802.1x New user on domain computer

Alan DeKok aland at deployingradius.com
Tue Oct 29 14:59:44 CET 2013


Davide Garofalo wrote:
> The problem is when user make logout.
> The computer remake authentication and it's moved on its vlan (137) but
> windows doesn't remake an ip renew.

  Then it's not a RADIUS issue.  RADIUS is only relevant *before* the
user authenticates.

> If a new user (never logged in this
> computer) tries to login, he can't finisch successfully the login
> because the computer  hasn't an ip address to reach the Active Directory.
> 
> Someone knows how to solve this problem???

  Don't switch VLANs.  Or, ensure that the machine has the same IP
address on both vlans.

  It seems that you're *also* switching IP addresses when you switch
VLANs.  Because the Windows box doesn't know you switched VLANs, it
doesn't know to renew it's IP address.

  i.e. most people don't do this, because it doesn't work.  Use another
method to control network access.  Or, ensure that the machine has the
same IP address on both vlans.

  Alan DeKok.


More information about the Freeradius-Users mailing list