Wireless Access

Reply
Contributor I
Posts: 79
Registered: ‎03-03-2015

Windows NPS 802.1x with single sign on issue

Hi all,

 

My office wi-fi is running 802.1x and EAP termination in windows nps. All the staffs domain laptop works fine until recently my boss has decide to allocate 2 unit of domain workstation in our pantry as public PC for staff access during break time.

 

The domain workstation is running wireless, no wired. The challeging part is everyday i'm annoyed by all these users complaining they can't logon the workstation with their AD credentials.

This is due to all these users is first time logon into the workstation. Without the connection, the PC couldn't validate the users and logon.

 

My current workaround is create a preshared key SSID for these 2 workstation and stay connected. Thus those first time logon users able to login with their domain credentials.

But this workaround is imperfect so I'm here to seeking every suggestion to improve this.

 

Do we able to achieve by removing the preshared-key SSID and all the first time login domain user still able to login in?

 

Thanks.

Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: Windows NPS 802.1x with single sign on issue

Machine authentication is not successful with termination and NPS. You would need a valid certificate on your NPS server and remove termination from the controller.

If machine authentication does not work, new users cannot login. It is that simple.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 79
Registered: ‎03-03-2015

Re: Windows NPS 802.1x with single sign on issue

Hi cjoseph,

 

no termination in the controller and all are passed to the NPS server.

The issue is new logon domain user failed to login the pantry public domain pc as i believe it is unable to verify the user account credentials with my domain controller.

I'm seeking on the possible soluton for this.

 

Thanks.

Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: Windows NPS 802.1x with single sign on issue

Sorry, I read that wrong.

Do you have your laptop's configured for machine authentication?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 79
Registered: ‎03-03-2015

Re: Windows NPS 802.1x with single sign on issue

so far is not configured in the pc.

Will the machine auth solved my issue?

The main challenge is every first logon domain user do not have the dot1x SSID profile configured when logging in thus it cause failure.

Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: Windows NPS 802.1x with single sign on issue

Yes.  The machine needs to be configured for user or machine authentication for users that have never logged on before to be able to login.  NPS also needs to be able to allow users in the Domain Computers AD group to login.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,320
Registered: ‎09-08-2010

Re: Windows NPS 802.1x with single sign on issue

Yes, you should configure a machine authentication system profile via group
policy.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 79
Registered: ‎03-03-2015

Re: Windows NPS 802.1x with single sign on issue

tested with machine auth and still doesnt work.

the pc did not have any connection during user logon, is the machine auth  still works and able to authenticate?

 

error "there are currently no logon servers available to service the logon request"

 

Thanks.

Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: Windows NPS 802.1x with single sign on issue

Look in the eventviewer of the NPS server to see if the computer passed authentication with a username of host/hostname.  If the computer passed authentication, it should have an ip address at the ctrl-alt-delete screen.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 79
Registered: ‎03-03-2015

Re: Windows NPS 802.1x with single sign on issue

yep, managed to resolve it by using machine auth now after long day today.

i missed out to configure the machine GPO for the wireless settings.

now is working. thanks!

Search Airheads
Showing results for 
Search instead for 
Did you mean: