Wireless Access

Reply
New Contributor
Posts: 3
Registered: ‎05-27-2011

Logon Script Not Consistent

Our wireless network consists of a 3200 controller and AP105s. We are using EAP-TLS through Windows 2008 NPS. Our authentication works fine. What we are seeing is that the logon script does not run everytime. Trying to isolate the issue has been a lesson in frustration. I've tried resolving the issue through "Wait for network" and several other suggestions to no avail. I don't believe the issue to be a result of the Aruba configurations but was curious just what the Internal database entries are for. The entries that are auto created at logon. I assume that it is a caching of some sort to speed up login? I am not using the Internal Database for my authentication directly. I also can't seem to find any information on the use of the Internal database other than configuring it for direct athentication on the controller. Could some one explain it or point me in the right direction? Thanks.

Guru Elite
Posts: 20,959
Registered: ‎03-29-2007

Re: Logon Script Not Consistent

Are you using machine or user certificates?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎05-27-2011

Re: Logon Script Not Consistent

Yes, both.

New Contributor
Posts: 3
Registered: ‎05-27-2011

Re: Logon Script Not Consistent

Got it.

It was the default machine "Machine Authentication: Default Machine Role". I had it to restrictive. I wasnont getting the policy unless it is set to "Authenticated". I believe that setting should be fine. The machine auth default user roll is set to "logon" and it works fine. Does anyone see any issues with that  configuration? I suppose I could create a more restricted but functional role but a machine cannot connect without a machine cert.

 

Guru Elite
Posts: 20,959
Registered: ‎03-29-2007

Re: Logon Script Not Consistent

Machine auth role should be set to allowall.  At that time, nobody can get into the machine unless they authenticate, so there is no vulnerability.  It is the equivalent of having a PC plugged in wired at the ctrl-alt-delete screen.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: