General discussion

Locked

Wireless Access - Win Logon on domain

By joao_patrao ·
I have this problem:
a) all the users are in a Wireless Lan
b) The users must poweron and enter in windows 2000 professional so the WLAN card drivers are loaded and authentication is done on the Access Point

Problem: how can the users log on into the domain if they need to authenticate first in the WLAN Access point?

Is there any configuration needed to be done, so the domain authentication can only be done after WLAN conectivity?

Thanks in advance
Joao Patrao

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by d.walker5 In reply to Wireless Access - Win Log ...

What equipment are you using? I've not seen user authentication done on the access point. Authenication on a wireless network works in the same manner as on a wired network, an Access Point is merely a radio transmitter. Is your nework a Domain or Workgroup? Authentication, on a wireless domain network, is best done using a RADIUS server.

Check the WEB site of your wireless equipment provider for suggestions on setup. They all provide excellent diagrams. Also, see the many articles available here on Tech Republic.

Collapse -

by joao_patrao In reply to Wireless Access - Win Log ...

I am using the lastest Cisco Cards and Access Points:
AP Aironet 1200 and Aironet 802.11b/g cards.

What happens is that the driver that loads the Wireless Cards and connect to the acess point ( which is conected to the wired network, acessing the domain controller - Windows 2000 Server based Network) doesnt load as a service on startup.

So when the user tries to log on on the domain, he is not conected yet. He can only log on using his local profile.

I found something related to this in the internet. It seems that the ACU ( Aironet Client) is in the first version...and still has some caveats to resolve.

Question: Is there any procedure that i can take in the windows 2000 Professional that delays the conection to the domain, doing that only after the WLan conection is ready? This takes about 30 seconds in some computers...

Collapse -

by ND_IT In reply to Wireless Access - Win Log ...

As the previous poster pointed out, the authenication is not done by the access point, but done either by a radius server depeding on your setup. A node using a wireless connection authenicates to the domain much the same way a wired node does. As the computer/laptop/node starts up, the networking service should start as well, establishing a link to the domain, allowing the user to enter in their network credentials, then the domain controller authenicates that user.

If the users is having to log in locally first to get connected, I would check your settings on the wirless LAN card as well as the access point to make sure it is pointing to a domain. Also make sure you have the latest firmware for your access points.

Collapse -

by Mart H In reply to Wireless Access - Win Log ...

I agree with dwalker5, you are better of using radius authentication, even the most hardened AP's are easily cracked :-0

I have deployed an 802.1x authentication system, this has the added ability as long as your 2k clients have SP4 installed of being able to autheticate the machine to the AP's/ Radius before the user logs onto the domain by utilisation of certificates. This results in a three step process for authetication, a computer cetificate, a user cetificate and of course the domain logon credentials. The two certs are required to just get past the AP!!! This is all achieved using EAP-TLS.

More info on the follwoing links:
http://www.microsoft.com/windows2000/techinfo/administration/security/wirelessec.asp
http://support.microsoft.com/default.aspx?scid=http%3a%2f%2fwww.microsoft.com%2fwifi
Microsoft Knowledge Base Article - 313664:Using 802.1x Authentication on Computers Running Windows 2000


This is more complex solution but it does allow for ip leasing and it overcomes the inherent security flaws that are part of the WiFi standard.

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums