Windows Clients Loosing Authentication to Domain while on 802.1x WLAN but still able to access Internet

  • 1
  • Question
  • Updated 2 years ago
We have a SmartZone 100 with aprox. 100 AP's (R700, R500) spread throughout 40 locations.  We have a WLAN setup for internal laptops that uses 802.1x radius authentication in proxy mode to a Windows 2012 server for access.

We are seeing many laptops where the user will be connected and working fine and when they to go print or access the file shares they are getting a Windows credential popup and even when entering their correct info they can't connect to the resource.  We've found that turning off/on the wireless on the laptop will reconnect and sometimes we have to do a full reboot.

When this happens they are still connected to the WLAN and can access the Internet.

We just switched to Ruckus from stand alone Cisco AP's using the same radius server and never had this happen on Cisco.  I've been through the radius setup docs from Ruckus and everything appears to be correct.  

I checked the logs from an AP that the client was connected to I don't find anything of value that would lead me in the right direction.

Anyone had this happen to them?  
Photo of Wes Stack

Wes Stack

  • 3 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Eizens Putnins

Eizens Putnins

  • 107 Posts
  • 42 Reply Likes
Hi,
For my understanding, this are 2 entirely different things -- access to WLAN and access to printers or shares.
What you see in  Ruckus logs, is authentication, which is going through ruckus proxy to Radius, which efficiently just checks if user exists in AD and is entitled to access WLAN. When this is checked, user is connected to network and farther communication with AD goes through network ( to access printer or share), not through Ruckus Radius proxy. Another communication through RADIUS happens only when reauthentication time comes and anyway it has nothing to do with Windows share access.
So you have to look on domain controller logs and PC logs, not on SZ logs. Problems with communication with AD may be related to some limitations (filtering,  routing, packet loss and so on), or specific WLAN settings. So for starters, check that if you can access domain controller when have problems with printing...
Probably your network setup changed in comparison with what you had with  stand-alone Cisco APs, look there...
Hope it helps...