Windows Scripts won't run consistently when using 802.1x user authentication on WLAN

Discussion in 'Wireless Networking' started by Russell, Oct 15, 2007.

  1. Russell

    Russell Guest

    Installing new Trapeze wireless LAN using 802.1x user authentication. Using
    IAS on Win2003 R2 Domain Controller for user authentication. Connection to
    the WLAN is successful on both WinXP and Vista.

    Problem: Our Windows logon scripts (neither Computer or User) for drive
    mapping and printer setup in Group Policy don't execute. For complete
    disclosure, they never work on Vista, but sometimes work on WinXP.

    I'm guessing that the point in time where the scripts should fire is prior
    to the 802.1x WLAN authentication process, but there has got to be a
    solution. Any advice appreciated.

    thanks, Russell
     
    Russell, Oct 15, 2007
    #1
    1. Advertisements

  2. Russell

    Russell Guest

    okay, finally got this to work and half-way understand the details. quick
    notes.

    Used PEAP with MSChap v2. This allows the WLAN connection to occur prior to
    user authentication in order for the Group Policy script to fire.

    Get an Server SSL Certificate like you would for a https:// web site. Get
    it signed by a CA. We used Godaddy.com. Import into the IAS server's
    certificate store.

    On IAS, Remote Access Policy, Edit Profile, Authentication, EAP Methods,
    PEAP, select your the certificate.

    On XP or Vista client, in WirelessLAN properties, choose to Validate Server
    certificate and choose your Trusted Root Certificate Authority.

    On further note: On the Trapeze wireless LAN controller, had to tell it to
    look to the RADIUS server for certificate instead of using its own self
    generated one.

    Those are sloppy notes, but hopefully will be enough to help others with
    similar problem. regards, Russell
     
    Russell, Oct 15, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.