Re: IAS and domain problems
From: dupont1e (dupont1e_at_discussions.microsoft.com)
Date: 02/25/05
- Next message: Thomas K: "Re: Locking down IAS and NAS"
- Previous message: Timo: "Re: Locking down IAS and NAS"
- In reply to: Manjunath Bharadwaj [MSFT]: "Re: IAS and domain problems"
- Next in thread: Manjunath Bharadwaj [MSFT]: "Re: IAS and domain problems"
- Reply: Manjunath Bharadwaj [MSFT]: "Re: IAS and domain problems"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 25 Feb 2005 07:49:12 -0800
Your understanding is correct. As per your suggestion, I changed the default
Connection Request Policy (Use Windows authentication for all users) to
substitute the unknown domain\user with the known domain\user but nothing has
changed. When I attempt connect, I generate the same event as shown below
(as if the substitution didn't occur). However, this would not be a
desirable solution as I presume I would need a substitution for each wireless
user. I saw in another post something about the Core Platform SDK and a DLL
that could be installed to affect other domain access. Would that solution
apply here?
Thanks, Eric
"Manjunath Bharadwaj [MSFT]" wrote:
> Eric,
>
> If I understand this correctly, your setup has:
>
> myComputer = name of XP client
> myUser = name of user account on XP client, and does not exist on DC
>
> Are my assumptions right? If so, you cannot authenticate this user from your
> DC since the DC has no way of knowing his credentials (they exist on the XP
> machine).
> You can try this:
>
> On your IAS server, go to "Connection Request Policies" and edit Profile ->
> Attribute tab and add a manipulation rule to change the user name to some
> name that exists on the DC. Then the DC will authenticate the local user as
> if he were a different user on the DC.
>
> Let me know if I misunderstood your question.
> Thanks, Manju
>
>
> -----------------------------------
> This posting is provided "AS IS" with no warranties, and confers no rights
>
>
> "dupont1e" <dupont1e@discussions.microsoft.com> wrote in message
> news:B4DE1C10-FD10-4602-904C-6867E3809984@microsoft.com...
> > I'm fairly new to windows and am trying to setup IAS for a wireless
> > environment w/802.1x. I have a W2k3 server configured as DC within a
> > mostly
> > unix environment, along with an XP client and HP AP. Server is running
> > AD,
> > IAS, and CA, but no DHCP. Primary DNS is linux (company.com), but I've
> > setup
> > server to act as primary for a sub-domain (lab.company.com). Client logon
> > is
> > with local user account, and I'm not trying to authenticate the machine,
> > only
> > the user (connecting to AP only after local logon). I keep getting this
> > event:
> >
> > User myComputer\myUser was denied access.
> > Fully-Qualified-User-Name = myComputer\myUser
> > NAS-IP-Address = 192.168.10.191
> > NAS-Identifier = HP420 AP
> > Called-Station-Identifier = 00110a2a532b
> > Calling-Station-Identifier = 000cf13857b7
> > Client-Friendly-Name = hp420
> > Client-IP-Address = 192.168.10.191
> > NAS-Port-Type = Wireless - IEEE 802.11
> > NAS-Port = 1
> > Proxy-Policy-Name = Use Windows authentication for all users
> > Authentication-Provider = Windows
> > Authentication-Server = <undetermined>
> > Policy-Name = <undetermined>
> > Authentication-Type = EAP
> > EAP-Type = <undetermined>
> > Reason-Code = 7
> > Reason = The specified domain does not exist.
> >
> > How can I have the server accept the request from another (perhaps any)
> > domain?
> > Thanks, Eric
>
>
>
- Next message: Thomas K: "Re: Locking down IAS and NAS"
- Previous message: Timo: "Re: Locking down IAS and NAS"
- In reply to: Manjunath Bharadwaj [MSFT]: "Re: IAS and domain problems"
- Next in thread: Manjunath Bharadwaj [MSFT]: "Re: IAS and domain problems"
- Reply: Manjunath Bharadwaj [MSFT]: "Re: IAS and domain problems"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
