List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] Wireless Access

Prev Next

You are not authorized to post a reply.

Author

Messages

jfigueroa

Posts:13

11/09/2007 12:34 PM
Good morning experts, I have a Wireless LAN question that can be tied to Active Directory. I have a request to provide a domain userid that will be used by wireless devices (Infusion pumps, I believe) that will allow for wireless access but prevent the userid from logging onto the domain. The risk is that this specific userid will be on thousands of these devices. We use Cisco ACS and wireless access points. I believe this happens by asking if the userid asking for access is part of a domain global group. I thought of a few potential solutions: 1) Use a local user account on the ACS devices instead of a domain user accountto allow wireless access. For some reason this is not something our Cisco folks want to do. I could see an upgrade or migration that does not carry over this local userid and the devices stop working. 2) Use a domain userid but restrict the userid to logon only to a bogus workstation. I thought this would allow for authentication to the wireless network but prevent the userid from being used on a typical workstation. The folks that tested this tell me it did not work... they had to remove the workstation restriction from the domain userid to get them on the wireless network. 3) Some kind of GPO?. I am not finding anything useful in my searches. We are a 2003 Active Directory domain. Thanks in advance. Johnny Figueroa Integrator Consultant Information TechnologyBanner Health 602 747 4195 Johnny.Figueroa@bannerhealth.com

jfigueroa

Posts:13

11/09/2007 3:35 AM
We did try the Cisco servers but maybe we need to add the DCs?. If we need to add the DCs that could be a troublesome thing to remember as you add and remove DCs. Thanks From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Jack ParkinSent: Friday, November 09, 2007 10:45 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Wireless Access Try adding your Cisco authentication server to the workstation list, we had to do that to get ours to work. I think that was all we had to do, although its possible you need to add the DCs as well. -Jack "Figueroa, Johnny" Sent by: ActiveDir-owner@mail.activedir.org 11/09/2007 12:37 PM Please respond toActiveDir@mail.activedir.org To cc Subject [ActiveDir] Wireless Access Good morning experts, I have a Wireless LAN question that can be tied to Active Directory. I have a request to provide a domain userid that will be used by wireless devices (Infusion pumps, I believe) that will allow for wireless access but prevent the userid from logging onto the domain. The risk is that this specific userid will be on thousands of these devices. We use Cisco ACS and wireless access points. I believe this happens by asking if the userid asking for access is part of a domain global group. I thought of a few potential solutions: 1) Use a local user account on the ACS devices instead of a domain user account to allow wireless access. For some reason this is not something our Cisco folks want to do. I could see an upgrade or migration that does not carry over this local userid and the devices stop working. 2) Use a domain userid but restrict the userid to logon only to a bogus workstation. I thought this would allow for authentication to the wireless network but prevent the userid from being used on a typical workstation. The folks that tested this tell me it did not work... they had to remove the workstation restriction from the domain userid to get them on the wireless network. 3) Some kind of GPO?. I am not finding anything useful in my searches. We are a 2003 Active Directory domain. Thanks in advance. Johnny Figueroa Integrator Consultant Information Technology Banner Health 602 747 4195 Johnny.Figueroa@bannerhealth.com

JackP

Posts:40

11/09/2007 12:45 PM
Try adding your Cisco authentication server to the workstation list, we had to do that to get ours to work. I think that was all we had to do, although its possible you need to add the DCs as well. -Jack "Figueroa, Johnny" Sent by: ActiveDir-owner@mail.activedir.org 11/09/2007 12:37 PM Please respond to ActiveDir@mail.activedir.org To cc Subject [ActiveDir] Wireless Access Good morning experts, I have a Wireless LAN question that can be tied to Active Directory. I have a request to provide a domain userid that will be used by wireless devices (Infusion pumps, I believe) that will allow for wireless access but prevent the userid from logging onto the domain. The risk is that this specific userid will be on thousands of these devices. We use Cisco ACS and wireless access points. I believe this happens by asking if the userid asking for access is part of a domain global group. I thought of a few potential solutions: 1) Use a local user account on the ACS devices instead of a domain user account to allow wireless access. For some reason this is not something our Cisco folks want to do. I could see an upgrade or migration that does not carry over this local userid and the devices stop working. 2) Use a domain userid but restrict the userid to logon only to a bogus workstation. I thought this would allow for authentication to the wireless network but prevent the userid from being used on a typical workstation. The folks that tested this tell me it did not work... they had to remove the workstation restriction from the domain userid to get them on the wireless network. 3) Some kind of GPO?. I am not finding anything useful in my searches. We are a 2003 Active Directory domain. Thanks in advance. Johnny Figueroa Integrator Consultant Information Technology Banner Health 602 747 4195 Johnny.Figueroa@bannerhealth.com

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Wireless Access

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads