802.1x New user on domain computer
Alex Sharaz
alex.sharaz at york.ac.uk
Tue Oct 29 16:47:15 CET 2013
On 29 Oct 2013, at 13:59, Alan DeKok wrote:
> Davide Garofalo wrote:
>> The problem is when user make logout.
>> The computer remake authentication and it's moved on its vlan (137) but
>> windows doesn't remake an ip renew.
>
> Then it's not a RADIUS issue. RADIUS is only relevant *before* the
> user authenticates.
>
>> If a new user (never logged in this
>> computer) tries to login, he can't finisch successfully the login
>> because the computer hasn't an ip address to reach the Active Directory.
>>
>> Someone knows how to solve this problem???
>
> Don't switch VLANs. Or, ensure that the machine has the same IP
> address on both vlans.
>
If you're running Windoze XP then what I had to do in the past is macauth the machine 1st which places the client in the correct vlan and has an IP address assigned to it. About 30 or 40 seconds after the user logs in via the windoze dialogue box the dot1x auth happens. Make sure a successful user auth places the machine in the same vlan as the mac auth. This ensures the client keeps the same IP address and everything works otherwise you get vanishing desktops when the client switches vlans
Win 7 does single signon so just configure it for user auth / single signon and any AD connections only happen after a successful network authentication
Rgds
A
> It seems that you're *also* switching IP addresses when you switch
> VLANs. Because the Windows box doesn't know you switched VLANs, it
> doesn't know to renew it's IP address.
>
> i.e. most people don't do this, because it doesn't work. Use another
> method to control network access. Or, ensure that the machine has the
> same IP address on both vlans.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list