Domain login at Power up

dandawson · ‎07-11-2004

I have built a Complete wireless network at a Hospital. We are using the HP tablets..We have Dell ABG cards in them..>We are using PEAP. If we are already powered up and running and want to access the network via wireless..no problem..However, if the Tablet is powered up with the wireless card in it, and no LAN connectivity,, We try using the Wireless NIC to gain Domain access and it says it cannot locate the domain, we are using the database for windows....We are using ACS for authentication...we cannot get the client to login to the domain from power up.....Talk to me, what needs to be done if anything..By the way, if I install the Cisco ABG card..it is the same..I cannot see the domain on initial powere up/Login....HELP

gamccall · ‎07-12-2004

Make sure the client machine is enrolled in the domain, and enable "authenticate as machine" in the appropriate PEAP configuration screen.

jcosgrove · ‎07-16-2004

How are your clients configured? Are you using the cisco ADU with the cisco card or WZC? We currently do this and have no problems. We use WZC and the cisco ABG with a driver only install. I assume you are using XP on the tablets. When setting up the network you will have to enable client to use machine account before login. This is the checkbox "authenticate as computer when computer information is available". The machine will also have to be part of the domain as well as have the certificate installed. In this config the machine logs in before the user logs in for domain access. When the user puts their information in and logs in the machine should have access to the domain and authenticate the user credentials.

dandawson · ‎07-16-2004

Sounds exactly like what I am going through...thanks.....So the machine itself will have to become part of the domain....Is that from an IP persepctive or just hard coding the MAC..

dandawson · ‎07-26-2004

Hello

Well I have tried to do this..and it does not work. I cannot login to the domain from power up, it will not find the Domain....I have inserted this piece of info from the Cisco website..I see no way to do Wireless login across the domain at power up, without connecting to the network first or booting through windows...

Troubleshoot

.

·

If machine authentication fails on the wireless client, there will be no network connectivity on the

wireless connection. Only accounts that have their profiles cached on the wireless client will be able

to log in to the domain. The machine will need to be plugged in to a wired network or set for wireless

connection with no 802.1x security.

·

If automatic enrollment with the CA fails when joining the domain, check Event Viewer for possible

reasons. Try checking the DNS settings on the laptop.

·

Cisco − Cisco Secure ACS for Windows v3.2 With PEAP−MS−CHAPv2 Machine Authentication

jcosgrove · ‎07-26-2004

I heard that thay will have this fixed in the next release. 1.1.0.16 I think is the version they will release next. I have this working by using a driver only installation with no ADU installed. You then have to configure the microsoft client to use machine account when there is no user information. This will allow the machine access to the network before the user logs in.

dandawson · ‎08-09-2004

Ok..By placing the certificates for Machine authentication into the local machine store I can get machine authentication....When I type my name/password and domain...it takes off like ts going to run the login.scripts kick-off.etc, but when everything is complete, it does not issue me an ip address......Do I need to place the machines into a group where the IP addresses are issued to them, and not the to the users any longer....I mean once the machine is authenticated, the dhcp server should issue the address...If I keep the users int he same group and issue them an address, it seems as though thigs do not work properly, and I eventually lose connectivity.....