I am currently facing an IEEE 802.1x deployment based on EAP-TLS. I
have found tons of documentation for Windows 2003 environments (and
with MS Certificate Services in Enterprise mode), but my environment
is a little older (upgrade is unfortunately not an option):
- Active Directory on Windows 2000 Server
- MS IAS on Windows 2000 Server (regitered in and reading from the
domain) as RADIUS server
- MS Cert Services - Standalone Mode - on Windows 2000 Server
- Windows XP Professional workstations as clients
- IEEE 802.1x-enabled Cisco Switches
My questions are:
- Although the MS Certificate Services are in standalone mode, can I
still configure some auto-enrollment based on the users' AD logon? If
not, what is the best option in order to minimize administrative
effort?
- Since MS Certificate Services are in standalone mode, is it possible
to have the IAS server map certificates to AD users, and based on
these AD identities, apply different IAS remote access policies?
If you could point me to any paper or step-by-step guide that can
provide me with some insight on what the design options (and
associated pros and cons) are for such an environment, I would also be
more than grateful.
I am currently facing an IEEE 802.1x deployment based on EAP-TLS. I
have found tons of documentation for Windows 2003 environments (and
with MS Certificate Services in Enterprise mode), but my environment
is a little older (upgrade is unfortunately not an option):
- Active Directory on Windows 2000 Server
- MS IAS on Windows 2000 Server (regitered in and reading from the
domain) as RADIUS server
- MS Cert Services - Standalone Mode - on Windows 2000 Server
- Windows XP Professional workstations as clients
- IEEE 802.1x-enabled Cisco Switches
My questions are:
- Although the MS Certificate Services are in standalone mode, can I
still configure some auto-enrollment based on the users' AD logon? If
not, what is the best option in order to minimize administrative
effort?
- Since MS Certificate Services are in standalone mode, is it possible
to have the IAS server map certificates to AD users, and based on
these AD identities, apply different IAS remote access policies?
If you could point me to any paper or step-by-step guide that can
provide me with some insight on what the design options (and
associated pros and cons) are for such an environment, I would also be
more than grateful.
Thanks in advance and best regards,
Rodrigo.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]