Re: Domain not available on PEAP clients at first logon

From: Sam Salhi [MSFT] (samers_at_online.microsoft.com)
Date: 01/09/05 

Date: Sat, 8 Jan 2005 19:07:00 -0800

Your solution is innovative. I commend you on it. That's an awesome way to
do it 

-- 
      =============================================
  This posting is provided "AS IS" with no warranties, and confers no rights
      =============================================
"Mimmus" <viggiani@hotmail.com> wrote in message 
news:dOzud.15553$Lg7.515626@twister1.libero.it...
> "Sam Salhi [MSFT]" <samers@online.microsoft.com> ha scritto nel messaggio 
> news:%23XUxbd23EHA.924@TK2MSFTNGP14.phx.gbl...
>> Sorry but this is the chicken and the egg problem.
> :-)
>
>> What I would suggest to you here is to go to the PEAP configuration and 
>> allow the user to specify the credentials (don't use windows credentials)
> No, I'd like a transparent access to the network. It is a switched (not 
> wireless), enterprise network and I'd like to implement access control 
> without forcong clientrs to re-enter credentials.
>
>> The other option you have is to provision the machines on the regular 
>> network first, THEN get them on your secured 802.1x
> I solved enabling PEAP with 'computer' logon in addition to 'user' logon; 
> in such a way, if a PC belongs to domain, it enters in the network (like 
> host/machine-name) already before prompt and a user can login even if this 
> is his first logon (non cached credentials) or his password expired. 
> During next 802.1x re-authentications (or because network cable is 
> unplugged or because I enable reauth timeout on the switches), I will see 
> a user login (i.e. domain/user) in IAS log and this is OK for me.
> Non-domain clients and 'no more valid' users will be put in a guest, 
> isolated VLAN.
>
> I hope that this is correct!
>
> Domenico
>

Relevant Pages

  • Re: XP Pro - Logging on to Domain issues
    ... > The only thing I could find that closely resembles that is under Logon not ... > Group Policy and it is "Always wait for the network at computer startup ... >>> XP Pro machines that are joined on the domain and rebooted cannot ... >>> dialog box pops up asking you to log on with DIFFERENT credentials ...
    (microsoft.public.windowsxp.network_web)
  • Re: Cant use WM6 to access network shares
    ... unfortunately nothing in any of the event logs. ... the logon prompt. ... So for whatever reason it's just not passing my credentials ... Can get to about any other share on the network. ...
    (microsoft.public.pocketpc.wireless)
  • Re: IIS Auth Error - Kerberos/NTLM not accepting credentials
    ... > Services that users are having problems authenticating against. ... > someone tries to connect they are prompted for credentials. ... > Logon Failure: ... > network but the name of the machine. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Domain not available on PEAP clients at first logon
    ... credentials)>>> No, I'd like a transparent access to the network. ... It is a switched, enterprise network and I'd like to implement access control ... network first, THEN get them on your secured 802.1x>>> I solved enabling PEAP with 'computer' logon in addition to 'user'>>> logon; in such a way, if a PC belongs to domain, it enters in the>>> network already before prompt and a user can>>> login even if this is his first logon or his>>> password expired. ... During next 802.1x re-authentications, I will see a user login in IAS log and>>> this is OK for me. ...
    (microsoft.public.internet.radius)
  • Re: cached login credentials
    ... , it takes longer to investigate an attack and clean up after it than it does simply to nuke-and-pave, flatten-and-rebuild, whatever. ... then over time through precision monitoring of network ... Anything that does an interactive logon will store cached credentials, ... > domain admin account credentials), is a credential cached anywhere for> the ...
    (microsoft.public.windowsxp.security_admin)
Loading