7 Replies Latest reply: Mar 6, 2010 4:52 PM by Jessie Escobedo RSS

Intel PROset Wireless Software

jvillarreal Community Member
Currently Being Moderated

I'm working on getting Pre-Logon Connect (PLC) working for our laptops but I'm running into issues in that it appears that I can only use logon windows credentials to establish the PLC connection.  We've been using the Windows wireless client because it will allow us to PLC using the computer credentials allowing the device to receive policies and updates prior to logon.  Does anyone know of a way to make the Intel PROset wireless software utilize the computer account rather than the user account?

  • 1. Re: Intel PROset Wireless Software
    tpgrec Community Member
    Currently Being Moderated

    Hello,

     

    I am happy to see you prefer using Intel® PROSet Wireless Network Connection Software and the Admin Tool. Could we please clarify a few questions before moving forward too quickly?

     

    • What authentication and encryption combination are you using?

    • Which Intel wireless adapter are you using?

    • Are you using the latest Intel PROSet software (11.5.1.2) and drivers?

    • Am I to correctly assume you are using Microsoft Windows* XP? If you migrate to Microsoft Windows Vista*, you will have to use the Native WiFi environment on that OS for PLC.

    • It appears you have already used both PLC and Persistent profiles. Is that true? You do know they can be used concurrently in one Admin Profile, correct? I will briefly define the terminology for the benefit of others who may not be aware. Much of this can be found in Help in the main menu and in the latest user guide: Intel® Wireless WiFi Link 4965AGN User Guide Re: Intel PROset Wireless Software.

      • Persistent profiles are applied at boot time or whenever no one is logged on the computer. After a user logs off, a Persistent profile maintains a wireless connection either until the computer is turned off or a different user logs on.

        • These profiles can be created as Persistent profiles:

          • All profiles that do not require 802.1x authentication (for example, Open authentication with WEP encryption, Open authentication with no encryption).

          • All profiles with 802.1x authentication that have the credentials saved: LEAP or EAPFAST.

          • Profiles with security settings that include the "Use the following user name and password" option.

          • Profiles that use the machine certificate to authenticate.

          • WPA-Enterprise profiles that do not use a user certificate.

          • WPA-Personal profiles.

      • Pre-logon/Common profiles are applied prior to a user log on. If Single Sign On support is installed, the connection is made prior to the Windows log on sequence (Pre-logon/Common).

        • These profiles can be created as Pre-logon/Common profiles:

          • 802.1x PEAP, TTLS or EAP-FAST profiles that use either the "Use Windows Logon user name and password" or "Use the following user name and password" credentials when configuring the profile's security settings.

          • LEAP profiles that use the "Prompt for the user name and password." Credentials when configuring the profile's security settings.

          • 802.1x PEAP or TTLS profiles with user or machine certificates (the user must have administrative rights to use machine certificates).

          • TLS profiles that use digital certificates to verify the identity of a client and a server.

          • EAP-SIM profiles that use a Subscriber Identity Module (SIM) card to validate credentials with the network.

          • All non-802.1x (Open and WEP) Common or User Based profiles.

    • Are you attempting to use Machine Authentication? If so, ensure each PC (machine) has only one machine certificate installed.

     

     

     

     

    Here is a quick example (see 2 file attachments should be clearer) of Intel PROSet configuration for a machine certificate:

     

     

     

    NOTE: Intel PROSet/Wireless supports machine certificates. However, they are not displayed in the certificate listings.

     

     

    Once machine certificates are loaded properly, you must add the ‘Local computer' Certificate Snap-in through the MMC (Start>Run>MMC>OK) to view them.

     

     

    1. Click File>Add/Remove Snap-in (Standalone tab)>Add>Certificates>Add>Computer Account>Next>Local Computer>Finish.

    2. Click OK on Add Remove Snap-in window.

    3. Look for certificate you installed from main Console window by expanding Console Root>Person>Certificates.

     

     

    I will await your reply before elaborating further. If this becomes too difficult and you need the issue escalated, I suggest you create a case through http://support.intel.com/.

     

     

     

     

     

     

     

     

    Regards,

     

     

     

    Tony

  • 2. Re: Intel PROset Wireless Software
    jvillarreal Community Member
    Currently Being Moderated
    • We are currently using PEAP and mixed mode WPA/WPA2 (TKIP/CCMP).  Our key management is being handled by 802.1x but on the advise of Cisco are beginning to explore using CCKM to manage.

    • This specific laptop has the 3945ABG card.

