Solved: Keep Odyssey wireless connected while doing log of...

l0stb0y_ · ‎01-16-2009

I doubt there is a way to do this, but I thought I'd check the same to be sure. Our helpdesk occasionally has to have users log off and back on to rejoin the domain or recache their workstation credentials across VPN. They have realized that the Odyssey client's wireless connection dies when you do a log off. They would like it to stay persistent in the background. I know there are options for altering the Gina and also using a machine account but we can't use either because we already have an encryption program in the Gina and the users who have this problem are working remotely so there is nothing for the machine account to authenticate against. Any other options I may have missed or should I stick with my response that the user will need to find wired access?

Thanks,

Rob

aronow_ · ‎01-19-2009

Rob,

We could do something called machine auth to desktop. You could run the machine account and that would run most of the time to their AP. Then you would use the Connection Settings you should try the option "After the user's desktop appears".

It sounds like you aren't doing 802.1x with their local AP, I'm guessing you are using wep or wpa or something with a pre-shared key (PSK). Thus, you could try this machine to desktop settings and see if that provides enough connectivity. The connection will still change from the machine settings to the desktop settings, even though they use the same settings. This is buy design, but doesn't effect your users much since you wouldn't be using "machine credentials" or "user credentials" with OAC, you are just using those settings in OAC to reflect the times you want different connections to come online.

If you want, you could talk to someone in JTAC about this configuration. I'm pretty sure we could make it work for you.

View solution in original post

aronow_ · ‎01-16-2009

Even with machine auth, your machine would disconnect you from the user session and re-auth with the machine credentials.

Now as far as gina modules go, there are some GINA modules that OAC can chain together with.

That said, I'm not sure I understand the functionality you are hoping to achieve. If this is a home user, and they are logging off of their workstation, then why are you looking to have the wireless stay online? If they have no access to your corporate network while they logoff, then what is the point of having network access when they aren't logged in?

Does the VPN start at machine time? Did you know that OAC can chain together with some GINA modules?

l0stb0y_ · ‎01-19-2009

The main functionality our helpdesk wants is occasionally a user messes up their cached credentials on their workstation. These users work remotely and their connection process is to get on an ISP and then on VPN. Many of the users use Odyssey and wireless to get on the ISP.

The process used to restore the cached account is to have the user log on with a local admin account, connect to the wireless, connect to the VPN, and then log off. If everything stays connected in the background (the Dell wireless client used to) when the user logs on it is the same as the user logging on in the office because they are already connected and allows them to rebuild their profile.

ItÍs not the end of the world if this isnÍt possible. We donÍt want to alter the Gina even if it can be chained.

Thanks,

Rob

aronow_ · ‎01-19-2009

Rob,

We could do something called machine auth to desktop. You could run the machine account and that would run most of the time to their AP. Then you would use the Connection Settings you should try the option "After the user's desktop appears".

It sounds like you aren't doing 802.1x with their local AP, I'm guessing you are using wep or wpa or something with a pre-shared key (PSK). Thus, you could try this machine to desktop settings and see if that provides enough connectivity. The connection will still change from the machine settings to the desktop settings, even though they use the same settings. This is buy design, but doesn't effect your users much since you wouldn't be using "machine credentials" or "user credentials" with OAC, you are just using those settings in OAC to reflect the times you want different connections to come online.

If you want, you could talk to someone in JTAC about this configuration. I'm pretty sure we could make it work for you.

l0stb0y_ · ‎01-20-2009

Thanks! I'll look into the machine auth to desktop options. I wasn't aware you could do machine auth without using 802.1x.

Rob

aronow_ · ‎01-20-2009

Rob,

Glad I could help, let me know how that goes.

Yeah, its a bit misleading because the section is labeled Machine Auth, and it is designed around doing 802.1x, but it can do any type of auth OAC can handle. So you should be able to add your AP statically or to an auto-scan list and have OAC try to connect at the machine auth time, even though it won't actually be doing machine auth.

Basically, we will just be taking advantage of the fact that the we need OAC to associate to a network without being connected in a user context.

Keep Odyssey wireless connected while doing log off?

Keep Odyssey wireless connected while doing log off?

Re: Keep Odyssey wireless connected while doing log off?

Re: Keep Odyssey wireless connected while doing log off?

Re: Keep Odyssey wireless connected while doing log off?

Re: Keep Odyssey wireless connected while doing log off?

Re: Keep Odyssey wireless connected while doing log off?

Re: Keep Odyssey wireless connected while doing log off?