Security

Hi.

My wi-fi users logon to the domain by authentication radius and ldap. 

My problem is, a user have a laptop and logon to the domain ok if other user that never work in this laptop try  logon to the domain receive a message "there are no logon servers to authenticate". But if I connect laptop to a wired network the user have success to logon to the domain, and after this he can logon to the domain by network wi-fi. 

Anyone can help? 

You must be doing machine authentication for your domain login to succeed (login scripts).

Is your radius server allowing machine authentication and are your 802.1x clients setup for machine authentication?  At minimum, that is necessary to run login scripts or to login to a machine that a user has never logged in before.

Since there is no 802.1x connection before a user authenticates, 802.1x will not allow a domain login, UNLESS the machine authenticates first, when the user is at the ctrl-alt-delete screen.  

Users who have logged into the machine successfully before will have their username and password cached and a profile built ahead of time, so they will not see that "no domain login" prompt.  New users will not be able to login, however, unless you have machine authentication configured on radius server and client.

Colin thanks for your response.

Our windows administrator read e check configurations, domain users is included in radius server permission.

What is stranger is when I try with the other user immediately the laptop response "not servers to logon", it is like  don't try to contact the radius. I suspect the new user can't watch wireless adapter. Understand?

I remember when the begin the wireless network any device can login in this SSID Corporate, then the role changed, before the validation to the radius server there is mac authentication.

I will continue study.

Thks again.

Hi Colin.

We found the solution. Is it ok with radius and domain servers. The problem was configuration in the laptop.

I send the screen. 

Thks for your help.