Re: IAS for Wireless Authentication




there 2 different scenarios:

1 - if a computer is out of the domain as soon as i try to connect to the
wireless network a username and password are requested. but when i put a
domain user account it doesn't login. and i've found out why. for some reason
the connection default to "computer authentication" and since the login i'm
using is a user and not a computer account, login fails. to be able to
connect, i have to create the wireless connection manually and disable
validate server certificate, since this is not a domain computer it doesn't
have any certificate, and i have to go into advanced options and select "user
or computer" or just simply "user" on the specify authentication mode option.
this way it works.

2 - now for domain computers, what happens is, since the "authentication
mode" option defaults to computer auth. , the computer can logon even before
the user logon which is fine but completely ignores the domain users policy
on IAS. if i had a specific group of users who i'd want to connect to the
wireless network, it would be ignored since the computer is a domain computer
and is already authenticated.

is this supposed to be like this?

thank you so much.



"Anthony [MVP]" wrote:

Syn,
When is authentication happening?
At Startup the computer will authenticate. It makes no difference who logs
on afterwards.
At Logon the user will authenticate. it makes no difference what the
computer is.
Anthony,
http://www.airdesk.com



"SynEngium" <SynEngium@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D82050D8-A871-4D81-8686-5259ADEFB859@xxxxxxxxxxxxxxxx
Hi.
I have setup an IAS server for wireless authentication with these
policies:

1) NAS-Port-Type matches "Wireless - Other OR Wireless - IEEE 802.11"
2) Windows-Group matches "domain\Domain Users;domain\Domain Computers"

using PEAP-MS-CHAP-V2

but i have 2 problems:

1 - a computer who is part of the domain but logged on with a local
computer
account can still connect to the wireless network.
2 - a computer who is not on the domain can't connect even when providing
the right domain credentials (which also gives me the problem of trying to
connect a windows mobile device since it's not part of the domain)

can someone please tell me what am i doing wrong?

thank you

.



Relevant Pages

  • XPSP2 Wireless Network Startup with IAS and PEAP Auth.
    ... We have now successfully configured wireless network access over WPA, IAS ... The problem we have now is that despite we have a successfull computer ... authentication on IAS, ...
    (microsoft.public.internet.radius)
  • Re: windows XP + router = repeatedly disconnects
    ... Hi try disabling the 802.1x authentication on your wireless network card ... > Internet connection is disconnected during online gaming. ...
    (microsoft.public.windowsxp.network_web)
  • PEAP Wireless Access for Mac OS X
    ... attempting to set up PEAP authentication for our wireless network. ... accept the certificate but rather immediately rejects the computer. ...
    (microsoft.public.platformsdk.security)
  • PEAP Wireless Access for Mac OS X
    ... attempting to set up PEAP authentication for our wireless network. ... accept the certificate but rather immediately rejects the computer. ...
    (microsoft.public.windows.server.networking)
  • PEAP Wireless Access for Mac OS X
    ... attempting to set up PEAP authentication for our wireless network. ... accept the certificate but rather immediately rejects the computer. ...
    (microsoft.public.win2000.macintosh)