On 17/05/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi, > >I have done all these steps except number 5. Are you saying that we can > now get machine names to authenticate prior to the user actually logging > in? I can get it working fine after the user has logged in. It's just > getting the machine to join the wireless network before log in so that they > join the domain ok. oh for sure! and whats more, the login doesnt hang - because the wireless is on and working. it means you arent relying on cached login credentials. as a side affect, the network is 'real' when the windows box starts - so all the other parts of windows works on the wireless - eg stuff you must be in the doamin for. drive mappings, GPOs, SMS bits all 'just work(tm)'
Wow, that's awesome, I read a post which said it wasn't working so I guess it's been fixed....hoo diddly rah!!! So now I just need to see why we're getting 0 length requests and mung about with the User-Name as was stated earlier. eeek! So If I have EAP-TLS working with PEAP ie, the AD users/passwords work....am I almost there? ;) BUT BEWARE
one thing doesnt work. microsoft, in their wisdom, decided that the machine<->AD renegotiation of AD password key CANNOT WORK OVER AN ENCRYPTED LINK. yes. that AD password will expire. on a wired network the machine will talk to the AD to gets its new key. if you are USING the key the machine knows for the login process then that key is invalid in the AD and cannot be upgraded over the PEAP encrypted wifi link. - it also cant be updated on a PPTP link from what I've read. the default time for this to occur is 30 days IIRC. change it on the AD to longer if you want less pain.
-- Pete Savage - cbx33::silentk wiki.ubuntu.com/PeteSavage
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
