Solved: Re: macbook pro and wireless

HUGH LANCASTER · ‎02-10-2014

Windows 2008 rw with Certificate server and NPS, Windows client connect no problem. Cisco 1252 AP's, Cisco 2106 controllers

I have installed certificates on the Macbook pro's and can connect to the wireless -wpa2, peep, etc. Two problems I am experiecing. 1- I cannot login from the macbook with active directory users credentials. Looking at the top-right of the mac screen, no wireless connection. I can login with local user account and connect to the internet everytime; however, sometime I cannot connect to the windows server - mapped home directories, smb://encsd5/data5/Shared, I have these mapping setup under "connect to server". Any ideas! Is it a windows problem or a wireless issue. What logs do I need to be observing?? Thanks for any help!

Scott Fella · ‎02-17-2014

The issue with shared folders depends on if the device has joined to the wireless prior to the device trying to connect to the shared using login scripts. Your login scripts will fail to map a drive if the machine hasn't joined the wireless. This is why machine authentication works better than PEAP (AD credentials). With machine authentication, the device will connect to the wireless and then the user is prompted for their login. This way when the login scripts run, they will be able to connect to the share.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎02-10-2014

Hugh,

I have no issues with 802.1x PEAP with my MacBook Pro connecting to my home network nor any of my customers. I don't have to install any certain either. The share might be both a windows and Mac problem. I have seen some people complain about this in the past, but I have been able to have shared folder connect fine from MacBook but to a NAS not a windows server.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

HUGH LANCASTER · ‎02-10-2014

Can you login with AD credentials? Any suggestions on how to troubleshoot this. My windows client connnect with no issues.

Scott Fella · ‎02-10-2014

Yes I can! I run an AD at home and my iPad and iPhones also use AD credentials. The best thing to look at is the radius server logs.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

HUGH LANCASTER · ‎02-10-2014

As you can see, I connecting. However, I cannot login with AD credentials. I must first login with mac account. Another thing, NPS displays PrintShop4 and I am signing in with printshop2. ???

Network Policy Server granted access to a user.

User:

Security ID: ENCSD\PrintShop4

Account Name: printshop4

Account Domain: ENCSD

Fully Qualified Account Name: ENCSD\printshop4

Client Machine:

Security ID: NULL SID

Account Name: -

Fully Qualified Account Name: -

OS-Version: -

Called Station Identifier: c0-7b-bc-96-15-60:WLC

Calling Station Identifier: 14-10-9f-db-31-83

NAS:

NAS IPv4 Address:

NAS IPv6 Address: -

NAS Identifier: Cisco_e2:31:60

NAS Port-Type: Wireless - IEEE 802.11

NAS Port: 1

RADIUS Client:

HUGH LANCASTER · ‎02-10-2014

I see why I NPS is showing Printshop 4. Assistant logged into the wireless network as printshop4. I removed and now logged in as printshop2. Now if I can figure out how to login with AD credentials.

Scott Fella · ‎02-10-2014

When you create the wireless profile in a MacBook you choose WPA2-Enterprise. It will then ask for your AD credentials when connecting to it the first time. Try putting just the username and password or the domain\username.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

HUGH LANCASTER · ‎02-10-2014

I deleted and re-created the user wpa2 enterprise and have internet access. Also, previously the computer account was not still under computers in AD so I moved it to the printshop account. Now at the login I see wireless active. I then login but not seeing printshop directory. I go to "connect to server" select smb://encsd3/data/printshop connect and get error "there is a problem connecting to the server"encsd3".

Have NPS radius client for each controller, have connection request policy for each controller. Conditions: NAS IPv4 Address ( create one for each controller, NAS Port Type Wireless - IEEE 802.11 or Wireless -Other

Network Polices: Windows Groups : Encsd\Domain Users or Encsd\Domain computers

NAS Port Type: wireless -IEEE 802.11 or Wireless- other

NAS IPv4 Address : ip address for each controller

Scott Fella · ‎02-10-2014

If you have network access then the WLC and radius are fine. Getting to a windows share from a Mac might be the issue you have their.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎02-10-2014

How does your policy on NPS look like?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

HUGH LANCASTER · ‎02-10-2014

Network Policy Server granted access to a user.

User:

Security ID: ENCSD\PrintShop2

Account Name: PrintShop2

Account Domain: ENCSD

Fully Qualified Account Name: ENCSD\PrintShop2

Client Machine:

Security ID: NULL SID

Account Name: -

Fully Qualified Account Name: -

OS-Version: -

Called Station Identifier: c0-7b-bc-96-15-60:WLC

Calling Station Identifier: 14-10-9f-db-31-83

NAS:

NAS IPv4 Address: 10.100.0.49

NAS IPv6 Address: -

NAS Identifier: Cisco_e2:31:60

NAS Port-Type: Wireless - IEEE 802.11

NAS Port: 1

RADIUS Client:

Client Friendly Name: WLC3

Client IP Address: 10.100.0.49

Authentication Details:

Connection Request Policy Name: Use Windows authentication for all users

Network Policy Name: WLC3

Authentication Provider: Windows

Authentication Server: ENCSD4.encsd.net

Authentication Type: PEAP

EAP Type: Microsoft: Secured password (EAP-MSCHAP v2)

Account Session Identifier: -

Logging Results: Accounting information was written to the local log file.

Quarantine Information:

Result: Full Access

Session Identifier: -

HUGH LANCASTER · ‎02-11-2014

I have rebooted several times and using "connect to server" I am able to map to the folders; however, not consistent. Sometime fails. Still not get wireless reception before login. If I could login the AD server upon reboot, may solve my problem.

Scott Fella · ‎02-11-2014

You will not get a wireless connection prior to login unless its a domain machine. Apple devices needs to fully come up and then it will join the SSID. You might want to take a look at this:

http://tinyurl.com/pvrxdby

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

HUGH LANCASTER · ‎02-11-2014

Thanks for the link but I can't open it.

Scott Fella · ‎02-11-2014

http://tinyurl.com/q5rhsq3

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***