We help IT Professionals succeed at work.

Wireless Pre Logon, Windows XP and Vista?

Medium Priority
1,377 Views
Last Modified: 2012-06-22
I wondering if it's possible to have wireless computer/notebook to pre logon to the domain with Windows Wireless client?

For example: a new user that hasn' t logged into the computer before would like to login and setup their profile.  Right now i would need to hard wire the connection for the inital logon...

Security
Windows 2003 server IAS radius server
Wpa tkip-EAP

OS
Windows XP and Vista
Comment
Watch Question

Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
What you need to configure is 802.1x Wireless authentication with Active Directory.  Please review this URL http://support.microsoft.com/kb/837911

Author

Commented:
Sorry i forgot to mention i do use MSCHAPv2
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
I do believe you need to use certificate in conjunction with AD and the hash (see image)

802.1x.png
Is the wireless ip scope added to dhcp on the server?  Add this and the system will add the necessary DNS settings and the clients should not have any issues joining or logging into the domain.  I had this same issue a long time ago and tried everything and once I added the scope to dhcp presto.  I truely hope this helps.  Let me know
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
The computer should already have an IP address as this is required to deploy policies etc.
Netgear has a mvrgina.dll file that allows you to authenticate wirelessly before domain authentication. it disables fast user switching, which shouldn't be an issue using active directory. Its packaged with their wg311 wireless card drivers. I'd give it a try. http://kb.netgear.com/app/answers/detail/a_id/744 

Install that, it'll replace the mvrgina.dll with their own. But will also install their wireless configuration software which you're going to want to remove afterwards.

 The mvrgina.dll is a windows file, that happens to limit wireless connectivity before authenticating a user account. This should fix it.

Author

Commented:
nappy_d thanks for your help i think i'm almost there, i have switched to using certificates and i'm able to get connected before the login screen.  However once i login as a new user it will evenually discount me and tell me it can't find the cert?  the Cert is a computer cert and when the connection is made initially it is auth by the Computer, however once logged in it's looking for a personal certifcate?  Anyway around this without having to manually install a personal cert?
There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT
Commented:
Try these settings as shown in the screenshot...I think you need to set it up to allow certs to be used that are on the workstation.  The unfortunate part is that this has to be a manual setup of the wireless connection for the laptops.


802.1x-2.png

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.