Wireless Access

Reply
New Contributor
Posts: 2
Registered: ‎01-19-2012

Machine group policy not applied with RADIUS authentication

 

Hi,

 

A prospective client is testing a 620 controller with a 135 AP at the moment. On one of the SSIDs it is setup to use an external RADIUS server (running NPS on Windows) with authentication being via an internal domain issued certificate. This works okay but the problem is that machine group policies are not being applied.

 

From correlating the client and RADIUS logs you can see that the client fails to find a DC to get the machine group policy from a few seconds prior to the successful authentication on the RADIUS server. As the machine GP is only applied at boot-up the client will never get it.

 

What is responsilbe for the delay? Can I get better visibility on this somewhere in the controller?

 

This work-around below works but the client is still concerned as the same setup with Meru does not have this issue. Also would rather not implement a client side fix and is worried that this could be an issue for other services at boot-up that need full network connectivity straight away.

 

http://support.microsoft.com/default.aspx?scid=kb;EN-US;2421599

 

Also, he has only been able to test that on Win7 as that is all that is available.

 

Can anyone assist?

 

Cheers,

 

Dan

Guru Elite
Posts: 21,024
Registered: ‎03-29-2007

Re: Machine group policy not applied with RADIUS authentication

Do you have machine authentication setup on the wireless workstation AND the NPS server?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 2
Registered: ‎01-19-2012

Re: Machine group policy not applied with RADIUS authentication

Yes, both sides. It does work, just too slowly.

Guru Elite
Posts: 21,024
Registered: ‎03-29-2007

Re: Machine group policy not applied with RADIUS authentication

Can you see if the laptop logs in as host/<hostname> when it is at the ctrl-alt-delete screen?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: