Re: Prblm: Radius, WLAN, roaming profiles and software install via group policies

From: James McIllece [MS] (jamesmci_at_online.microsoft.com)
Date: 09/09/04

  • Next message: James McIllece [MS]: "Re: Prblm: Radius, WLAN, roaming profiles and software install via group policies" 
    Date: Thu, 09 Sep 2004 12:04:18 -0700

    "Ola Theander" <ola.theander@otsystem.com> wrote in
    news:eqyx61elEHA.2340@TK2MSFTNGP11.phx.gbl:

    > Dear subscribers
    >
    >
    >
    > I've just added a WLAN-router to allow wireless access to our network.
    > The thing is that I have some initial problems that doesn't apply when
    > we connect by wire and I hope that I can get some help here.
    >
    >
    >
    > Problem 1)
    >
    > We distribute software using AD's group policies and unfortunately
    > some of the software we have must be installed using a group policy
    > assigned to the computer instead of a user, in this case AutoCAD 2004.
    > We prefer to install using user assigned policies but according to
    > Autodesk the software must be installed by a computer assigned GP.
    >
    >
    >
    > The thing is that since we use Radius to authenticate to the
    > WLAN-router the network is not accessible until an actual user logs on
    > and by that time the computer assigned software doesn't initiate an
    > install. Is there any workaround to this problem?
    >
    >
    >
    > Problem 2)
    >
    > We also use roaming profiles which allows the user to log in on an
    > arbitrary computer and still have their documents and preferred
    > environment configuration accessible. The roaming profile
    > configuration maps the "My Documents" folder, Desktop and "Application
    > Data" folder to a file server instead of the local computer. This
    > means that when the user logs off the computer a synchronization
    > sequence is initiated to copy the documents to the assigned file
    > server. The problem is that when this is done over the WLAN it seems
    > like the network connection is prematurely terminated, i.e. before the
    > synchronization is finished. This in turn means that the
    > synchronization fails and the user gets an annoying error message at
    > each log off and the files are not copied to the file server for
    > backup and roaming purposes.
    >
    >
    >
    > I realize that I may have to resort to using WEP or WPA instead of
    > Radius to resolve these issues but before I do that I want to see if
    > there is any possible to solve them while still using Radius.
    >
    >
    >
    > Any help on this matter would be greatly appreciated.
    >
    >
    >
    > Kind regards, Ola Theander
    >
    >
    >

    Hi Ola --

    I thought I would clarify a couple of things for you.

    WEP/WPA and RADIUS are not two versions of the same thing -- in fact for
    best security you should deploy both, with WPA preferred over WEP.

    WEP/WPA are part of the IEEE 802.11 standards and they are used to encrypt
    traffic between wireless client computers and wireless access points (APs).
    Once this link-layer authentication occurs between the client and AP,
    association occurs and other processes (such as 802.1X authentication) can
    begin.

    RADIUS, on the other hand, is a protocol used to encrypt traffic between
    wireless access points (which are called RADIUS clients) and IAS servers (a
    RADIUS server and/or proxy).

    You can use IAS as a RADIUS server to manage network access servers other
    than APs, too -- you can use it to manage VPN servers, dial-up servers, and
    802.1X authenticating switches. If you do not use IAS, you must configure
    remote access policy at each AP instead of configuring it once on the IAS
    server for all APs. 

    -- 
James McIllece, Microsoft
Please do not send email directly to this alias.  This is my online account 
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
  • Next message: James McIllece [MS]: "Re: Prblm: Radius, WLAN, roaming profiles and software install via group policies"

    Relevant Pages

    • Re: Prblm: Radius, WLAN, roaming profiles and software install via group policies
      ... >> The thing is that since we use Radius to authenticate to the ... >> assigned file server. ... >> WLAN it seems like the network connection is prematurely terminated, ... > encrypt traffic between wireless client computers and wireless access ...
      (microsoft.public.internet.radius)
    • ISA RADIUS Authentication per-request -> per-session
      ... I have installed i new ISA 2004 SP2 server for Web Proxy with RADIUS ... I see that the server send RADIUS authentication for each request. ... For Each network In networks ...
      (microsoft.public.isa)
    • Terminal Services Client
      ... I have a PPC2003 connected with my network in a ... location of my company via a wireless Access Point. ... PPC i connect to my server with the name of the server. ... With this PPC i connect trough terminal services client to the WINSERVER2003 ...
      (microsoft.public.pocketpc.wireless)
    • Re: wireless problem
      ... yup that's exactly the problem You wireless access point must be inside ... local area network. ... people from accessing resources on your network that they shouldn't ... > Yes Cris as the wireless router is connected to server on ...
      (microsoft.public.windows.server.sbs)
    • Steel Belted RADIUS - Logins are authenticated but only show as phantom logins
      ... authentication of client routers onto our network. ... We have recently had to move our RADIUS service to another server. ...
      (comp.os.ms-windows.nt.admin.security)