M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

MSM 760 and Active Directory Computer Authentication

 
SOLVED
Go to solution
Highlighted
Occasional Visitor

MSM 760 and Active Directory Computer Authentication

Greetings all.

I have a MSM 760, everything is up and running great, however there seems to be some fine tuning I need to do.

I'm using 802.11x authentication with a RADIUS (MS IAS) back end. It all works great with the Domain User supplicant. However, the way it is currently working, the actual authentication doesn't take place until after the user logs in with cached credentials. This causes a problem with login scripts and group policies.

The way I understand things, I should have it doing Computer Authentication, then User Authentication. I have created a Group in AD with the Computers added to it, I'm then using that as a supplicant in IAS for 802.11x authentication.

I'm not seeing any hits in event viewer that the 760 is even passing Computer Authentication information to the RADIUS Server. Any thoughts?

Thanks in advance

SJ

 

 

P.S. This thread has been moevd from Communications, Wireless (Legacy ITRC forum) to MSM Series. - HpForum Moderator

4 REPLIES 4
Highlighted
Trusted Contributor
Solution

Re: MSM 760 and Active Directory Computer Authentication

When using the AD integration it is the MSM760 that must be joined to the domain in order to authenticate the users on behalf of their computers. So this is a silly question but: is the MSM760 successfully joined to the domain? Then did you created active directory profiles that exactly match the name of the group returned by the AD server?
Highlighted
Occasional Advisor

Re: MSM 760 and Active Directory Computer Authentication

I believe Scott means that his solution is working fine, only when you reboot a notebook and logon via the AD-VSC, the Authentication will be succesfull only his AD scripts will not run.

The reason for this within Microsoft the Wireless Interface is not loaded BEFORE the authentication.
I know there is a registy setting around this, which i don't know out the top of my head.

Have a look at the link below, this will restart the script again.
http://support.microsoft.com/kb/840669

Keep us posted is this resolved it.

Mike Hydra
2 Fast 4 Wireless
Highlighted
Occasional Visitor

Re: MSM 760 and Active Directory Computer Authentication

I sincerely apologize for not responding. I got Fred's answer and realized that he is 100% correct. I had to remember to login from home because of the odd login name I seem to have for this forum, it's cached on my machine at home.

I haven't implemented the solution yet, but from what I understand it is going to work. I was hoping that the RADIUS Server would recognize the machine names in AD when added to a group, I guess it probably would if the MSM device made a query with that information. I guess it will only do that if it's an AD member.

Thanks for the replies, I'll try to remember to update the status of this once we implement it. Give back to the community.

Thanks again for the reponses.
Occasional Visitor

Re: MSM 760 and Active Directory Computer Authentication

Hello Scott,

 

Did Machine accounts group in AD authentication groups work for you?

 

Thanks