Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

macbook pro and wireless

Windows 2008 rw with Certificate server and NPS, Windows client connect no problem. Cisco 1252 AP's, Cisco 2106 controllers

I have installed certificates on the Macbook pro's and can connect to the wireless -wpa2, peep, etc. Two problems I am experiecing. 1- I cannot login from the macbook with active directory users credentials. Looking at the top-right of the mac screen, no wireless connection. I can login with local user account and connect to the internet everytime; however, sometime I cannot connect to the windows server  - mapped home directories, smb://encsd5/data5/Shared, I have these mapping setup under "connect to server". Any ideas! Is it a windows problem or a wireless issue. What logs do I need to be observing??     Thanks for any help!   

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

macbook pro and wireless

The issue with shared folders depends on if the device has joined to the wireless prior to the device trying to connect to the shared using login scripts.  Your login scripts will fail to map a drive if the machine hasn't joined the wireless.  This is why machine authentication works better than PEAP (AD credentials).  With machine authentication, the device will connect to the wireless and then the user is prompted for their login.  This way when the login scripts run, they will be able to connect to the share. 

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
29 REPLIES
Hall of Fame Super Silver

Re: macbook pro and wireless

Hugh,

I have no issues with 802.1x PEAP with my MacBook Pro connecting to my home network nor any of my customers. I don't have to install any certain either. The share might be both a windows and Mac problem. I have seen some people complain about this in the past, but I have been able to have shared folder connect fine from MacBook but to a NAS not a windows server.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: macbook pro and wireless

Can you login with AD credentials? Any suggestions on how to troubleshoot this. My windows client connnect with no issues.

Hall of Fame Super Silver

Re: macbook pro and wireless

Yes I can! I run an AD at home and my iPad and iPhones also use AD credentials. The best thing to look at is the radius server logs.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: macbook pro and wireless

As you can see, I connecting. However, I cannot login with AD credentials. I must first login with mac account. Another thing, NPS displays PrintShop4 and I am signing in with printshop2. ???

Network Policy Server granted access to a user.

User:

Security ID: ENCSD\PrintShop4

Account Name: printshop4

Account Domain: ENCSD

Fully Qualified Account Name: ENCSD\printshop4

Client Machine:

Security ID: NULL SID

Account Name: -

Fully Qualified Account Name: -

OS-Version: -

Called Station Identifier: c0-7b-bc-96-15-60:WLC

Calling Station Identifier: 14-10-9f-db-31-83

NAS:

NAS IPv4 Address:

NAS IPv6 Address: -

NAS Identifier: Cisco_e2:31:60

NAS Port-Type: Wireless - IEEE 802.11

NAS Port: 1

RADIUS Client:

New Member

Re: macbook pro and wireless

I see why I NPS is showing Printshop 4. Assistant logged into the wireless network as printshop4. I removed and now logged in as printshop2. Now if I can figure out how to login with AD credentials.

Hall of Fame Super Silver

Re: macbook pro and wireless

When you create the wireless profile in a MacBook you choose WPA2-Enterprise. It will then ask for your AD credentials when connecting to it the first time. Try putting just the username and password or the domain\username.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: macbook pro and wireless

I deleted and re-created the user wpa2 enterprise and have internet access. Also, previously the computer account was not still under computers in AD so I moved it to the printshop account. Now at the login I see wireless active. I then login but not seeing printshop directory. I go to "connect to server" select smb://encsd3/data/printshop connect and get error "there is a problem connecting to the server"encsd3".

Have NPS radius client  for each controller, have connection request policy for each controller. Conditions: NAS IPv4 Address ( create one for each controller, NAS Port Type Wireless - IEEE 802.11 or Wireless -Other

Network Polices: Windows Groups : Encsd\Domain Users or Encsd\Domain computers

NAS Port Type: wireless -IEEE 802.11 or Wireless- other

NAS IPv4 Address : ip address for each controller

Hall of Fame Super Silver

Re: macbook pro and wireless

If you have network access then the WLC and radius are fine. Getting to a windows share from a Mac might be the issue you have their.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: macbook pro and wireless

How does your policy on NPS look like?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: macbook pro and wireless

Network Policy Server granted access to a user.

User:

Security ID: ENCSD\PrintShop2

Account Name: PrintShop2

Account Domain: ENCSD

Fully Qualified Account Name: ENCSD\PrintShop2

Client Machine:

Security ID: NULL SID

Account Name: -

Fully Qualified Account Name: -

OS-Version: -

Called Station Identifier: c0-7b-bc-96-15-60:WLC

Calling Station Identifier: 14-10-9f-db-31-83

NAS:

NAS IPv4 Address: 10.100.0.49

NAS IPv6 Address: -

NAS Identifier: Cisco_e2:31:60

NAS Port-Type: Wireless - IEEE 802.11

NAS Port: 1

RADIUS Client:

Client Friendly Name: WLC3

Client IP Address: 10.100.0.49

Authentication Details:

Connection Request Policy Name: Use Windows authentication for all users

Network Policy Name: WLC3

Authentication Provider: Windows

Authentication Server: ENCSD4.encsd.net

Authentication Type: PEAP

EAP Type: Microsoft: Secured password (EAP-MSCHAP v2)

Account Session Identifier: -

Logging Results: Accounting information was written to the local log file.

