department, the corresponding computer into the group. The corresponding user-create user groups (security groups) in the organizational unit, and put the user in the corresponding group.

External radius:

Automatically issue certificates to domain users (wireless users).

After pretending to play IAS, what is the purpose of registering with AD?

After installation, you will see "Internet Authentication Service" in "Administrative Tools", and after opening, register the server in AD to enable IAS to read the accounts inside the ad.

When setting up an IAS policy, which groups in AD are allowed to be used wirelessly?

Add a user group that requires wireless access

This article is from the "Lannyma" blog, make sure to keep this source http://lannyma.blog.51cto.com/4544390/1736345

WAC 802.1x Detail Summary