Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM20 Controller
21222324252627282930
Creating the Windows Security Infrastructure
Summit WM20 Technical Reference Guide, Software Version 4.230
autoenrollment of user certificates either through the inheriting of group policy settings of a parent
system container or explicit configuration.
Step 2: Configuring Active Directory for Accounts and
Groups
To configure Active Directory user and computer accounts and groups for wireless access, do the
following:
1 If you are using Windows 2000 domain controllers, install Windows 2000 SP3 or SP4 on all domain
controllers.
2 Ensure that all users that are making wireless connections have a corresponding user account.
3 Ensure that all computers that are making wireless connections have a corresponding computer
account.
4 Set the remote access permission on user and computer accounts to the appropriate setting (either
Allow access or Control access through Remote Access Policy). The remote access permission
setting is on the Dial-in tab on the properties of a user or computer account in the Active Directory
Users and Computers snap-in.
5 Organize your wireless access user and computer accounts into the appropriate groups. For a native-
mode domain, you can use universal and nested global groups. For example, create a universal
group named Wireless Users that contains global groups of wireless user and computer accounts for
intranet access.
Best Practice
Use a native-mode domain and universal groups and global groups to organize your wireless accounts
into a single group.
Step 3: Configuring the Primary IAS Server
Configuring the primary IAS server on a computer involves the following:
Configuring IAS to be able to access account information, logging, UDP ports, and for the RADIUS
clients corresponding to the wireless APs.
Configuring a remote access policy for wireless access.
Step 3a: Configuring IAS
To configure the primary IAS server on a computer, do the following:
1 If you are using computer certificate autoenrollment and Windows 2000 IAS, force a refresh of
computer Group Policy by typing secedit /refreshpolicy machine_policy from a command prompt.
If you are using computer certificate autoenrollment and Windows Server 2003 IAS, force a refresh of
computer Group Policy by typing gpupdate /target:computer from a command prompt.
2 If you are using PEAP-MS-CHAP v2 authentication and have obtained a computer certificate from a
commercial CA, use the Certificates snap-in to import it into the Certificates (Local Computer)\