0

I have a plethora of laptops that are joined to an AD domain. I have an enterprise wireless system setup, the users of these laptops will be using an OPEN unsecured SSID which will ultimately have a captive portal that uses Radius->AD auth and firewall rules to allow access pre-captive portal auth to the proper ip's/ports of DC's etc for auth etc.

I already have other laptops/users connecting to another SSID with 802.11x and SSO, all works perfectly pre-logon etc.

My problem is with this open network, for some reason I cannot get the machines to auth to AD. The laptops connect to the wireless network, I confirm this on the controller and can ping the laptop at startup. I sharked the wires on the 2 DC's that these machines auth to, I can see a DNS SOA update from a laptop im testing with and can ping that test laptop from both DC's. When I try to logon, "There are currently no logon servers available to service the logon request." The shark shows no incoming connections to either DC even though the laptop is connected and pingable.

Any help is greatly appreciated.

Shadow00Caster
  • 384
  • 1
  • 4
  • 15
  • Can you run Wireshark on the laptop itself, and find out what it's trying to do for the connection? – Shane Madden Mar 29 '12 at 18:40
  • 3
    And by the way, "sharked the wires" is a great expression. – Shane Madden Mar 29 '12 at 18:40
  • 1
    One thing I know is that by default, Windows 7 will enable its firewall for Wireless networks. Did you check that? – Yanick Girouard Mar 29 '12 at 19:36
  • I disabled the firewall completely, that was my first thought, and yes even though I have GPO to disable F/W it still enabled it for the "Public" wifi since it's an unsecured AP. I cant run wireshark on the laptop pre-logon to get a shark from the laptop .. unless theres some magic I don't know there =x. – Shadow00Caster Mar 29 '12 at 20:12
  • @Shadow00Caster Since you've got some other systems successfully using SSO over 802.11X, maybe you can help me out over here? http://serverfault.com/questions/374975/how-can-i-enable-domain-authentication-over-wireless-in-windows-7-2k8 – Iszi Mar 29 '12 at 21:08
  • @Iszi Posted an answer there for you, hope it helps. – Shadow00Caster Mar 29 '12 at 21:58

1 Answers1

1

I seem to have been misinformed by certain parties that the firewall rules were not enabled for that SSID, when in fact they were. Seeing as that was my first thought to the problem I should have just checked the controller for myself.

Answering my own question .. firewall rules on wireless controller preventing proper communication to DC's.

Shadow00Caster
  • 384
  • 1
  • 4
  • 15