PC's that log in before they are plugged into lan don't authenticate

[RGPEC]

Hi All,

I seem to be observing that most of our laptops don't authenticate - I suspect this is because users are plugging them in or connecting to wifi after logging in.

I was going to contact support regarding this issue but I thought I may as well mention it on the forums first as this must be happening to other people.

To be honest I don't really understand the logon script, but I've noticed this section:

Quote:

Originally Posted by Logon Script

If WScript.Arguments.Count = 1 Then
ServerName = WScript.Arguments.Item(0)
Else
ServerName = "192.168.2.230"

So under some circumstance (Wscript.Arguments.Count=1) it would be using WScript.Arguments.Item(0) for the server name instead of the correct value 192.168.2.230

I haven't got a clue what would cause this circumstance, and what the substituted server value would be - wondering if changing to force the correct server name could help?

[sky-knight]

I've had to retrain my users. If they aren't connected when they log in the backup script for their stations doesn't fire. I want that data, so the default rack has only enough internet to let them get AV definitions and windows updates. If they want to get to the real world, they have to re-authenticate.

Another option is to use the captive portal.

[proactivens]

yeah, go for captive portal.

[RGPEC]

Many thanks for the replies, but sorry I have to say that doesn't sound like the most elegant solution - I could tell most of our users that they must plug in first, but we have a few directors who insist on using wifi despite all our protests.

Also unfortunately I work in an envoironment where the needs of the IT dept carry no weight, all that matters is keeping very poorly skilled users happy - I know the captive portal would get too many complaints and would have to be turned off. (The only way I got approval for funding for ut after months of trials and propositions was when the md saw much spam this could reduce!) Retraining our users isn't an option in my opinion as there is a significant number of them that haven't got a clue about how to do what they need to, forget learn stuff to please the it dept!

Therefore I need something transparent to the end user - surely there must be a way of getting these to automatically authenticate?

I've read on here of a directory connector app someone made, would this be likely to yield better results?

[WaLshy11]

So do your users login to a domain? (Im assuming so since your using the login script).

If this be the case, you can enable a option in the GPO that doesnt allow users to logon, unless they have network connection (more specifically, have a connection to the domain controller). This should allow the script run properly when they login, because there will be a proper network connection.

[sky-knight]

There is another solution... but it isn't automatic.

The AD connector script is most commonly deployed via AD. The script itself is simply running in a loop in the background.

Now, the AD scripts won't run unless the machine is on the domain at the point of login, because they are run directly out of the sysvol share on the directory controller.

I don't know how good you are at shell scripting, but it is quite possible to get the client to download the vbs script to a local directory and execute it from there. But to get the client to do this on boot, the client itself must have a local copy, and be directed to launch the script via it's normal startup routine.

If you did this properly the wifi enabled laptops would be running the script all the time. And after connecting to the network would update Untangle automatically. Of course, this all assumes they have access to the IP address / hostname in the script that gets to Untangle.

I honestly feel for you, personally I can't work in such conditions. That's why I work for myself. I'd be telling people with that little foresight to take a hike.

[RGPEC]

@ walshy - that isn't possible because users wouldn't be able to use their laptops on the move, and I am responsible for around 12 building sites, we often loose comms or have people interfere with wiring so that would cause way too much disruption.

@ sky-night, many thanks for the suggestion. When I was testing untangle, that is pretty much what I did - to place the logon script on each pc and use gpedit.msc to run the script on boot. That probably explains why I had no authentication issues while testing. Genius, thanks a million!

[sky-knight]

If you're going to run it locally you might consider shortening the delay between updates. There will be a lag time between when the client is connected, and before the script cycles. Until that script clues Untangle in as to who the user is... you can't use the user for access control.

So if your network works like mine where the default rack has limited access... they won't have any real internet connectivity until the script runs.

Then again I guess you could just tell them to log out and back in again. :P Or reboot... So many ways to get around misguided management if you get creative.

[RGPEC]

Thanks for the comments sky-night - this is the one area I've had limited success in training my users - I've got it in most of their heads that this fixes 99% of problems

Quote:

Originally Posted by sky-knight

Then again I guess you could just tell them to log out and back in again. :P Or reboot...