Setting the 802.1x authentication function, Example of windows server 2003 – Sony SNC-DH210T User Manual
Page 57
A
d
mini
s
tra
ting
t
he
Came
ra
Using the 802.1X Authentication Function — 802.1X Menu
57
Setting the 802.1X authentication
function — Example of Windows
Server 2003
This section explains how to configure the
authentication server and CA using Microsoft Windows
Server 2003.
Note
As this section describes authentication based on the
user interface in English on Windows Server 2003, the
UI terminology and page configuration may be different
depending on the version of the Operating System or
Service Pack and patch update status.
Before setting
Perform the following settings before configuring an
802.1X network.
Active Directory (domain controller)
The following setting example is based on the
assumption that the Active Directory has been
configured.
Windows IAS configuration
Configure Remote access/VPN server in Manage
Your Server of Windows Server 2003. Open Add or
Remove Programs from Control Panel of Windows
menu. Install Internet Authentication Service in Add/
Remove Windows Components.
CA configuration
To configure the CA, perform the following steps:
1
Open Add or Remove Programs from Control
Panel of the Windows menu.
2
Select Add/Remove Windows Components.
3
Add Certificate Services in the Component menu.
4
Select Enterprise root CA on CA Type.
5
Type the CA name on Common Name for this CA,
and configure the CA.
Creating a security group for Active
Directory
1
Open Active Directory Users and Computers
from Administrative Tools of the Windows menu.
2
Select Users of the domain with which you want to
perform 802.1X connection.
3
Select New from the context menu, then select
Group and configure the group for 802.1X
connection.
For example, the group “Wired_802.1X_Group” is
assumed for explanation purposes.
Configuring the Internet Authentication
Service
1
Open Internet Authentication Service from
Administrative Tools of the Windows menu.
2
Click Register Server in Active Directory on the
operation menu.
3
Read the displayed precautions carefully and click
OK to accept them.
Then, continue to configure the EAP-TLS policy.
4
Select Remote Access Policy and right-click.
5
Select New from the context menu, and select
Remote Access Policy to open “New Remote
Access Policy Wizard”.
6
Select Set up a custom policy.
7
Set the following items:
Policy name: Type “Allow 802.1X Access” as an
example.
Policy conditions: Click Add and add the
following items:
– NAS Port-Type: Ethernet, Wireless-
IEEE802.11, Wireless-Other and Virtual
(VPN)
– Windows-Groups: Wired_802.1X_Group
Permissions: Select Grant remote access
permission.
Edit Profile:
– Dial-in Constraints tab: Specify the session
time out period during which the client is
allowed to be connected, as required.
– Authentication tab: Delete checks from all the
boxes. Click EAP Method and add Smart
Card or other certificates.
Then, continue to configure the RADIUS client.
8
Select RADIUS Clients and right-click.
9
Select New RADIUS Client from the context
menu.