Extreme Networks Summit WM Technical Reference Manual page 53

NOTE
By default, the PEAP-MS-CHAP v2 authentication uses your Windows logon credentials for wireless
authentication. If you are connecting to a wireless network that uses PEAP-MS-CHAP v2 and you want to specify
different credentials, click Configure and clear the Automatically use my Windows logon name and password check
box.
Although the Protected EAP Properties dialog box for Windows XP with SP1, Windows XP with SP2,
Windows Server 2003, and Windows 2000 SP4 has an Enable Fast Reconnect check box, IAS in
Windows 2000 does not support fast reconnect. IAS in Windows Server 2003 does support fast
reconnect.
If the root CA certificate of the issuer of the computer certificates installed on the IAS servers is already
installed as a root CA certificate on your wireless clients, no other configuration is necessary. If your
issuing CA is a Windows 2000 Server or Windows Server 2003 online root enterprise CA, then the root
CA certificate is automatically installed on each domain member through computer configuration
Group Policy.
To verify, obtain the properties of the computer certificate on the IAS server using the Certificates snap-
in and view the certificate chain from the Certification Path tab. The certificate at the top of the path is
the root CA certificate. Use the Certificates snap-in of a wireless client for each Windows operating
system to ensure that this certificate is in the list of trusted root certification authorities in the
Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates folder.
If it is not, you must install the root CA certificate(s) of the issuer(s) of the computer certificates of the
IAS servers on each wireless client for the Windows operating systems that do not contain them.
The easiest way to install a root CA certificate on all your wireless clients is to do the following:
1 Using the Certificates snap-in on an IAS server, export the root CA certificate of the issuing CA of
computer certificates on the IAS servers to a file (*.PB7). You can find the root CA certificate in the
Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates folder.
2 Open the Active Directory Users and Computers snap-in.
3 In the console tree, double-click Active Directory Users and Computers, right-click the appropriate
domain system container, and then click Properties.
4 On the Group Policy tab, click the appropriate Group Policy object (the default object is Default
Domain Policy), and then click Edit.
5 In the console tree, open Computer Configuration, then Windows Settings, then Security Settings,
and then Public Key Policies.
6 Right-click Trusted Root Certification Authorities, and then click Import
7 In the Certificate Import Wizard, specify the file that was saved in Step 1
8 Repeat steps 3-7 for all appropriate system containers
The next time the wireless client computers update their computer configuration Group Policy, the root
CA certificate of the issuing CA of computer certificates on the IAS servers is installed in their local
computer certificate store.
Alternately, you can use the Certificates snap-in to import the root CA certificates to the Certificates
(Local Computer)\Trusted Root Certification Authorities\Certificates folder on each wireless client
computer.
Summit WM Technical Reference Guide, Software Version 5.1
53