Have any of you been able to successfully have users authenticate wirelessly to a domain via NPS in Windows 2008?
Can you clarify your goals?Ok, when trying to authenticate to the domain I get "no logon servers are available to complete that request" <-- not verbatim. So, I have to plug in my laptop to the switch and then login that way. After, I've successfully logged in, I can log off, turn on the wireless, and authenticate wirelessly, BUT only using the same username I logged in while physically connected. If I try to authenticate wirelessly using any other name I get the same error as stated above in quotes. In my original configuration I could log in using any username WITHOUT having to connect my laptop to the switch.
I had created a group in AD called WirelessLAN. In that group I added some users. I used that group when I configured NPS. If I were to physically login in successfully to the domain it would say...logging into MyDomain, right?. In my original setup, when logging in wirelessly, it would state..logging into WirelessLAN (not MyDomain), which I thought was strange but it worked perfectly. Any ideas?
Thanks Superfly for your post. What I'm trying to accomplish is to have a wireless user athenticate to the domain so that the user is able to access the network drive, have internet connectivity, print etc. Basically, have the wirelss computer act as a workstation tethered via network cable. I was able to do this. It worked...flawlessly but I then screwed something up. I'm pretty sure it was something to do with the certificate but I can't figure out what I did. :banghead I'm sure that in about 2 weeks I'll wake from a deep sleep and scream "Eureka!!" but until then...I'll just put it in the back burner. In the mean time I'll play with my new Ubuntu Server. The desktop version is awesome.Can you clarify your goals?
- Are you trying to require authentication to gain access to wireless resources?
- Or are you trying to get a laptop without a current (local) domain profile to authenticate via wireless at startup/logon?
- Or are you trying to do something altogether different?
We currently use NPS on 2008 R2 for Radius authentication against our Active Directory Domain. We require all wireless users to have a valid Active Directory account in order to gain access to the wireless network. It works perfectly in this fashion. If their computer is joined to the domain then it require the users to have a valid domain profile (created during a wired logon). Non domain members can authenticate as well, they simply get a logon box from the wireless networks manager.
Your issue not necessarily an issue with the NPS but rather it is due to limitations in the way that all Microsoft OS's handle network drivers for wireless devices.
As an alternative you can look into a GINA replacement like pGINA that is designed to replace the standard windows logon system with a customizable logon system that allows for a wider range of authentication options (Like RADIS, LDAP, etc...).
It "should" technically be possible to authenticate and log on to the domain wirelessly but my experience is that it is unreliable at best.
This my friend, is really good to know. I'm just getting familiar with Ubuntu. I'm a big fan of free but aside from that I love the community that Ubuntu (linux) has. I appreciate your offer and I'm gonna hold you to it. I'm a total n00b but I'm also very big on Google search which is how I've learned alot so far. Thanks again Superfly.Actually, if you’re not really j/k and you need help with something, I am extremely familiar with Linux.