How to have access to recources without adding laptops to domain?

Discussion in 'Windows Networking' started by Joris van der Struijk, Feb 4, 2006.

  1. We are having trouble creating following scenario.

    A lot of students at our campus are using there laptops when not in class
    and even during lessons.
    All students have an account in our Windows 2003 Active Directory.

    We want to provide the student with access to our network recources WITHOUT
    adding all those laptop computer accounts to our AD. This would be a lot of
    work, and student won't be happy having to add the home laptop to our domain.

    What we want:
    No laptop computer accounts.
    As secure as possible (ea. PEAP with MS-CHAP v2).
    Authentication should be based on the user account of the students, already
    present in AD.
    We would like some kind of system where we provide the student with
    instructions of some sort. When setup correctly and the client is connecting
    he is provided a login screen where he/she has to enter the students AD user
    and password.

    Our infrastructure contains several Cisco 1100 AP's, IAS radius server, 2003
    Servers.

    Hope to find some concrete info here.

    Grx,
    Joris
     
    Joris van der Struijk, Feb 4, 2006
    #1
    1. Advertisements

  2. (Wired) If they go to Start, Run, and type in \\Servername\sharename, Enter, They will be prompted for their name and password.
    They need to enter their username as Domain\Username, and they will connect.

    As for the PEAP issue, whey will have to have driver that support it.
    And because their computer are not on the Domain, they will not have he required certificate.
    You will have to publish the certificate on a non secured network, or floppy\CD, etc. so they can install it on their Laptops.
     
    BerkHolz, Steven, Feb 4, 2006
    #2
    1. Advertisements

  3. As the clients are unable and not allowed to use the wired network, that's no
    option.

    All our clients are using Windows XP, and by my knowledge this has buildin
    support for PEAP.
    We tried a setup like this, but it's not working well.

    1) We exported the Root CA certificate and installed it on the client.
    2) We have setup the client to use PEAP with MS-CHAP v2 and ask for username
    and password.
    3) Try to connect.

    Then the strange thing start.
    Sometimes it askes for a username and password, but most often is doesn't.
    Most of the time it doesn't get connected.

    When looking at the IAS eventlog's it shows me that it is using a username
    that i can't remember giving in at any point. It looks like it's a username
    that's been cached sometime before.

    When i install the Intel ProSet i'm also provided the option to givein a
    "Roaming identity.
    When i fillin my username there, it connects but doesn't ask me for a
    Password When lookin at te eventlogs again, it telling me it connected
    correctly using the account-name provided in the Roaming identity field.
    Again: It never askes me for a Password.

    WHY?



    "BerkHolz, Steven" schreef:
     
    Joris van der Struijk, Feb 5, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.