docrice
join:2008-03-31
Fremont, CA
| How-to: Active Directory and PEAP / EAP-TLS / PEAP-TLS
As mentioned in another thread, I started writing a short step-by-step for a friend who wants to implement 802.11i for his company. What initially started out as a cheat sheet ended up being one of the longest articles I've ever written, so hopefully someone else out there can find this useful.
»wicked-styles.com/bitsandpieces/···ecurity/
It's a how-to guide on setting up 802.1X-based wireless security in an Active Directory-driven corporate network, so I tried to stay "native" within the Microsoft realm of things, although I do show how to configure an OS X client to connect to it. There are also sample packet traces for each EAP type implemented on both the client side as well as the server side (which I was planning to write step-by-step explanations for, but I've been writing this for days so I'll put it off until another week) for comparison purposes during testing.
If there are any obvious inaccuracies, grammar issues, etc., please let me know. |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | Well done Doc, thanks for the post! |
|
jbibe
Premium,MVM
join:2001-02-22 | reply to docrice
Nice article.
What certificate formats are required for OS-X? Can OS-X produce the required certificates from a user.p12 certificate? |
|
docrice
join:2008-03-31
Fremont, CA | I didn't try importing a .p12 cert, but based on what I've read elsewhere, OS X should be able to use .p12 just fine. I believe the other certificate from the root CA was a DER, although I'd assume Base64 encoded files would work also. |
|
jbibe
Premium,MVM
join:2001-02-22 | Thanks. I will have to do some experimenting with OS-X when I get a chance. |
|
DarkLogix
join:2008-10-23
Baytown, TX | reply to docrice
Thanks great work
could you put it into a pdf file |
|
docrice
join:2008-03-31
Fremont, CA
| I wasn't planning on doing that, and I don't have a formal PDFing template for this article. And technically, the article isn't complete either since I skipped the section about explaining step-by-step what's happening in the packet traces. I spent a week writing this guide up and kind of got tired.
If it's for your own use, you could probably just copy / paste this into word with all the screenshots and use a free PDF converter (CutePDF?). |
|
DarkLogix
join:2008-10-23
Baytown, TX | Cool
you might be able to make money on this |
|
docrice
join:2008-03-31
Fremont, CA
| If I was doing this for businesses as a consultant, I'd definitely charge for my time. Writing a how-to article, on the other hand, I usually prefer to give away. After all, I learned an immensely great deal from other people's free information online and I wouldn't be where I am if it hadn't been for them. |
|
Angelo_
The Network Guy
Premium
join:2002-06-18 | reply to docrice
if you would like when i have abit of free time i'll make it into a pdf for you guys =) |
|
docrice
join:2008-03-31
Fremont, CA | Making a PDF is easy. However, for now I'd rather my content remain in its current form. |
|
passingBy
@net.ma | reply to docrice
Thanks for the time you spent on this Man ! |
|
jlachowin
join:2008-05-29
Milwaukee, WI | reply to docrice
now make documentation on setting up a supported network card of EAP-FAST to connect to a EAP-FAST Cisco network. |
|
docrice
join:2008-03-31
Fremont, CA | You guys are killin' me. I'll have to narrow down some supplicants first and install ACS. Wouldn't be a bad idea though since there are plenty of "Microsoft + Cisco" shops out there. |
|