Quarantine Information:

Result: Full Access

Session Identifier: -

New Member

Re: macbook pro and wireless

I have rebooted several times and using "connect to server" I am able to map to the folders; however, not consistent. Sometime fails. Still not get wireless reception before login. If I could login the AD server upon reboot, may solve my problem.

Hall of Fame Super Silver

macbook pro and wireless

You will not get a wireless connection prior to login unless its a  domain machine.  Apple devices needs to fully come up and then it will  join the SSID.  You might want to take a look at this:

http://tinyurl.com/pvrxdby

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

macbook pro and wireless

Thanks for the link but I can't open it.

Hall of Fame Super Silver

macbook pro and wireless

http://tinyurl.com/q5rhsq3

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

macbook pro and wireless

Windows machine that is joined to the domain has to authenticate using machine authentication.  This allows the device to login to the wireless prior to getting the login screen.  This doesn't work with non windows machines.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

macbook pro and wireless

Just reboot. Have not applied the fix from the link. Tells me authentication has failed. Under network wireless is on but "network name" displays no network selected. Looking at the NPS server logs, not seeing any attempt to authenticate. Could this be in issue with the mac and controller. I am going enable logging on the contoller. Again thanks for your help!

Hall of Fame Super Silver

macbook pro and wireless

Hugh,

The Mac can only login to the wireless when the OS is fully up.  Can you post your show run-config attach it as a text file so the thread isn't so huge.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

macbook pro and wireless

Getting this error:

AAA Authentication Failure for UserName:PrintShop2  User Type: WLAN USER

Seems everytime I add the radius client for controller 10.100.0.49 I have issues.

For radius client I have WLC -10.100.0.39, WLC2 - 10.100.0.46, 10.100.0.49 and password for all are the same

For each NPS client I added a connection request policy name

secure wireless connection- NAS Port Type Wireless-Other or Wireless IEEE 802.11, NAS IPv4 10.100.0.49

wlc2- NAS Port Type Wireless-Other or Wireless IEEE 802.11, NAS IPv4 10.100.0.46

WLC3 - NAS Port Type Wireless-Other or Wireless IEEE 802.11, NAS IPv4 10.100.0.49

Network Policies-

WLC- Windows Group domain user or computers, NAS Port Type Wirelesss-IEEE 802.11 or Wirelss- other

NAS IPv4 Address 10.100.0.39

For Each Contraints - Peep

How do I attach the log I created?

Hall of Fame Super Silver

macbook pro and wireless

Hugh,

Export your NPS configuration and email or PM that to me.  I'm thinking its your setup some how.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

macbook pro and wireless

Hey Scott,

Did you get my email with the NPS attachment? On the NPS server for WLC3 under "connection request policies/Conditions, I removed NAS IPv4 Address 10.100.0.49 and under "network access policies" I removed NAS IPv4 address 10.100.0.49. After that I am now able to conect. Maybe I need to have just one Connection request policy and one Network Policy??

Hall of Fame Super Silver

Re: macbook pro and wireless

Did you email it or PM? I didn't get it on my work email which is listed in my profile.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: macbook pro and wireless

Scott,

Looking at you profile, I see option to PM but no option for linking an attachment?

Hall of Fame Super Silver

macbook pro and wireless

Just PM'd you my email.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

macbook pro and wireless

Replied to your email with attachment. Thanks

Hall of Fame Super Silver

macbook pro and wireless

Give me a few to review it.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

Re: macbook pro and wireless

Scott,

Still same old problem. From the macbook, sometimes I can connect sometimes I can't. Also, it has something to do with wireless because I can connect and stay connected on the ethernet side. Thanks

Hall of Fame Super Silver

Re: macbook pro and wireless

Let me review your email

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: macbook pro and wireless

Scott,

Sent you an email. Things are looking better. Appears to be more consistent accessing server. I noticed upon login, in user profile, login items, I have a shared folder (printshop) on a windows 2003 server that fails to automatically map to that server. I have a shared folder on a windows 2008 server , it maps automatically. However, I can force it map by go/ connect to server/ smb://encsd3/encsd.net/data/PrintShop and clicking connect.

Hall of Fame Super Silver

macbook pro and wireless

The issue with shared folders depends on if the device has joined to the wireless prior to the device trying to connect to the shared using login scripts.  Your login scripts will fail to map a drive if the machine hasn't joined the wireless.  This is why machine authentication works better than PEAP (AD credentials).  With machine authentication, the device will connect to the wireless and then the user is prompted for their login.  This way when the login scripts run, they will be able to connect to the share. 

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
658
Views
0
Helpful
29
Replies
CreatePlease to create content