Hello,

I have been working on setting up Radius on my win 2k DC with IAS and Linksys WAP54G.

I have followed write-ups and gotten close, but still am having some issues.

I think I'm not getting the CA setup correctly or something. I have an enterprise root CA running on a seperate win2k3 server that has issued the cert for the DC. I tried PEAP, but my devices didn't even show up in the log file on the IAS server. I changed it to EAP MD5 and they started showing up, but they are still failing authentication. The user info is correct, it's comming directly from a domain laptop logged in as an administrator with dial-in enabled.

When I put it on PEAP it fails saying it cannot find a certificate... I assume this is because my CA is not right.

Basically I would love it if the wireless just worked for domain devices and popped up a credential box for non domain boxes. Is this doable? I also have a 2k3 server I can use as the IAS if necessary. My Root CA is not a DC, and my 2k3 and 2k DC's are not a root CA.

Thanks!

The clients need a copy of the Root-CA certificate installed on the PC's this is what is used to verify the validity of the server certificate that is handed down in the start of the PEAP handshake.

In XP, I have to install and reboot for the CA cert on the clients to get recognized sometimes.

Also if you are using WZC you may want to change advanced settings of the wireless network to not authenticate as computer.

~K