I believe there is also a domain authentication passthrough piece to Bluesocket. One thing we've used to get around this is allowing unregistered users to pass packets to our VPN server. They then use the Cisco VPN software to start the tunnel before they perform the Windows logon process. This allows the users to still authenticate in *some* way (VPN) while still allowing the NT auth process to take place.
--Mike
On Thu, 2004-01-22 at 09:39, Michael Dickson wrote:
Interesting problem.
One thing to try (security issues notwithstanding) is to grant access to the appropriate windows services in the "Un-registered" role. This is the first role a user is put into before they actually authenticate.
Maybe windows authentication is sufficient, and adding the appropriate policy to the "Un-registered" role would be ok. Your call.
We do not have a campus wide windows authentication policy. Maybe that's why we do not hear of any complaints on this.
*************************************************************** Michael Dickson Phone: 413-545-9639 Network Analyst Fax: 413-545-3203 University of Massachusetts Email: [EMAIL PROTECTED] Network Systems and Services ***************************************************************
Colleen Szymanik wrote:
We have been testing the Bluesocket wireless authentication gateway which uses a web intercept model for authentication purposes. We have had some complaints from windows users because they cannot connect to network drives (windows attempts this connection at startup) because they still have to authenticate. We have also had issues authenticating a new user using windows domains since the computer cannot see the network domain itself without first being authenticated (not an issue if it's been cached). Has anyone else experienced this or have some type of work around?
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
-- *************************************************************** Michael Dickson Phone: 413-545-9639 Network Analyst Fax: 413-545-3203 University of Massachusetts Email: [EMAIL PROTECTED] Network Systems and Services ***************************************************************
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
--
--Mike
----------------------------------- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
We had the same issue here at Skidmore with users not being able to print or access Windows shares without authenticating. What we did was allow DNS outgoing and the three NetBios both ways for the unregistered group. Now a student can log into their lap top and access files and print without having to authenticate to Blue Socket.
-- Jamie
---------------------------------------------------- Jamie Aiello CITS/User Services Skidmore College email: [EMAIL PROTECTED] 815 North Broadway phone: (518) 580-5982 Saratoga Springs, NY 12866-1632 fax: (518) 580-5905
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.