It's why they're getting denied, they have to be allowed to login. You can probably do specific groups of computers or individual comptuers.
> -----Original Message----- > From: Lee Weers [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 01, 2007 5:07 PM > To: King, Michael > Subject: RE: [WIRELESS-LAN] Problems with Windows 802.1x supplicant > > Is it required that domain computers be allowed? Most of > the college owned laptops are shared laptops. > > -----Original Message----- > From: King, Michael [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 01, 2007 3:48 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Problems with Windows 802.1x supplicant > > Hey, what user's do you have in your IAS's remote access policy? > > Do you have DOMAIN COMPUTERS allowed? (It's not part of DOMAIN USERS) > > Mike > > > -----Original Message----- > > From: Lee Weers [mailto:[EMAIL PROTECTED] > > Sent: Thursday, February 01, 2007 4:42 PM > > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > Subject: Re: [WIRELESS-LAN] Problems with Windows 802.1x supplicant > > > > I've changed the name and marked out the ip addresses. > > > > Here is an example of the deny > > > > User host/bob_10884.central.edu was denied access. > > Fully-Qualified-User-Name = CENTRALCOLLEGE\BOB_10884$ > NAS-IP-Address > > > = xxx.xxx.xxx.xxx NAS-Identifier = WESM1 > Called-Station-Identifier = > > > 00-14-C2-A3-A4-85:airCentral-Academic > > Calling-Station-Identifier = 00-18-DE-66-6E-C4 > Client-Friendly-Name > > = HP Wesm Client-IP-Address = xxx.xxx.xxx.xxx NAS-Port-Type = > > Wireless - IEEE 802.11 NAS-Port = 1 Proxy-Policy-Name = > Use Windows > > authentication for all users Authentication-Provider = Windows > > Authentication-Server = <undetermined> Policy-Name = > <undetermined> > > Authentication-Type = EAP EAP-Type = <undetermined> > Reason-Code = 48 > > > Reason = The connection attempt did not match any remote access > > policy. > > > > > > I wouldn't think I need to setup a policy for machine > authentication. > > > > Here is the success. > > > > User CENTRALCOLLEGE\bob was granted access. > > Fully-Qualified-User-Name = central.edu/Computers-AutoUpdate > > Fac-Staff/Roaming Profiles/Bob NAS-IP-Address = xxx.xxx.xxx.xxx > > NAS-Identifier = WESM1 Client-Friendly-Name = HP Wesm > > Client-IP-Address = xxx.xxx.xxx.xxx Calling-Station-Identifier = > > 00-18-DE-66-6E-C4 NAS-Port-Type = Wireless - IEEE 802.11 > NAS-Port = > > 1 > > Proxy-Policy-Name = Use Windows authentication for all users > > Authentication-Provider = Windows Authentication-Server = > > <undetermined> Policy-Name = Authenticate wireless network > > Authentication-Type = PEAP EAP-Type = Secured password (EAP-MSCHAP > > v2) > > > > I've changed the name and marked out the ip addresses. > > -----Original Message----- > > From: Doug Payne [mailto:[EMAIL PROTECTED] > > Sent: Thursday, February 01, 2007 3:19 PM > > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > Subject: Re: [WIRELESS-LAN] Problems with Windows 802.1x supplicant > > > > On 01/02/2007 3:32 PM, Lee Badman wrote: > > > > > Automatically Use My Windows Credentials- implies that the > > same user > > > name and password used to simply open up Windows is the > > same used to > > > login to the network, like against AD- which is not > always the same > > > (in our case it is very likey almost never the same as the > > users set > > > up their own laptops and give themselves all sorts of > exotic and or > > > silly names and passwords that wouldn't match theur network IDs) > > > > Not to mention that WXP automatically uses the computer name as the > > domain name, which doesn't work if you use IAS as your > Radius server. > > > > ********** > > Participation and subscription information for this EDUCAUSE > > Constituent Group discussion list can be found at > > http://www.educause.edu/groups/. > > > > ********** > > Participation and subscription information for this EDUCAUSE > > Constituent Group discussion list can be found at > > http://www.educause.edu/groups/. > > > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
