WZC Locks Domain Account While Authenticating

Discussion in 'Wireless Networks' started by Kevin, Feb 17, 2009.

  1. Kevin

    Kevin Guest

    We allow WZC to manage our laptop wireless connections. We have
    approximately 3500 laptops users with same access to employee wifi using
    WPA-Ent TKIP. Of these 3500 laptop users, we have about 10 users who can not
    authenticate through WZC, through Aruba network, to Radius server.

    The WZC eventually locks the users domain account.

    If I install the Intel PROSet Wireless Wifi Connection Utility,
    authentication works properly without fail.

    Any thoughts / suggestions?

    I would prefer to identify a solution vs. leaving on connection utility.
     
    Kevin, Feb 17, 2009
    #1
    1. Advertisements

  2. Don't have a clue what Aruba is
    I know what RADIUS is

    Are you talking about authenticating to the Domain as a user on the Domain
    or are you talking about autnenticating to the WAP to establish the wireless
    connection between the PC and WAP?

    I probably don't have an answer,...but the answer to my question will
    probably help whoever does to understand what they are really dealing with.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Feb 17, 2009
    #2
    1. Advertisements

  3. Kevin

    Kevin Guest

    Phillip: thanks.

    To answer your questions, Aruba is our wireless vendor.

    Authentication is failing to authenticate against windows AD. If no
    authentication occurs, wireless connection can not occur.

    Kevin
     
    Kevin, Feb 17, 2009
    #3
  4. Ok,..so it is the authentication used to allow the connection from the PC to
    the WAP. It is not the users "desktop" authenticating to AD for the user
    to access Domain resources. Even if AD accounts are used,..those are still
    two different things and that is what I wanted to verify.

    Have to wait to see what others think about that. This is pretty much a
    "blind" question,..there are no details to base any judgments on. What
    about log entries?..Event Log entries?,...on both the Radius Server and the
    Domain Controller?

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Feb 17, 2009
    #4
  5. Kevin

    Kevin Guest

    Phillip - we built a second radius using iis vs. steel belted radius.

    We will be looking at logs on the radius and the client.

    I would love to know if anyone else has experienced this issue...

    Don't ya love the wait and see game...

    Thanks,
     
    Kevin, Feb 17, 2009
    #5
  6. Whenever I have a problem with our WPA-Ent TKIP, I would check the IAS event
    log first. If it doesn't have event logged, I would check the connection. If
    you do have IAS event ID logged, please psot here. Or check this link:

    IAS Issue CollectionsMost Windows IAS Event ID errors are related to
    security and permission issues. Review the security or permission settings
    first. ...
    www.chicagotech.net/troubleshooting/eventid2.htm


    --
    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com
     
    Robert L. \(MS-MVP\), Feb 17, 2009
    #6
  7. Kevin

    Kevin Guest

    The good news is that the troubled user accounts we tested via the new IIS
    aithentication worked without issue. I'm drawing my conclusion to the
    outdated version of Steel Belted radius of 4.71 and perhaps the oh so
    enjoyable WZC service.

    But we seem to be in a much better place using IIS vs. Funk.

    The problem with our log files on current Radius was that even though
    detailed logging was enbabled, we were not seeing any authentication failures.
     
    Kevin, Feb 18, 2009
    #7
  8. So it really was called Steel Belted Radius! I thought you were just having
    a little fun with the name.

    Now the WZC service is really an excellent tool and out performs any third
    party tools I have seen,....not because of all its features, because it
    pretty much has none,...it is the simplicity and lack of features that make
    is so dependable in my opinion (there is less to get screwed up). The best
    thing about it is that it runs as a service so it allows the wireless nic to
    activate without anyone logging in. I don't know of any other tools that do
    that (dependably) and it needs to happen if the user is logging in to a
    machine for the first time where there is no cached account to let them on.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Feb 18, 2009
    #8
  9. Kevin

    Fahim Fahim Guest

    I basically check where the the actual computer was in the domain and moved to the same OU under the user was located. for example. Office.net -> Sydney->Users and Computers i moved it to "SYDNEY computers", but first you need to do a search and find where that specific users computer is liocated.



    Posted as a reply to:

    WZC Locks Domain Account While Authenticating

    We allow WZC to manage our laptop wireless connections. We have
    approximately 3500 laptops users with same access to employee wifi using
    WPA-Ent TKIP. Of these 3500 laptop users, we have about 10 users who can not
    authenticate through WZC, through Aruba network, to Radius server.

    The WZC eventually locks the users domain account.

    If I install the Intel PROSet Wireless Wifi Connection Utility,
    authentication works properly without fail

    Any thoughts / suggestions?

    I would prefer to identify a solution vs. leaving on connection utility.

    EggHeadCafe - Software Developer Portal of Choice
    WCF Workflow Services Using External Data Exchange
    http://www.eggheadcafe.com/tutorial...a-6dafb17b6d74/wcf-workflow-services-usi.aspx
     
    Fahim Fahim, Sep 18, 2009
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.