    • The software is 11.5.1.2 but my driver shows as 11.5.1.15

    • You are correct in the OS assumption.  We are currently using XP with no immediate plans to go to Vista.

     

    After reading your descriptions, I would think that our situation warrants using persistant profiles checking machine certifiactes.  I have ensured that there is only 1 certificate installed and that I have switched the dropdown to TLS as you've shown but it appears that I am not properly authenticating. 

     

    Does the answer your questions that you were looking for before you began further elaboration?

  • 3. Re: Intel PROset Wireless Software
    tpgrec Community Member
    Currently Being Moderated

     

    Comments on your responses:

     

    • We are currently using PEAP and mixed mode WPA/WPA2 (TKIP/CCMP). Our key management is being handled by 802.1x but on the advise of Cisco are beginning to explore using CCKM to manage.

      • Comment: Have you enabled CCKM within PROSet?  When creating the profile and configuring the Security Sections dialog, click 'Cisco Options' button and ensure you check the 'Allow Fast Roaming (CCKM)' checkbox.  Also verify the 'Enable Cisco Compatible Extensions' checkbox is selected.  Click OK.

    • This specific laptop has the 3945ABG card.

    • The software is 11.5.1.2 but my driver shows as 11.5.1.15

    • You are correct in the OS assumption. We are currently using XP with no immediate plans to go to Vista.

     

     

    After reading your descriptions, I would think that our situation warrants using persistant profiles checking machine certifiactes. I have ensured that there is only 1 certificate installed and that I have switched the dropdown to TLS as you've shown but it appears that I am not properly authenticating.

     

     

    Comment: 802.1X PEAP or TTLS profiles with user or machine certificates (the user must have administrative rights to use machine certificates).

     

     

    Does the answer your questions that you were looking for before you began further elaboration? Abuse

     

     

    Comment: Yes, thank you.

     

     

  • 4. Re: Intel PROset Wireless Software
    jvillarreal Community Member
    Currently Being Moderated
    • We are currently using PEAP and mixed mode WPA/WPA2 (TKIP/CCMP).
           Our key management is being handled by 802.1x but on the advise of
           Cisco are beginning to explore using CCKM to manage.

      • Comment: Have you enabled CCKM within PROSet? When creating
                  the profile and configuring the Security Sections dialog, click 'Cisco
                  Options' button and ensure you check the 'Allow Fast Roaming (CCKM)'
                  checkbox. Also verify the 'Enable Cisco Compatible Extensions' checkbox
                  is selected. Click OK.

      • Response: Yes.  I have enabled and am able to connect utilizing CCKM when I use a username/password to connect.

    • This specific laptop has the 3945ABG card.

    • The software is 11.5.1.2 but my driver shows as 11.5.1.15

    • You are correct in the OS assumption. We are currently using XP with no immediate plans to go to Vista.

     

    After reading your descriptions, I would think that our situation

    warrants using persistant profiles checking machine certifiactes. I

    have ensured that there is only 1 certificate installed and that I have

    switched the dropdown to TLS as you've shown but it appears that I am

    not properly authenticating.

     

     

     

    Comment: 802.1X PEAP or TTLS profiles with user or machine

    certificates (the user must have administrative rights to use machine

    certificates).

    Response: You say the user must have administrative right to use

    a machine certificate.  How would it be possible in a persistant

    connection situation, before a username is entered, for an unknown

    potential user to have the correct administrative level to utilize a

    machine certificate?  Or, asking again, how does an unknown user have

    administrative rights?

     

     

    Does the answer your questions that you were looking for before you began further elaboration?

     

     

    Comment: Yes, thank you.

     

     

  • 5. Re: Intel PROset Wireless Software
    tpgrec Community Member
    Currently Being Moderated

     

    Hello Jordan,

     

     

    I have created an Intel case for this issue.  An email will follow shortly.  We can terminate this blog session.

     

     

    Thank you,

     

     

    Tony

     

     

  • 6. Re: Intel PROset Wireless Software
    itsagiven Community Member
    Currently Being Moderated

    What was the solution to this problem?  We are having the exact same problem?

  • 7. Re: Intel PROset Wireless Software
    Currently Being Moderated

    I am having almost the same issue where I cannot use persistent profile due to the fact we are usng WPA2/AES and PEAP, with certificates.  Our desktop support requires the capablility to connect if the user has logged off.  According to your documentation, we are not able to do so.  We are using version 12.4.4.0

More Like This

  • Retrieving data ...