+ Post New Thread
Results 1 to 9 of 9
Wireless Networks Thread, Refusing Non domain Computers in Technical; Hello, Does anyone know of way, in either DHCP or DNS, to refuse any network access and authentication for any ...
  1. #1
    BKGarry's Avatar
    Join Date
    Mar 2006
    Location
    Kent
    Posts
    988
    Thank Post
    102
    Thanked 139 Times in 110 Posts
    Rep Power
    50

    Refusing Non domain Computers

    Hello,

    Does anyone know of way, in either DHCP or DNS, to refuse any network access and authentication for any laptops or workstations that are not a part of out Domain.

    We are running 2003 server all nice and vanilla.

    Gaz

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227

    Re: Refusing Non domain Computers

    Buy switches that support 802.1X authentication. Set them up to use the IAS service (same way as a Wifi AP).

  3. #3
    BKGarry's Avatar
    Join Date
    Mar 2006
    Location
    Kent
    Posts
    988
    Thank Post
    102
    Thanked 139 Times in 110 Posts
    Rep Power
    50

    Re: Refusing Non domain Computers

    We have a full HPProcurve backbone including the WAPs just wondering if you could do it with DHCP

    Gaz

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227

    Re: Refusing Non domain Computers

    It's possible to do it with Secure DHCP. However the stock DHCP server included in w2k3 doesn't do that. You'd need to replace your current W2k3 DHCP/DNS infrastructure with a *nix based one.

    Another option would be to set reservations for all your PC's MAC addresses but that's tedious and doesn't protect you at all really. You'd have the same problem as Wifi AP's do with clients running with spoofed MAC addresses.

    The 'correct' solution as I've already stated is 802.1X authentication, just like Wifi AP's use. I have no idea if HP Procurves support it, they might.

  5. #5
    fooby's Avatar
    Join Date
    Dec 2005
    Posts
    351
    Thank Post
    0
    Thanked 5 Times in 4 Posts
    Rep Power
    20

    Re: Refusing Non domain Computers

    I have a procurve, will investigate also

  6. #6
    BKGarry's Avatar
    Join Date
    Mar 2006
    Location
    Kent
    Posts
    988
    Thank Post
    102
    Thanked 139 Times in 110 Posts
    Rep Power
    50

    Re: Refusing Non domain Computers

    trying to find out exactly how to do it, if you discover this magic let met know

  7. #7

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,777
    Thank Post
    960
    Thanked 1,378 Times in 842 Posts
    Blog Entries
    1
    Rep Power
    456

    Re: Refusing Non domain Computers

    Yeh sounds good

  8. #8
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,491
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114

    Re: Refusing Non domain Computers

    I've been looking into this today. Its seems like you will need to utilise vlans as well to make the network useful. That way non authenticated machines could access some services. Ghost or RIS for example.

    I'm trying to work out ip vlans, ip routing, subnets and 802.1x atm. The section in the procurve manuals is 700+ pages and I'm a bit out of my depth :P

  9. #9
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    30

    Re: Refusing Non domain Computers

    I hear you there - that stuff baffled me too.

    Wheres the trainin' man....wheres the trainin'?

    Nath.



SHARE:
+ Post New Thread

Similar Threads

  1. Can't connect new computers to my domain?
    By Blind in forum Windows
    Replies: 14
    Last Post: 2nd August 2007, 11:42 PM
  2. Replies: 3
    Last Post: 10th April 2007, 09:40 AM
  3. 1 Domain + 1 domain + syncronised users = possible?
    By tarquel in forum Wireless Networks
    Replies: 52
    Last Post: 30th October 2006, 03:08 PM
  4. Replies: 15
    Last Post: 15th September 2006, 10:01 PM
  5. RM Computers.
    By Quackers in forum Bad Experiences
    Replies: 7
    Last Post: 26th January 2006, 03:51 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •