locked
Wireless Network Access using Windows Authentication Design RRS feed

  • Question

  • 

    Hi,

    I am trying to use domain account in a one way forest trust setup for wireless network access. Please comment on this design, thank you!



    • Edited by Jerry Lim Thursday, September 26, 2013 4:45 AM
    Thursday, September 26, 2013 4:43 AM

Answers

  • Hi Jerry,

    In theory, it might be work on network layer. However, I am not sure if it work with one way trust.

    Personally, it’s better to test the design in a lab before deploy it.

    Best regards,

    Alex Du


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    • Proposed as answer by Susie Long Monday, October 7, 2013 4:56 AM
    • Marked as answer by Susie Long Tuesday, October 8, 2013 1:33 AM
    Friday, September 27, 2013 9:53 AM

All replies

  • Hi,

    Thank you for your post.

    Since we haven’t test an environment similar to this design before, it’s hard for us to comment on this design.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thanks for your understanding.

    Best regards,

    Susie

    Friday, September 27, 2013 2:22 AM
  • Hi Jerry,

    In theory, it might be work on network layer. However, I am not sure if it work with one way trust.

    Personally, it’s better to test the design in a lab before deploy it.

    Best regards,

    Alex Du


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    • Proposed as answer by Susie Long Monday, October 7, 2013 4:56 AM
    • Marked as answer by Susie Long Tuesday, October 8, 2013 1:33 AM
    Friday, September 27, 2013 9:53 AM
  • Hi Susie,

    Appreciate the help. In addition, domain A and domain B are on different network. 1 group of client login directly to domain B and the other group of client login to domain A.

    Thank you!

    Regards, Jerry

    Monday, September 30, 2013 9:31 AM
  • Thanks Alex for the advice!

    I will test the one-way forest trust out, hopefully the wireless client is able to able to authenticate via domain B user account. I will post the result after conducting the test.

    Thank you!

    Regards, Jerry

    Thursday, October 17, 2013 4:03 AM
  • Hi Alex,

    I have setup and tested the solution. The result show that the Network Policy Server is able to authenticate with a designated security group in domain A.  However for domain B I am getting a error system event logged, Event ID 4402 — NPS and Domain Controller Communication http://technet.microsoft.com/en-us/library/dd316140(v=ws.10).aspx

    This result show that the Network Policy Server is trying to authenticate the windows account of domain B against domain B instead authenticating via of domain A, even with domain B designated security group added as a member of domain A security group.

    Hence can I conclude that the Network Policy Server require communication to both the local and trusting domain B to authenticate with both domains through ports from this reference http://support.microsoft.com/kb/179442/en-us#method3

    Thank you!

    Regards, Jerry




    • Edited by Jerry Lim Saturday, December 7, 2013 4:15 AM
    Saturday, December 7, 2013 4:13 AM