Forum

I am running aironet access points with Cisco ACS as the radius and a Windows server for the Root CA. I am using PEAP w/ user certificates which are automatically pushed to any computers that are on the Domain. Ideally a user should be able to boot-up a Laptop and log onto the Domain/Wireless with just the intitial Windows logon. However, this solution is running at a school, so if a student grabs a Laptop that they have never logged onto before this solution does not work. When the student tries to logon they get the error message that "they are unable to logon because the domain cannot be reached". I am assuming that this is because there is not a local profile for that user on that machine so therefore the certificate does not exist yet and cannot exist untill that user has logged onto the domain from that machine by plugging into the network. Is there any way around this? I want to try and stay away from machine authentication because I need to be able to look into the controller and see who is connected to the wireless.