Solved: Re: Limit acces to computers in AD domain - Page 3

don_henry · ‎05-11-2011

We have

ACS 5.2, WLC 5500, and we have been unable to limit our access service to

machine authentication against AD. This is resulting in other

unintended devices being allowed access to the WLAN, users simply accept the cert and are allowed access. How can I prevent

non-domain devices? or test the device for domain membership?

Thanks

Scott Fella · ‎11-21-2011

Well ACS is working fine then. The issue is with Windows XP. I know that when I tried that registry fix on an XP machine I had it didn't work. My clients XP machine it worked. You might try different XP machines with different images maybe.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

CCL Network Services Group · ‎11-30-2011

again tried it with Windows XP/7

in Windows 7, it sends the host/machinename and works flawlessly, but in Windows XP it just sends the Domain/username and does not work..tried everything that i can think for a while...any ideas

Scott Fella · ‎11-30-2011

That is the same issue I had. We were only able to get certain XP machines o work. The others XP machines just didn't work with the registry edit.

We basically had to create two

SSIDs and migrate machines to Windows 7 then deleted the other SSID for XP machines that did only username and password.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

CCL Network Services Group · ‎11-30-2011

Found the other issue, if i disable Server cert validation on client, it work . so something to do with Certificates..at least some progress..

thanks Scott.

Scott Fella · ‎11-30-2011

Validate server certificate only works of you have the root CA in the trusted root store on the device.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***