Manualshelf

Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61
271272273274275276277278279280
802.1x Solution Cookbook 251
Chapter 11
Microsoft Internet Authentication Server
Configuration
Microsoft Internet Authentication Server (IAS) provides all authentication
functions for the wireless network. IAS implements the RADIUS protocol,
which is used between the Alcatel switch and the server. IAS uses Active
Directory as the database for looking up computers, users, passwords, and
group information.
RADIUS Client Configuration
Each device in a network that needs to authenticate to a RADIUS server must
be configured as a RADIUS client. In this case, the Alcatel switch must be
configured as a RADIUS client.
For each RADIUS client configured, a shared secret must be configured. The
shared secret is configured on the RADIUS server and client, and ensures that
an unauthorized client cannot perform authentication against the RADIUS
server
Policy Configuration
The heart of IAS configuration is the policy configuration screen. From this
screen, all policies related to wireless access can be defined – including time
of day restrictions, session length, authentication type, and group-related
policies. The essential policy settings for wireless access are described here -
for detailed explanations of all IAS policy settings, please see Microsoft’s
official documentation.
Policy Matching Conditions
When the IAS server receives a request for authentication, it compares the
request with the list of remote access policies. The first policy to match the
request will be executed, after which additional policies will not be searched.
Each of the first four policies listed above corresponds to a group within the
Active Directory database.
The policies above are designed to work by examining the username portion
of the authentication request, searching the Active Directory database for a
matching name, and then examining the group membership for a computer or
user entry that matches. The following policy-group matches are made:
z The Wireless-Computers policy matches the “Domain Computers” group.
This group contains the list of all computers that are members of the
domain.