Wireless laptops on domain

Discussion in 'Windows Small Business Server' started by TRD, Feb 24, 2005.

  1. TRD

    TRD Guest

    I was asked to connect 4 laptops to an SBS2003 network. I installed an
    second network card in the server and created a DMZ in which the laptops get
    an IP address from. I setup a VPN connection on each laptop to connect to
    the internal network and then joined each to the domain. The laptops show up
    on the domain and the VPN tunnels connect fine. My problem is when I try and
    access resources on the SBS2003 server I get an access denied error. All the
    users are setup in the remote users group and can access the network when
    cabled to the network fine. I was thinking that it was a permission issue
    but am not sure because they can access the resources from other computers
    in the cabled network. Any Ideas?

    TIA

    TRD
     
    TRD, Feb 24, 2005
    #1
    1. Advertisements

  2. TRD

    Court Myers Guest

    Why not just install a WAP (wireless acess point)? We have been doing it
    for almost a year and it has work beautifully..

    Court Myers
     
    Court Myers, Feb 24, 2005
    #2
    1. Advertisements

  3. TRD

    TRD Guest

    The Laptops are Wireless. They are joined to the domain but are on a
    wireless segment. The laptops are receiving IP addresses from the DMZ and
    establishing a VPN tunnel back into the network fine. They are unable to
    open any shares on the domain. There usernames Authenticate fine for both
    logging onto the domain and the VPN. They just get an access denied error
    when trying to open shares.

    This is where I think I confused you...sorry bout that. For testing purposes
    I took each username and logged onto a computer wired to the internal
    network, from there the user accounts worked fine (ie. was able to access
    the shared folders).

    I used a seperate segment for the wireless network and vpn tunnels back to
    the server for security reasons. This was the fastest and cleanest way to
    set it up (so I thought).

    Does that clear up your questions. Thanks for your help and if I left
    something else out let me know.


    TRD
     
    TRD, Feb 24, 2005
    #3
  4. TRD

    Jeff Teel Guest

    Hi TRD
    This is just my opinion but the fastest/easiest way to me would be to plug
    the WAP into a switch on the LAN side with your other wired network hardware
    and be sure to secure the WAP with the options that are on the Access Point
    (such as WPA instead of WEP) if that is available on the AP. Also turn off
    SSID broadcast and enable MAC Address filtering. With this setup the clients
    can't tell the difference from being wired or wireless...they work the same
    either way. If they can connect to the AP they will have the same
    permissions as they do when the connect with a wired connection.

    My experience has been good with wireless links (which are just two Access
    Points with outside antenna pointing towards each other) to two remote
    offices set this way. When I installed the Small Business Server I didn't
    have to change the wireless links any.
     
    Jeff Teel, Feb 25, 2005
    #4
  5. TRD

    TRD Guest

    Thanks for the feed back. I am adding the mobile users group to the shares
    and security tabs as suggested. We should see what happens pretty soon. As
    for the post from Jeff. I have setup a lab using WPA and I had a noticable
    drop in wireless performance that way. That is why I chose to go this route.
    What APs are you using so for future reference I can try it?
     
    TRD, Feb 25, 2005
    #5
  6. TRD

    TRD Guest

    Adding the mobile users group to the permissions and security tabs did not
    work. I was able to log on as the domain admin on the laptops and had no
    problems with permissions. One of the user accounts that I am working with I
    gave domain admin rights to and it still can't access resources. Anyone know
    why the domain admin account would work and not a user account that was
    assigned to the domain admins group?????

    TRD
     
    TRD, Feb 25, 2005
    #6
  7. TRD

    Jeff Teel Guest

    Currently I am using Linksys AP's. Two are WAP11's and two are WAP54g's. The
    WAP11's are still using WEP since Linksys has decided not to do any firmware
    upgrades to those units. The WAP54G's are using WPA and I have not noticed
    any speed drops that would be worth going back to WEP. It may be different
    when accessing the AP with a PC card though which I don't do very often.
    Again......the WAP11 is talking to another WAP11 for one bridge and the
    WAP54 is talking to another WAP54 for the other bridge to the remote
    offices.
     
    Jeff Teel, Feb 25, 2005
    #7
  8. TRD

    TRD Guest

    Ok....Here is what I have found out. I have tried all the above suggestion
    still same problem. I have 4 laptops on a wireless segment in a DMZ between
    the firewall and the LAN. The Laptops are joined to the domain and connect
    via a vpn connection back to the LAN. The VPN connection and Logon process
    executes without any problems even runs the logon scripts. The users once
    connected seem to be able to access network resources for about 5 minutes
    and then it is like someone has disabled their user accounts. The VPN
    connections are still active but they are unable to access any resources on
    the network. When I browse out to the server I can see the users share, but
    I am only able to see about 4 of the 11 user directories in there. How come
    the other user folders don't show up????
    If I run ICW in the management tool I can have the users re-logon and then
    they work for a few minutes again. I also have a database that these clients
    connect to and even when the laptops can't access the shares the clients can
    still access this database using ODBC. I am at a loss here. I am using a
    Linksys WRT54G. I am not using the WAN port on it. The line connecting the
    WAP to the DMZ is connected to one of the LAN ports on it. I have also
    Disabled the firewall on the laptops to take that out of the equation.
    Anyone else have an Idea??


    TRD
     
    TRD, Feb 26, 2005
    #8
  9. TRD

    Jeff Teel Guest

    Am I understanding correctly that you are using the second NIC where say
    your Internet data would come into the server as a place to plug the access
    point in for the wireless clients? Also.....are you using ISA on your SBS?
    I'm trying to get a mental picture of how you have things setup.

    What does ipconfig /all look like from the wireless clients and the server>
     
    Jeff Teel, Feb 26, 2005
    #9
  10. TRD

    TRD Guest

    Firewall LAN IP is 192.168.50.254 Plugged into the firewall is both the WAP
    at 192.168.50.2 and the 2nd NIC on the server at 192.168.50.1 the server is
    not running ISA just the windows firewall on the server that is configured
    during ICW. I will let you know what the laptops Ipconfig is on Monday.
    Thanks again for your help.
     
    TRD, Feb 27, 2005
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.