Solved

Windows XP: PEAP pre-logon authentication, active directory.

Posted on 2008-10-20
5
2,543 Views
Last Modified: 2013-11-12
Hi,
We got an Cisco WLC 4404 running 5.1.151.0. We are using PEAP with MS-CHAPv2, the Clients are running Windows XP SP3. The wireless configuration is distributed via group policy.
Is there a way to authenticate the users before the log on to the domain? Maybe this is possible via the machine account? Thanks.
 
0
Comment
Question by:mchammer7
  • 2
5 Comments
 
LVL 25

Expert Comment

by:slam69
ID: 22975451
No way to authenticate before they get onto the domain

what are you trying to achieve?
0
 
LVL 25

Accepted Solution

by:
slam69 earned 500 total points
ID: 22975469
You can use dial up networking which means they will always authenticate to teh domain for connection or you can use cached crednetials to log onto teh machien but you cant authenticate the users for domain entry until they are logged onto teh domain as you could have a machine thats out in teh field for months and might have leavers credenatils on it that would authenticate at machine level but wouldnt then be valid against AD
0
 

Expert Comment

by:jbrophy11
ID: 24498200
I know what you're  trying to accomplish and I have a solution. Instead of authenticating the clients using the user credentials, use Computer Account credentials.

You'll need to setup a Wireless Network that uses PEAP authentication, then use IAS (Radius) on a Domain Controller and setup the authentication to use the Computer Account. The computer account credentials are set automatically when the PC joins the domain...so don't waste time trying to figure how to set the computer account password, just select the option on the client side to Authenticate as Computer.

I can provide additional details if need be, let me know if this helps.

ps - We're doing the same thing in our environment so Wireless laptop users can access network resources prior to logging into the domain......allowing for the client to actually accomplish a full Active Directly logon executing scripts and software distribution etc.....
0
 

Expert Comment

by:YoweighNOLA
ID: 25851646
I know this thread is old, but I'd like those additional details, please. Is there a way I can contact jbrophy11 directly?
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now