Re: IAS for Wireless Authentication




Syn,
When is authentication happening?
At Startup the computer will authenticate. It makes no difference who logs on afterwards.
At Logon the user will authenticate. it makes no difference what the computer is.
Anthony,
http://www.airdesk.com



"SynEngium" <SynEngium@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:D82050D8-A871-4D81-8686-5259ADEFB859@xxxxxxxxxxxxxxxx
Hi.
I have setup an IAS server for wireless authentication with these policies:

1) NAS-Port-Type matches "Wireless - Other OR Wireless - IEEE 802.11"
2) Windows-Group matches "domain\Domain Users;domain\Domain Computers"

using PEAP-MS-CHAP-V2

but i have 2 problems:

1 - a computer who is part of the domain but logged on with a local computer
account can still connect to the wireless network.
2 - a computer who is not on the domain can't connect even when providing
the right domain credentials (which also gives me the problem of trying to
connect a windows mobile device since it's not part of the domain)

can someone please tell me what am i doing wrong?

thank you

.



Relevant Pages

  • Problem with IAS and DCOM
    ... We currently have a 2003 SBS server that when a wireless authentication ...
    (microsoft.public.windows.server.sbs)
  • Re: PEAP authentication with Windows 2003 unreliable
    ... Are you using wireless authentication or wired? ... The particular behavior that you are seeing is related to a bug which gets ... with no particular user or computer and eventually after the user logs on ...
    (microsoft.public.internet.radius)
  • Wireless clients not authenticating, need help
    ... I have tried the help guild for cert based wireless authentication and ... have tried the Microsoft based PEAP, ... do something with remote access policy? ...
    (microsoft.public.windows.server.sbs)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... > until logon), the wireless connection can kick off when it is ready. ... > was confirmed in the server event logs with IAS (i set that up as the radius ... > as an ordinary user kicks in and takes over from the machine authentication. ... > while the network sorts itself out and a double click on a network link of ...
    (microsoft.public.windows.server.security)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... as the case may be) which will delay authentication until ... I also have an Intel network adapter and WAP that does not have this> problem and even works well with 802.1X EAP-TLS for domain logon. ... In> most cases [ipsec a possible exception] kerberos authentication is not> needed to access domain resources as long as the client and server use a> common authentication method for lm/ntlm/ntlmv2. ... The main issue is to> NEVER include an ISP dns server in the preferred server list in the tcp/ip> properties or DHCP scope of any domain computer or any computer you want to> join to the domain in which case your computers may be trying to locate the> domain _srv records on the ISP dns server and fail. ...
    (microsoft.public.windows.server.security)