If the wait for network works for you, great. Be aware it will delay the logon to the network. (It's a bit obvious, but I had to say it)
Since your using PEAP-MSCHAPv2, you can use machine authentication. I would highly recommend it, it gives you a bunch of features. As mentioned before, you can push the wireless settings out through group policy .I'd suggest using a Vista SP1 machine to create the group policy, it has the best interface for Wireless Group policy's, Your AD has to be at 2003 native or better to support them . If you need help, shout out on the list. The simplest advice is that you can create XP policies, and Vista Policies, but if no Vista Policies are defined, Vista will use XP policies. You can configure the machine to auth with the computer account so it has network connectivity while it's sitting at the CTRL-ALT-DELETE prompt. You then have the option to do either at a user logon: Drop the computer account, and reauth as the logging on users (Default) Ignore user, and continue to use computer account for 802.1x credentials. We use group policies here where I work, and have all machines set to use User credientials. We do however, have a few "Common" machines (about 5 or 6) that use the computer account, for a few policy reasons. Mike On Thu, Jan 21, 2010 at 8:28 AM, John York <[email protected]> wrote: > We use 802.1x through a Cisco WLC 4402 connected to an ACS server. The > EAP is PEAP-MSCHAPv2. Right now the accounts on ACS are local to the > ACS server--it's not a member of the domain that the computer labs live > in. We'll be trying "wait for the network" first. If that doesn't > work, maybe we'll put an ACS server in the computer lab domain. > Thanks > John > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Mike King > Sent: Wednesday, January 20, 2010 5:15 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] wireless labs > > I don't have a silver bullet answer because I would need more > information. > > 1. Are you using 802.1x or just PSK? > 2. What kind of EAP if you are using 802.1x (PEAP)? > 3. What is your RADIUS server (if using 802.1x)? > > Machine Authentication is where I'm leading with those questions. > > For the short term, this might help (or really hurt) (I'm cribbing these > notes from Cisco's NAC / Logon scrip FAQ) > http://www.cisco.com/en/US/products/ps6128/products_configuration_exampl > e09186a0080a70c18.shtml > > Ensure that the computer waits for the network to be available at the > computer startup and logon. > > This GPO policy can be configured under Domain Policy > Computer > Configuration > Administrative Templates > System > Logon. > > > > > > > > > On Wed, Jan 20, 2010 at 5:01 PM, John York <[email protected]> wrote: > > > Hi > We are moving some of our labs from wired to wireless, but > running into > problems with the windows client. (We run Vista in our labs > now, > hopefully will change to 7 before long.) At present the > machines > autologin with cached credentials, then they authenticate to the > wireless network. This causes problems in drive mapping and > running > group policies. We're trying to find a way to authenticate to > the > wireless at the machine level before any of the user level stuff > runs. > Years ago we did this with the Funk Odyssey client. Is there a > way to > do that through windows, or does it still require a third-party > client? > Thanks > John > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
