Re: IAS for Wireless Authentication
- From: SynEngium <SynEngium@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 26 Jun 2009 02:41:01 -0700
there 2 different scenarios:
1 - if a computer is out of the domain as soon as i try to connect to the
wireless network a username and password are requested. but when i put a
domain user account it doesn't login. and i've found out why. for some reason
the connection default to "computer authentication" and since the login i'm
using is a user and not a computer account, login fails. to be able to
connect, i have to create the wireless connection manually and disable
validate server certificate, since this is not a domain computer it doesn't
have any certificate, and i have to go into advanced options and select "user
or computer" or just simply "user" on the specify authentication mode option.
this way it works.
2 - now for domain computers, what happens is, since the "authentication
mode" option defaults to computer auth. , the computer can logon even before
the user logon which is fine but completely ignores the domain users policy
on IAS. if i had a specific group of users who i'd want to connect to the
wireless network, it would be ignored since the computer is a domain computer
and is already authenticated.
is this supposed to be like this?
thank you so much.
"Anthony [MVP]" wrote:
When is authentication happening?
At Startup the computer will authenticate. It makes no difference who logs
At Logon the user will authenticate. it makes no difference what the
"SynEngium" <SynEngium@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
I have setup an IAS server for wireless authentication with these
1) NAS-Port-Type matches "Wireless - Other OR Wireless - IEEE 802.11"
2) Windows-Group matches "domain\Domain Users;domain\Domain Computers"
but i have 2 problems:
1 - a computer who is part of the domain but logged on with a local
account can still connect to the wireless network.
2 - a computer who is not on the domain can't connect even when providing
the right domain credentials (which also gives me the problem of trying to
connect a windows mobile device since it's not part of the domain)
can someone please tell me what am i doing wrong?
- Prev by Date: Re: Use restricted accounts instead of Admin accounts. Problem with runas and deny logon locally
- Next by Date: NTLM based auth fails for LOCAL SYSTEM when accessing shared folde
- Previous by thread: Re: IAS for Wireless Authentication
- Next by thread: Use restrictec accounts instead of Admin accounts. Problem with runas and deny logon locally