IAS - Security template for WAP, PEAP

Discussion in 'Server Networking' started by Fredrick A. Zilz, Jan 30, 2006.

  1. I changed my security template, and lost the ability for my wireless clients
    to authenticate. I use WAP, PEAP with certificates generated by my in house
    Windows 2003 cert server.

    Is there an example template somewhere of what security settings need to be
    applied. My IAS server is a DC.

    Currently my wireless clients see my wireless network, connect, but then
    they sit for an extended period of time attempting to "validate identity"
    eventually failing and the connection is ended.

    I can go back to my old template, but I would prefer to understand the
    security template better and what needs to be enabled / disabled in order to
    make this work. I have gone through the security wizard a number of times,
    and am not sure what I am missing.

    I would be happy to supply more information, as to my configuration, etc.
    All was working well, then I ran the security wizard in order to trouble
    shoot an LDAP issue I was having with another application - resolved that
    and lost my RPC for exchange and my authentication for my wireless.
    Corrected the RPC issue, but have not been able to figure out what is
    missing for WAP PEAP.

    Thanks.
     
    Fredrick A. Zilz, Jan 30, 2006
    #1
    1. Advertisements

  2. In Fredrick A. Zilz <> stated, which I commented
    I think if you can reapply the old template first to get you working.

    My first thought is to think the template you applied included an IPSec
    policy preventing this machine from communicating with others. Keep in mind,
    if you apply a policy to one machine with restrictions, you need to apply
    similar settings for all other machines to follow, such as in a GPO. Keep in
    mind the sec templates can actually be applied as part of a GPO, under
    Windows Settings, rt-click Security Settings, and choose to import. Be
    careful and test this out with a test machine in a test OU.

    Read this article on how templates work.

    Overview to the Windows Server 2003 Security Guide:
    http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx

    And run the Security and Analysis snapin to find out what exactly got
    changed:
    Security Configuration Tool Set in Windows 2000 and 2003:
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/seconfig.mspx


    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Having difficulty reading or finding responses to your post?
    Instead of the website you're using, I suggest to use OEx (Outlook Express
    or any other newsreader), and configure a news account, pointing to
    news.microsoft.com. This is a direct link to the Microsoft Public
    Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
    to easily find, track threads, cross-post, sort by date, poster's name,
    watched threads or subject.

    Not sure how? It's easy:
    How to Configure OEx for Internet News
    http://support.microsoft.com/?id=171164

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft MVP - Windows Server Directory Services
    Microsoft Certified Trainer
    Assimilation Imminent. Resistance is Futile.
    Infinite Diversities in Infinite Combinations.

    The only thing in life is change. Anything less is a blackhole consuming
    unnecessary energy.
    ===========================
     
    Ace Fekay [MVP], Jan 31, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.