Re: [WIRELESS-LAN] Problems with Windows 802.1x supplicant

Michael Griego Thu, 01 Feb 2007 15:35:06 -0800

We use a mix. We have quite a few AD-member computers that use ourwireless LAN. These machines also get our wireless configuration GPOthat sets all these parameters automatically. These users *will* belogging into the domain as well, so their credentials will be thesame. On our student laptops, this is never set intentionally forthe same reasons you mention. This mix works quite well for ourpurposes.


--Mike



On Feb 1, 2007, at 2:32 PM, Lee Badman wrote:

Automatically Use My Windows Credentials- implies that the same user
name and password used to simply open up Windows is the same used to

login to the network, like against AD- which is not always the same(in

our case it is very likey almost never the same as the users set up
their own laptops and give themselves all sorts of exotic and or silly
names and passwords that wouldn't match theur network IDs)

Lee

[EMAIL PROTECTED] 2/1/2007 3:25 PM >>>

I forgot to mention the most consistant way of connecting to the
network
successfully is to uncheck the "Automatically use my Windows
credentials", but then it doesn't run login scripts, and you have to
have logged on to the computer before.

-----Original Message-----
From: Michael Griego [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 01, 2007 2:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Problems with Windows 802.1x supplicant

Dumb question...   In your 802.1x configuration on your Windows
laptops, you *do* have both "Authenticate as a machine..." and
"Automatically use my Windows credentials" enabled, yes?

--Mike

On Feb 1, 2007, at 1:26 PM, Lee Weers wrote:

My problem is there are no cached creditials on the machine.  I don't

even make it as far in to get a pop up box, because as soon as I
select OK I get the error of Domain is unavailable.

-----Original Message-----
From: Lee Badman [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 01, 2007 12:39 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Problems with Windows 802.1x supplicant

On the login box- which is preceeded by "Click here to select a
certificate or other credential" balloon pop-up, we inititially shot

ourselves in the foot somewhat as part of our Novell client build was

a registry tweak to disable such pop ups (this was done long before
.1x was even a twinkle in the eye). That little pop up is critical to

getting the initial login box. And to say credentials are cached
indefinitely may be stretching it- when users change their passwords

in AD (or whatever) the cached credentials then become invalid (just

to be complete).

Lee

Lee Badman
Network/Wireless Engineer
Syracuse University
315 443-3003

[EMAIL PROTECTED] 2/1/2007 1:28 PM >>>

I would think this would be a RADIUS /IAS Issue. I do ths almost
daily:
 Add a temporary user to AD/ACS/RADIUS and log in with my WZC

utility.

It prompts on the first  login attempt for my uname/pw and to verify

the cert.  However, this box does not often show itself easily and
seems to hide behind any window that happens to be open.  clear all
windows from desktop and during the auth process, continually click

on

the little wireless icon in the task bar.  This seems to force the
window from the realm of invisibility.  Once you do this, it will

cash

the credentials indefinately.  I've had varying degrees of success
with the "clear cached credential" registry change that msoft talks
about...

How to remove cached user credentials that are used for PEAP
authentication in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;823731


1.  A laptop that belongs to our domain, but the user has never
logged into it before (so no cached creditentials exist) it errors

with the Domain is not available.  If cached creditentials do

exist

then they get logged in.


**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://
www.educause.edu/groups/.


**********
Participation and subscription information for this EDUCAUSE
Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**********

Participation and subscription information for this EDUCAUSEConstituent Group discussion list can be found at http://www.educause.edu/groups/.


**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Problems with Windows 802.1x supplicant

Reply via email to