[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: 802.1x New user on domain computer
From:       Alex Sharaz <alex.sharaz () york ! ac ! uk>
Date:       2013-10-29 15:47:15
Message-ID: 820E6F40-71C4-4CAB-9E73-16BA0CB81FF1 () york ! ac ! uk
[Download RAW message or body]


On 29 Oct 2013, at 13:59, Alan DeKok wrote:

> Davide Garofalo wrote:
> > The problem is when user make logout.
> > The computer remake authentication and it's moved on its vlan (137) but
> > windows doesn't remake an ip renew.
> 
> Then it's not a RADIUS issue.  RADIUS is only relevant *before* the
> user authenticates.
> 
> > If a new user (never logged in this
> > computer) tries to login, he can't finisch successfully the login
> > because the computer  hasn't an ip address to reach the Active Directory.
> > 
> > Someone knows how to solve this problem???
> 
> Don't switch VLANs.  Or, ensure that the machine has the same IP
> address on both vlans.
> 

If you're running Windoze XP then what I had to do in the past is macauth the machine \
1st which  places the client in the correct vlan and has an IP address assigned to \
it. About 30 or 40 seconds after the user logs in via the windoze dialogue box the \
dot1x auth happens. Make sure a successful user auth places the machine in the same \
vlan as the mac auth. This ensures the client keeps the same IP address and \
everything works otherwise you get vanishing desktops when the client switches vlans

Win 7 does single signon so just configure it for user auth / single signon and  any \
AD connections only happen after a successful network authentication Rgds
A
> It seems that you're *also* switching IP addresses when you switch
> VLANs.  Because the Windows box doesn't know you switched VLANs, it
> doesn't know to renew it's IP address.
> 
> i.e. most people don't do this, because it doesn't work.  Use another
> method to control network access.  Or, ensure that the machine has the
> same IP address on both vlans.
> 
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]