Autentificar clientes inalámbricos en windows 2000 server

Requirements:
Windows 2000 with Active Directory (latest service pack)
Certificate server
IAS server
Access point with 802.1X capability, the following were used in this guide
Linksys BEFW11S4
D-link DI-824vup
Windows 2000 or Windows XP client with a wireless adapter (latest service pack)

Windows 2000 Radius server setup:
Make sure Active Directory and DNS are configured properly
Install the IAS and certificate server components from add/remove programs

After the IAS and certificate server components has been installed successfully. Setup the server as CA root and register the IAS server with Active Directory.
For help on setting up the certificate server for automatic certificate allocation:
Click Start, and then click Help
Click the Search tab, type the following text, and then click List Topics :
configure automatic certificate allocation from an enterprise ca
In the Select topic list, click Configure automatic certificate allocation from an enterprise CA , and then click Display
To register the Radius sever:
Right click the RADIUS server and select the "Register in Active Directory" option.

Click ok when you see this message

Next right click the clients option and select create new client.

Name :
IP:
Click Verify to make sure its the correct IP
Client Vendor: Radius Standard
Check the "client must always send signature attribute in the request" box
Enter a secret key that will be exchanged between the access point and server

Edit the remote policy to include Extensible Authentication Protocol on the Authentication tab
Also add the group that you want to allow wireless access

Changing the user properties in Active Directory:
Give the user dial in permissions, or create a group and add the users to that group
Change domain mode to native to enable the Remote Access Policy option

Radius client setup:
D-link access point configuration:
Enable 802.1X
Encryption :enabled
Server: W2k Radius IP
Port : 1812
Radius secret : same as Radius server
WEP enabled (optional)

Linksys access point configuration:
Wireless security : Enabled
Security mode: Radius
Radius Servers address: W2k Radius IP
Port : 1812
Shared Key: same as Radius server
Wireless encryption type : 64bits 10HEX

Note: Once the Radius Server and clients are setup, stop and start the IAS service and reboot the access point.
Wireless client setup:
Select the "wireless networks" tab from wireless network properties
Highlight the access point in the available networks and click configure
On the "association tab" change the network authentication to "Open"
Data Encryption: WEP
If WEP was enabled on the router and a KEY was set then enter the Key here
if a WEP key was not specified on the access point then, check the "key is provided for me" option

Authentication tab
Enable IEEE 802.1x
EAP type: Select protected EAP (PEAP)

Click the properties button
Authentication Method: Secured password (EAP-MSCHAPv2)
Click the configure button
Uncheck the windows logon name and password box


Right click the wireless icon and select the "View available wireless networks" option
Select the wireless network and check the 802.1x box
then click connect (a WEP key may be needed if set on the access point)

A username and password screen will appear

Enter the domain username and password and click logon

Once connected the wireless icon will change

Problems that may occur while trying to connect:
Event ID : 2
If a problem occurs while trying to connect, check the application log on the server:
Make sure the correct domain credentials are provided

Make sure the user account has dial in permissions set to "Allow"
Uncheck the windows logon name and password box. As shown above in red text
Event ID: 14 or 18
Check the connection between the Radius server and the access point
Check the client information on the ISA server
Make sure the shared secret on the server matches the key on the client