802.1x User authentication with Single Sign On
Hi,
I got a problem with wireless single sign on in windows 7. Iam using PEAP with EAP-MSCHAP V2 to authenticate to 802.1x wireless then login to a domain using wireless SSO feature. But the issue is that it works only with cached
profiles. If a user login for the first time it shows the error there are currently no logon servers available". I think it couldn't connect to the wireless network because I saw this in event viewer:
A request was made to authenticate to a wireless network.
Subject:
Security ID:
Account Name: -
Account Domain: -
Logon ID: 0x0
Additional Information:
Reason Code: Unable to identify a user for 802.1X authentication (0x50001)
Error Code: 0x525
EAP Reason Code: 0x0
EAP Root Cause String:
EAP Error Code: 0x0
Event Xml:
But if I try to connect to the same network after logged on it works. And if I use "user authentication" and "save the credentials" instead of using SSO it works too. It seems that using user authentication with SSO doesn't
work as it is said in this thread "http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/cd4bb679-6412-45e1-b928-3a229cd217c4/" but in this article "http://technet.microsoft.com/en-us/magazine/2007.11.cableguy.aspx" is said
that we can use user authentication with sso "http://technet.microsoft.com/en-us/magazine/2007.11.cableguy.aspx"
Could someone help.
thanks.
April 10th, 2013 7:02pm
Do you have your single sign on configured to authenticate to the network before it tries to login? Do you have any certificate that needs to be on the machine?Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
How to ask a question that is fixable.
Free Windows Admin Tool Kit Click here and download it now
April 10th, 2013 11:00pm
Yes it is before. I marked to not validate certificate. PS.: I'm using Freeradius.
April 11th, 2013 1:00am
My experience has been that the certificate will have to be on the machine for the user to be able to connect. The method that we had to use to get our phones on our wifi network was save the cert. Import it into the phone and then try and connect.
I suspect that will continue to be a prerequisite :(Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
How to ask a question that is fixable.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2013 1:29am
Hi I decided to use computer login without sso, now it's working. Thanks for the help anyway.
April 12th, 2013 8:22pm