Solved

Windows XP: PEAP pre-logon authentication, active directory.

Posted on 2008-10-20
5
2,544 Views
Last Modified: 2013-11-12
Hi,
We got an Cisco WLC 4404 running 5.1.151.0. We are using PEAP with MS-CHAPv2, the Clients are running Windows XP SP3. The wireless configuration is distributed via group policy.
Is there a way to authenticate the users before the log on to the domain? Maybe this is possible via the machine account? Thanks.
 
0
Comment
Question by:mchammer7
  • 2
5 Comments
 
LVL 25

Expert Comment

by:slam69
ID: 22975451
No way to authenticate before they get onto the domain

what are you trying to achieve?
0
 
LVL 25

Accepted Solution

by:
slam69 earned 500 total points
ID: 22975469
You can use dial up networking which means they will always authenticate to teh domain for connection or you can use cached crednetials to log onto teh machien but you cant authenticate the users for domain entry until they are logged onto teh domain as you could have a machine thats out in teh field for months and might have leavers credenatils on it that would authenticate at machine level but wouldnt then be valid against AD
0
 

Expert Comment

by:jbrophy11
ID: 24498200
I know what you're  trying to accomplish and I have a solution. Instead of authenticating the clients using the user credentials, use Computer Account credentials.

You'll need to setup a Wireless Network that uses PEAP authentication, then use IAS (Radius) on a Domain Controller and setup the authentication to use the Computer Account. The computer account credentials are set automatically when the PC joins the domain...so don't waste time trying to figure how to set the computer account password, just select the option on the client side to Authenticate as Computer.

I can provide additional details if need be, let me know if this helps.

ps - We're doing the same thing in our environment so Wireless laptop users can access network resources prior to logging into the domain......allowing for the client to actually accomplish a full Active Directly logon executing scripts and software distribution etc.....
0
 

Expert Comment

by:YoweighNOLA
ID: 25851646
I know this thread is old, but I'd like those additional details, please. Is there a way I can contact jbrophy11 directly?
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Guest Network Captive Portal 1 56
NPS running on Win 2012 R2 2 35
Deploy 2 certificates to wireless clients 2 27
Wireless network monitoring 8 53
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now