Forum

  • Can anyone help me with this problem?

    I do a bit of work for a school. Have set up a wireless network using 2003 server SP1, IAS and Certificate server, using WPA with AES. Everything working well, except for some wireless XP PC's. These PC's are in rooms without cabling.

    Users cannot logon to these XP machines unless they have logged on previously to these PC's with a cabled connection. I assume this is because they are first logged on using cached credentials before the wireless authentication takes place.

    Is there anyway around this, as I want many students to be able to access the network with these machines? It is impractical to log them all on to create a cached profile.

    Any helpful hints much appreciated.

    P.S. I have Win98 PC's running through bridged connections from some of these wireless XP machines. Logging on and authentication is not a problem and works well.

  • You need to configure it to allow for machine authentication.

    PEAP-MSCHAPv2 can perform machine auth using the machine password, which is known to each machine & the Active Directory. PEAP-TLS and EAP-TLS can perform machine auth using a machine certificate.

  • Thanks for the reply.

    I thought I would need machine certificates but was hoping for a way around it. The PC's are in the wirelessusers group and are authenticating OK that way...so the event logs say. I presume they are using PEAP like the user accounts?

    Anyway I didn't want to give any computer certificates at the moment as we're getting a new server in the new year and I was going to create a new CA on it rather than transfer the old CA over. I didn't want the hassle of revoking certificates etc, in case of problems. Also, I only gave the CA a 5 year period as I knew it was an interim measure.

    It's doing the job at the moment providing internet access for the students using a generic account so may leave it as is for now.

    Thanks anyway.

Page 1 of 1
  • 1