Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAltitude 4000 Series
31323334353637383940
Creating the Windows Security Infrastructure
Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.1 Technical Reference Guide
32
Step 2: Configuring Active Directory for Accounts and
Groups
To configure Active Directory user and computer accounts and groups for wireless access, do the
following:
1 If you are using Windows 2000 domain controllers, install Windows 2000 SP3 or SP4 on all domain
controllers.
2 Ensure that all users that are making wireless connections have a corresponding user account.
3 Ensure that all computers that are making wireless connections have a corresponding computer
account.
4 Set the remote access permission on user and computer accounts to the appropriate setting (either
Allow access or Control access through Remote Access Policy). The remote access permission
setting is on the Dial-in tab on the properties of a user or computer account in the Active Directory
Users and Computers snap-in.
5 Organize your wireless access user and computer accounts into the appropriate groups. For a native-
mode domain, you can use universal and nested global groups. For example, create a universal
group named Wireless Users that contains global groups of wireless user and computer accounts for
intranet access.
Best Practice
Use a native-mode domain and universal groups and global groups to organize your wireless accounts
into a single group.
Step 3: Configuring the Primary IAS Server
Configuring the primary IAS server on a computer involves the following:
Configuring IAS to be able to access account information, logging, UDP ports, and for the RADIUS
clients corresponding to the wireless APs.
Configuring a remote access policy for wireless access.
Step 3a: Configuring IAS
To configure the primary IAS server on a computer, do the following:
1 If you are using computer certificate autoenrollment and Windows 2000 IAS, force a refresh of
computer Group Policy by typing secedit /refreshpolicy machine_policy from a command prompt.
If you are using computer certificate autoenrollment and Windows Server 2003 IAS, force a refresh of
computer Group Policy by typing gpupdate /target:computer from a command prompt.
2 If you are using PEAP-MS-CHAP v2 authentication and have obtained a computer certificate from a
commercial CA, use the Certificates snap-in to import it into the Certificates (Local Computer)\
Personal\Certificates folder. To perform this procedure, you must be a member of the
Administrators group on the local computer, or you must have been delegated the appropriate
authority. It is also possible to import a certificate by double-clicking a certificate file that is stored in