3 Replies Latest reply on Apr 7, 2014 8:19 AM by levi

    How to setup Machine Level Authentication via Wireless Domain Network using NV160s

    tincg_cw New Member

      I seem to recall from my Bluesocket training a term called "machine level" authentication.  Basically, this was setting up a wireless network in such a way that domained machines would have the necessary access to domain resources during boot up but prior to user login.  It is my understanding that network shares and group policy updates don't typically get pushed out to domained machines when they boot up while on a wireless connection.  The client doesn't complete the association to the remembered wireless AP until after the computer boots and the user logs in.

       

      Currently, I have several similar small business offices where we deploy a NV3448 router along with a couple NV160s.  The NV3448 is the controller of the NV160s.  The NV160s are performing a wireless bridging function of the wireless devices to the data network.  In most of these circumstances, the wireless network is part of the same broadcast domain as the wired network.  Currently we are just implementing "security mode wpa tkip aes-ccmp psk passkey"

       

      Since the Microsoft DC (typically 2008 R2 or now we have a few on 2012) is aware of the domained devices, it is my understanding that things can be setup to allow this "machine level" authentication to occur which grants domained only workstations/laptops access.  This is typically some sort of basic level domain access just so it can gain the necessary GP updates and access to shared resources. I realize that many other resources will not be granted until the user authenticates at login.

       

      My questions:

       

      1. Is this a very common problem?

      2. If so, then is machine level authentication a viable answer?

      3. How does machine level authentication work and can I easily implement in the situation described?

      4. When using machine level authentication, how does wireless link encryption get deployed/setup?

       

      Thank you!