General discussion


New users in a pure wireless environment - login issues

By scott.holmes ·

I'm trying to work out a way to allow new users to a mobile device to log in to the domain.

Here is the info:

Windows XP Embedded device
Wireless LAN connected only
Domain authentication for the users
802.11i (WPA2 w/PEAP-MSCHAPv2) using windows logon for wireless authentication.
Currently using Atheros Client Utility for wireless configuration because there is not yet a WPA2 component for XP Embedded.
Radius server for the wireless authentication ( I think Steel-Belted Radius )

A pre-authenticated user can log in and connect with no problem.
A new user cannot log in - gets domain unavailable.

Is there a way to order the log-in so that the wireless authentication is preformed first, then the Active Directory authentication happens so that the user can access the device?

Thanks in advance for your help!


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Authenticate device not user

by Drewski59 In reply to New users in a pure wirel ...

Scott, I've been watching your post all day hoping to see a response since I'm working on a similar situation. I'll jump in with my limited knowledge. I think you want to have the mobile device be the authentication source rather than the user. For example, if the computer is a member of the domain, let them have a DHCP address. Then the user can logon, be authenticated against the domain, and use the mobile device on the first logon.

It would be nice to hear from someone that has already done this.


Collapse -

I don't think you can

by rbroder In reply to Authenticate device not u ...

I recently tried to make a branch office completely wireless. This has been a limited failure for many reasons. But to address your problem, it seems that on some OS and some wireless cards, when the machine is booted, the user has to log on before the connection is made to the network. Therefore a new user is in a catch-22. They can't connect to the network until the network connection is made and the connection cannot be made until they log in. The only solution is to log in locally or with previously cached credentials, and set up the wireless network. Then log out (not restart) and let the new user log-in. Once the wireless connect is started, it will stay up until the next reboot.

Collapse -

Now that I think about it

by ciruthless In reply to I don't think you can

Might want to check your running network services in computer management....

Collapse -

Wireless logons (at least in Vista)

by zackc In reply to Authenticate device not u ...

I ran into the same catch-22 that was described here. I'm using 802.1x (PEAP/MSCHAP v2) for authentication on the wireless network.

What I found was that I needed to allow the *computer* to log into the wireless, as well as the user.

For me, I'm using Window's built-in IAS service as my Radius server, and I had created a group in the Active Directory to keep track of who had rights to log in wirelessly. To make it work, I had to add the computer account into this Security Group.

By default, when you go to add the computer account in the Active Directory Users and Computers, computers aren't available. You have to click on the Object Types button and check the box next to Computers. Then you can type of the name of the physical computer (that was already joined to the domain BTW).

It worked for me on a new Dell Vostro laptop running Vista Business. I haven't yet tested it on XP Pro.

Collapse -

Automatic features

by ciruthless In reply to New users in a pure wirel ...

Open network connections and check the properties of the connections. Under general tab there are a-lot of options for setting the hardware along with designating manual or automatic TCP/IP. Do you get the error "cannot renew IP or DNS failure?"

Collapse -

your logon issue

by mike.panagos In reply to New users in a pure wirel ...

With Windows XP Pro for sure there is a "Authenticate as computer when computer information is available" check box that authenticates using a certificate on the client computer if you are using 802.1x authentication. I'm not sure if you can do that using WPA2 though or with the Atheros Client.

Collapse -


by sszzl3 In reply to your logon issue

Hopefully it's as easy for you as it is for me...All I did was create a wireless connection profile within a seperate local account. That way you can connect automatically to the domain with the local account when u start up. Once this is done, look in the advanced settings of the wireless profile for an option that says something like "maintain connection on logoff"...then logoff and logon with the domain profile first time. Let me know if this helps.

Related Discussions

Related Forums