Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM20 Controller
31323334353637383940
Creating the Windows Security Infrastructure
Summit WM20 Technical Reference Guide, Software Version 4.240
in your Windows 2000 Active Directory domain that runs either Windows Server 2003 with no service
packs installed or Windows Server 2003 with SP1 (for WPA authentication and encryption settings).
Once this is complete, you must use the Group Policy snap-in from any domain member computer
running either Windows Server 2003 with no service packs installed or Windows Server 2003 with SP1
to configure Wireless Network (IEEE 802.11) Policies settings.
NOTE
The Wireless Network (IEEE 802.11) Policies Group Policy extension for Windows Server 2003 with SP1 does not
support the configuration of WPA2 authentication settings.
Step 7: Installing Computer Certificates on Wireless
Client Computers for EAP-TLS
For computer authentication with EAP-TLS, you must install a computer certificate on the wireless
client computer.
To install a computer certificate on a wireless client computer running Windows Server 2003, Windows
XP, or Windows 2000, connect to the organization intranet using an Ethernet port and do the following:
If the domain is configured for autoenrollment of computer certificates, each computer that is a
member of the domain requests a computer certificate when computer Group Policy is refreshed. To
force a refresh of computer Group Policy for a computer running Windows Server 2003 or Windows
XP, restart the computer or type gpupdate /target:computer at a command prompt. To force a refresh
of computer Group Policy for a computer running Windows 2000, restart the computer or type
secedit /refreshpolicy machine_policy at a command prompt.
If the domain is not configured for autoenrollment, you can request a “Computer” certificate using
the Certificates snap-in or you can execute a CAPICOM script to install a computer certificate.
The enterprise organization’s information technology (IT) group can install a computer certificate before
the computer, typically a laptop, is delivered to its user.
For information about CAPICOM, search for “CAPICOM” at
http://msdn.microsoft.com/.
Step 8: Installing User Certificates on Wireless Client
Computers for EAP-TLS
For user authentication with EAP-TLS, you must use a locally installed user certificate or a smart card.
The locally installed user certificate must be obtained through autoenrollment, Web enrollment, by
requesting the certificate using the Certificates snap-in, by importing a certificate file, or by running a
CAPICOM program or script.
The easiest methods of installing user certificates assume that network connectivity already exists, such
as using an Ethernet port. When the user connects to the intranet, they can obtain a user certificate
through autoenrollment or by submitting a user certificate request using Web enrollment or the
Certificate Manager. For more information about requesting a user certificate, see the “Submit a user
certificate request via the Web” and “Request a certificate” procedures in this section.