+ Post New Thread
Results 1 to 5 of 5
Wireless Networks Thread, RADIUS - Group policy before login in Technical; Hi We're in the process of moving over from WPA2 PSK over to WPA2 802.1X. We're using 'User authentication' on ...
  1. #1

    Join Date
    May 2012
    Location
    Selby
    Posts
    36
    Thank Post
    8
    Thanked 1 Time in 1 Post
    Rep Power
    0

    RADIUS - Group policy before login

    Hi

    We're in the process of moving over from WPA2 PSK over to WPA2 802.1X. We're using 'User authentication' on our NPS and have selected 'Single sign on type as: preLogon'

    I'm happy with the way the wireless encryption is working and everyone is able to logon. The authentication is occuring after the user has logged in (as I would expect it too). What about the group policies that would normally be applied before a user is able to log in?

    Any idea guys.

    Thanks

    Tom

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,342
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    You can setup machine authentication in group policy with user re-authentication if you want and that way the machine connects with it's computer account so those gpo's will apply.

    Ben

  3. #3

    Join Date
    May 2012
    Location
    Selby
    Posts
    36
    Thank Post
    8
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi

    I've set changed the NPS so that it only accepts computer groups and altered the GPO for my wireless security so that we're using 'computer authentication.

    This doesn't work, none of my GPOs will apply.

    I've set 'Always wait for the network at computer startup and logon'

    Any ideas?

    Thanks

    Tom

  4. #4

    Join Date
    May 2012
    Location
    Selby
    Posts
    36
    Thank Post
    8
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Anybody?

  5. #5

    Join Date
    Jan 2014
    Location
    NZ
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi,

    Usually you need to have a policy in NPS that has the windows computer groups added as allowed. You can check the NPS logs to see why the client is being denied from the event viewer > custom views > roles in 2k8+

    You then have to create the GPO with computer authentication + the valid options. Then you need to make sure you have gpupdated with a valid connection to your domain controller to get this policy change e.g plug in a lan cable or have a wireless SSID that has this access to make it work.

    If you can add some screenshots of you NPS configuration or PM them to me I can assist.

    Also what are you using for 802.1x ? EAP-TLS? etc.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 11
    Last Post: 21st November 2013, 11:32 AM
  2. Replies: 12
    Last Post: 23rd April 2012, 12:31 PM
  3. Group policy to hide sleep/hibernate from Windows 7 Login screen
    By ihaveaproblem in forum Windows Server 2008 R2
    Replies: 7
    Last Post: 19th September 2011, 09:06 PM
  4. Replies: 7
    Last Post: 20th December 2007, 03:45 PM
  5. Replies: 4
    Last Post: 12th July 2007, 08:11 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •