As the clients are unable and not allowed to use the wired network, that's no
option.
All our clients are using Windows XP, and by my knowledge this has buildin
support for PEAP.
We tried a setup like this, but it's not working well.
1) We exported the Root CA certificate and installed it on the client.
2) We have setup the client to use PEAP with MS-CHAP v2 and ask for username
and password.
3) Try to connect.
Then the strange thing start.
Sometimes it askes for a username and password, but most often is doesn't.
Most of the time it doesn't get connected.
When looking at the IAS eventlog's it shows me that it is using a username
that i can't remember giving in at any point. It looks like it's a username
that's been cached sometime before.
When i install the Intel ProSet i'm also provided the option to givein a
"Roaming identity.
When i fillin my username there, it connects but doesn't ask me for a
Password When lookin at te eventlogs again, it telling me it connected
correctly using the account-name provided in the Roaming identity field.
Again: It never askes me for a Password.
WHY?
"BerkHolz, Steven" schreef:
> (Wired) If they go to Start, Run, and type in \\Servername\sharename, Enter, They will be prompted for their name and password.
> They need to enter their username as Domain\Username, and they will connect.
>
> As for the PEAP issue, whey will have to have driver that support it.
> And because their computer are not on the Domain, they will not have he required certificate.
> You will have to publish the certificate on a non secured network, or floppy\CD, etc. so they can install it on their Laptops.
>
> --
> --
> Steven
>
> May you have the peace and freedom that come from abandoning all hope of having a better past.
> --- - --- - - - - - - - -- - - - --- - ------ - - --- - - -- - - - -- - - -
> "Joris van der Struijk" <(E-Mail Removed)> wrote in message
> news:559EA849-DAE3-4A9C-9968-(E-Mail Removed)...
> > We are having trouble creating following scenario.
> >
> > A lot of students at our campus are using there laptops when not in class
> > and even during lessons.
> > All students have an account in our Windows 2003 Active Directory.
> >
> > We want to provide the student with access to our network recources WITHOUT
> > adding all those laptop computer accounts to our AD. This would be a lot of
> > work, and student won't be happy having to add the home laptop to our domain.
> >
> > What we want:
> > No laptop computer accounts.
> > As secure as possible (ea. PEAP with MS-CHAP v2).
> > Authentication should be based on the user account of the students, already
> > present in AD.
> > We would like some kind of system where we provide the student with
> > instructions of some sort. When setup correctly and the client is connecting
> > he is provided a login screen where he/she has to enter the students AD user
> > and password.
> >
> > Our infrastructure contains several Cisco 1100 AP's, IAS radius server, 2003
> > Servers.
> >
> > Hope to find some concrete info here.
> >
> > Grx,
> > Joris
>
>
>
|
Similar Threads
Linear Mode
