Wireless GPO Radius Auth + Home access
I'm sure this question has been answered before but darned if I can find it, so I'm throwing myself open to vilification, jibes and hopefully... an answer or two.. ;)
The problem is staff laptops at a primary school..
I'm currently using a Radius server system for authentication and access to the network and while this is working great for ensuring we don't suffer from anyone accessing the system with Passwords, etc... it does mean that I've hit a couple of issues:
1. Any laptops that refuse to pre-auth, fail to authenticate and end up in a loop (Netbooks in particular)
2. Staff laptops will access the school wlan fine but then find that they can't do any work on their home wireless net because the system refuses to accept any other wireless settings.
The solution to both so far has been to relax the authentication somewhat to set the EAP-MSCHAP so it doesn't automatically use the Windows Logon if available.
Unfortunately this means 2 things.
1. The laptops using this policy can't connect to the domain until they've logged in and of course this means:
2. They can't use their domain account to login because it can't authenticate.
Now, writing this out I'm acutely aware that my knowledge on this is showing holes and probably because I'm dialling down my schools work I honestly can't remember how or why I opted for this approach..
If it helps at all we have a Netgear WFS709T WLAN controller on a Win2k3 domain (with a win2k8 server) and Radius on a Win2k3 server.
Anyone offer any suggestions on a complete rethink (on settings - not hardware) or some solutions to the issue... ?