Florida Concealed Carry banner

1 - 11 of 11 Posts

·
Registered
Joined
·
28 Posts
Discussion Starter #3
Yeah, thanks DLBcarry but I've already seen that page and all the other pages that "describe" how to authenticate wirelessly. I've tried different approaches but none seem to work. I got it to work the very first time I tried it and then I stuck my fat fingers in it and must have done something with the certificate. I blew out Win2K8 and started all over again, but for the life of me I'm unable to get it to work again. I was hoping someone had this working and could give me some pointers or at least show me what I did wrong.
 

·
Registered
Joined
·
563 Posts
What, specifically, is going wrong?
 

·
Registered
Joined
·
28 Posts
Discussion Starter #5
Ok, when trying to authenticate to the domain I get "no logon servers are available to complete that request" <-- not verbatim. So, I have to plug in my laptop to the switch and then login that way. After, I've successfully logged in, I can log off, turn on the wireless, and authenticate wirelessly, BUT only using the same username I logged in while physically connected. If I try to authenticate wirelessly using any other name I get the same error as stated above in quotes. In my original configuration I could log in using any username WITHOUT having to connect my laptop to the switch.

I had created a group in AD called WirelessLAN. In that group I added some users. I used that group when I configured NPS. If I were to physically login in successfully to the domain it would say...logging into MyDomain, right?. In my original setup, when logging in wirelessly, it would state..logging into WirelessLAN (not MyDomain), which I thought was strange but it worked perfectly. Any ideas?
 

·
Registered
Joined
·
438 Posts
Ok, when trying to authenticate to the domain I get "no logon servers are available to complete that request" <-- not verbatim. So, I have to plug in my laptop to the switch and then login that way. After, I've successfully logged in, I can log off, turn on the wireless, and authenticate wirelessly, BUT only using the same username I logged in while physically connected. If I try to authenticate wirelessly using any other name I get the same error as stated above in quotes. In my original configuration I could log in using any username WITHOUT having to connect my laptop to the switch.

I had created a group in AD called WirelessLAN. In that group I added some users. I used that group when I configured NPS. If I were to physically login in successfully to the domain it would say...logging into MyDomain, right?. In my original setup, when logging in wirelessly, it would state..logging into WirelessLAN (not MyDomain), which I thought was strange but it worked perfectly. Any ideas?
Can you clarify your goals?

For example:
  1. Are you trying to require authentication to gain access to wireless resources?
  2. Or are you trying to get a laptop without a current (local) domain profile to authenticate via wireless at startup/logon?
  3. Or are you trying to do something altogether different?

We currently use NPS on 2008 R2 for Radius authentication against our Active Directory Domain. We require all wireless users to have a valid Active Directory account in order to gain access to the wireless network. It works perfectly in this fashion. If their computer is joined to the domain then it require the users to have a valid domain profile (created during a wired logon). Non domain members can authenticate as well, they simply get a logon box from the wireless networks manager.

Your issue not necessarily an issue with the NPS but rather it is due to limitations in the way that all Microsoft OS's handle network drivers for wireless devices.

As an alternative you can look into a GINA replacement like pGINA that is designed to replace the standard windows logon system with a customizable logon system that allows for a wider range of authentication options (Like RADIS, LDAP, etc...).

It "should" technically be possible to authenticate and log on to the domain wirelessly but my experience is that it is unreliable at best.
 

·
Registered
Joined
·
28 Posts
Discussion Starter #7
Can you clarify your goals?

For example:
  1. Are you trying to require authentication to gain access to wireless resources?
  2. Or are you trying to get a laptop without a current (local) domain profile to authenticate via wireless at startup/logon?
  3. Or are you trying to do something altogether different?

We currently use NPS on 2008 R2 for Radius authentication against our Active Directory Domain. We require all wireless users to have a valid Active Directory account in order to gain access to the wireless network. It works perfectly in this fashion. If their computer is joined to the domain then it require the users to have a valid domain profile (created during a wired logon). Non domain members can authenticate as well, they simply get a logon box from the wireless networks manager.

Your issue not necessarily an issue with the NPS but rather it is due to limitations in the way that all Microsoft OS's handle network drivers for wireless devices.

As an alternative you can look into a GINA replacement like pGINA that is designed to replace the standard windows logon system with a customizable logon system that allows for a wider range of authentication options (Like RADIS, LDAP, etc...).

It "should" technically be possible to authenticate and log on to the domain wirelessly but my experience is that it is unreliable at best.
Thanks Superfly for your post. What I'm trying to accomplish is to have a wireless user athenticate to the domain so that the user is able to access the network drive, have internet connectivity, print etc. Basically, have the wirelss computer act as a workstation tethered via network cable. I was able to do this. It worked...flawlessly but I then screwed something up. I'm pretty sure it was something to do with the certificate but I can't figure out what I did. :banghead I'm sure that in about 2 weeks I'll wake from a deep sleep and scream "Eureka!!" but until then...I'll just put it in the back burner. In the mean time I'll play with my new Ubuntu Server. The desktop version is awesome.
 

·
Registered
Joined
·
563 Posts
Couple of things...

What type of laptop are you using, and are you using window's native wireless settings, or some sort of connection manager like lenovo's access connections? If you use something other than native windows for access, there's a good chance the software isn't starting until after the login phase, which is causing you to not connect to NSP prior to logging on. The profiles have to come up right away.

Another issue could be that you're activating slow link detection because of the use of wireless which can cause group policy to not be applied. This can cause issues with connecting as well.

Has the laptop been connected via a wired connection and had gpudate /force run on it before trying the wireless?
 

·
Registered
Joined
·
28 Posts
Discussion Starter #9
I'm using a HP 6120. It was using Windows 7. No connection manager was used, just native windows. I'm pretty sure it's not the laptop. Remember, I had it working perfectly until I made some changes in the server. After that, it went down hill. Now, when I reimaged the server and tried to set it up all over again it was a no go. I'm still convinced that I'm missing a step somewhere. Oh and yes the laptop had been connected via a wired connection and ran the gpupdate /force before the wireless. I had to join it to the domain initially so I took care of all that before I tried the wireless. I figured I'd give that a reset for now and fool around with Ubuntu and some other Linux flavors. I really appreciate you taking the time to help me out. Familiar with linux at all? LOL j/k.
 

·
Registered
Joined
·
28 Posts
Discussion Starter #11
Actually, if you’re not really j/k and you need help with something, I am extremely familiar with Linux.
This my friend, is really good to know. I'm just getting familiar with Ubuntu. I'm a big fan of free but aside from that I love the community that Ubuntu (linux) has. I appreciate your offer and I'm gonna hold you to it. :p I'm a total n00b but I'm also very big on Google search which is how I've learned alot so far. Thanks again Superfly.
 
1 - 11 of 11 Posts
Top