Solved

Windows XP: PEAP pre-logon authentication, active directory.

Posted on 2008-10-20
5
2,556 Views
Last Modified: 2013-11-12
Hi,
We got an Cisco WLC 4404 running 5.1.151.0. We are using PEAP with MS-CHAPv2, the Clients are running Windows XP SP3. The wireless configuration is distributed via group policy.
Is there a way to authenticate the users before the log on to the domain? Maybe this is possible via the machine account? Thanks.
 
0
Comment
Question by:mchammer7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 25

Expert Comment

by:slam69
ID: 22975451
No way to authenticate before they get onto the domain

what are you trying to achieve?
0
 
LVL 25

Accepted Solution

by:
slam69 earned 500 total points
ID: 22975469
You can use dial up networking which means they will always authenticate to teh domain for connection or you can use cached crednetials to log onto teh machien but you cant authenticate the users for domain entry until they are logged onto teh domain as you could have a machine thats out in teh field for months and might have leavers credenatils on it that would authenticate at machine level but wouldnt then be valid against AD
0
 

Expert Comment

by:jbrophy11
ID: 24498200
I know what you're  trying to accomplish and I have a solution. Instead of authenticating the clients using the user credentials, use Computer Account credentials.

You'll need to setup a Wireless Network that uses PEAP authentication, then use IAS (Radius) on a Domain Controller and setup the authentication to use the Computer Account. The computer account credentials are set automatically when the PC joins the domain...so don't waste time trying to figure how to set the computer account password, just select the option on the client side to Authenticate as Computer.

I can provide additional details if need be, let me know if this helps.

ps - We're doing the same thing in our environment so Wireless laptop users can access network resources prior to logging into the domain......allowing for the client to actually accomplish a full Active Directly logon executing scripts and software distribution etc.....
0
 

Expert Comment

by:YoweighNOLA
ID: 25851646
I know this thread is old, but I'd like those additional details, please. Is there a way I can contact jbrophy11 directly?
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question