On 20/01/2010 22:01, John York wrote:
Hi
We are moving some of our labs from wired to wireless, but running into
problems with the windows client. (We run Vista in our labs now,
hopefully will change to 7 before long.) At present the machines
autologin with cached credentials, then they authenticate to the
wireless network. This causes problems in drive mapping and running
group policies. We're trying to find a way to authenticate to the
wireless at the machine level before any of the user level stuff runs.
Years ago we did this with the Funk Odyssey client. Is there a way to
do that through windows, or does it still require a third-party client?
Thanks
John
Hi,
If your wireless network is WPA/WPA2-Enterprise (802.1x), you can
"machine authenticate" to the wireless. Windows supports two varieties:
1) You machine auth and that's it.
2) Machine auth when no-one is logged in, user auth when a user logs in.
We do (1) with a couple of hundred machines (mainly XP). We configure the
machines via GPO. It works reliably.
Windows uses PEAP/MS-CHAPv2, so your RADIUS server will need to be
configured for PEAP, and obviously be able to talk to your Domain servers.
We use FreeRADIUS + Samba. MS IAS and many others should work as well. No
need for cached credentials. Never seen before users can logon with their
domain credentials - no problem.
Let me know if you have any follow-up questions.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
