I was incorrect, each building is it's own site in AD & it's own subnet, which is a /16 on a private class A.
On Sun, Jan 31, 2010 at 8:43 PM, Robert Portvliet < [email protected]> wrote: > That was going to be my next move, mirror the switchport the AP is plugged > into & take a capture of the auth attempt. (I'll do that tomorrow morning) > > Like I said I'm coming into this a bit after the fact & didn't do the > initial setup, but yes the cert is self signed & generated using Microsoft > CA (I'll look into the settings further though), the clients are all Vista > btw. > > As far as the network, it's flat with layer 3 routing only in the core > switch, each building is on it's own vlan, but the wireless vlan is the same > no matter what building you are in, as far as AD goes there's only one site, > each building is an OU under that. > > I'm more of a Linux\Unix guy so I'm a bit light in the AD end of things, I > think it might be something to do with policy, but according to the systems > engineer you should be getting the same policy no matter where you go. > > Thanks much for the help! > > > > > On Sat, Jan 30, 2010 at 8:55 PM, Tim Mugherini <[email protected]> wrote: > >> Robert, >> >> First I would not trust the Radius server logs, grab a packet dump to >> verify they are not trying to auth as the computer acct (I have seen >> MS IAS not log attempts so even though I have no experience with 2k8 >> NPS I would not trust the logs) >> >> Also you mentioned diff buildings, diff subnets? AD sites? >> >> Lastly you mentioned certifcates are you using a self signed on the >> Radius server, MS CA? If MS CA what are your GO settings for the >> Radius and Certs (have seen issues with MS CA and "verification" on XP >> so just a hunch on my part. >> >> Tim >> >> On Sat, Jan 30, 2010 at 10:26 AM, Robert Portvliet >> <[email protected]> wrote: >> > >> > I'm attempting to troubleshoot an issue with an implementation of WPA2 >> & >> > RADIUS with certificates (for wireless authentication), it is a somewhat >> > perplexing issue which I am hoping someone on the list may be able to >> > provide some guidance on. >> > >> > In the building local to the Radius server, the machine will >> authenticate >> > to the Radius server using the machine name without issue, however in >> the >> > other buildings the same machine (even using the same access point) will >> > never try to pass the machine name to authenticate.. it passes the user >> > name, which works if we allow that method of authentication, but it's >> not >> > what we're after obviously. >> > >> > The strange thing is I see no trace in the Radius server log of it even >> > trying the machine name and the policy the machine receives should be >> the >> > same in each building. >> > >> > For the Radius server I am using NPS on win2k8. the client machines >> are >> > Vista (latest patch level), AP's are HP ProCurve, physical media is >> single >> > mode fiber between the buildings. >> > >> > I came into this a little late in the game, from what I can tell >> > everything seems to be configured correctly, but I'm getting the feeling >> I'm >> > missing something stupid, lol >> > >> > >> > Thanks in advance! >> > >> > >> > >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> > >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
