Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

fibrizo

macrumors 6502
Original poster
Jan 23, 2009
411
5
I apologize in advance if this isn't the right place for this topic.

Anyways at work, they do not allow Macs, only IT approved PCs. While it is against protocol, I just added a wireless router to the network jack that one of the pcs was connected to, and I connected my mac wirelessly and could use the internet and do work as I saw fit.

I know that it's against IT policies, if you plan to just lecture me, I already know lol.

The issue I'm having is that recently they've upgraded the internet security on the network. So If I sign in on the windows PC (network login) the internet on that PC works fine (it's connected to the router that gives me wifi) When I connect my mac to the ethernet line or via wifi, I can't access the internet, but I can load up intranet pages just fine, so it's connected to the network and can get access, but can't connect to the actual internet. It's the same with another windows PC that has a generic login (not to network) it will access the intranet but not the internet.

I suspect I need to authenticate somewhere with my user name and password, but I have no idea where to start.

Is what I am wanting to do impossible?
 

belvdr

macrumors 603
Aug 15, 2005
5,945
1,372
There are so many things that could cause this; it's impossible to troubleshoot without intimate knowledge of the network.

You should really concentrate on just using your approved equipment.
 

InfoSecmgr

Guest
Dec 31, 2009
324
0
Ypsilanti, Michigan
I apologize in advance if this isn't the right place for this topic.

Anyways at work, they do not allow Macs, only IT approved PCs. While it is against protocol, I just added a wireless router to the network jack that one of the pcs was connected to, and I connected my mac wirelessly and could use the internet and do work as I saw fit.

I know that it's against IT policies, if you plan to just lecture me, I already know lol.

The issue I'm having is that recently they've upgraded the internet security on the network. So If I sign in on the windows PC (network login) the internet on that PC works fine (it's connected to the router that gives me wifi) When I connect my mac to the ethernet line or via wifi, I can't access the internet, but I can load up intranet pages just fine, so it's connected to the network and can get access, but can't connect to the actual internet. It's the same with another windows PC that has a generic login (not to network) it will access the intranet but not the internet.

I suspect I need to authenticate somewhere with my user name and password, but I have no idea where to start.

Is what I am wanting to do impossible?

I'm not trying to lecture you, but as a tech manager and IAM (information assurance manager) I can tell you that they will find the rogue wireless point at some time in the near future. I understand that IT departments often have BS rules, etc etc. I would just try to find a solution that doesn't involve wireless. However, you are playing in a dangerous area where you can be terminated. Companies don't like having unauthorized IS's (information systems) in their buildings. People like to launch attacks that way. Anyway, companies usually control network access by MAC address, you wouldn't be able to logon anyway, even if you had a username and password.

Of course being an IAM I don't officially endorse trying to bypass the rules, etc ;)
 

bukalemun

macrumors regular
Jul 21, 2010
118
142
Your IT department most probably started using MAC (Media access control) address authentication to enable only trusted PCs to access the internet. As every networking device has a MAC address that's unique to them, there is not much to do unless you find a way to imitate the MAC address of your PC on your Mac. If you can find a way to do it, a new problem will arise, which is your PC and Mac cannot coexist on the same network.
 

mr0c

macrumors regular
Jul 5, 2010
112
4
Virginia, US
maybe there's a network proxy?

i know my new work requires one to view external pages (my old work had direct internet access, so no silly proxies or routing).
 

fibrizo

macrumors 6502
Original poster
Jan 23, 2009
411
5
Your IT department most probably started using MAC (Media access control) address authentication to enable only trusted PCs to access the internet. As every networking device has a MAC address that's unique to them, there is not much to do unless you find a way to imitate the MAC address of your PC on your Mac. If you can find a way to do it, a new problem will arise, which is your PC and Mac cannot coexist on the same network.

I'm actually pretty sure they do not. Simply because the 2 computers in the back (which had not been updated properly to sign onto the windows network) can't get internet access either, but can access the intranet.

Also if I connect my macbook right to a ethernet jack, It hands me an ip normally and I can access the intranet web pages, but not things offsite. Also the router is cloning the MAC of a working PC that it is connected to, and it makes no difference. There may be something regarding a proxy I have to authenticate to however. Any idea where I might check on the working windows PCs to find out?

If it was mac filtering, I should be able to connect and get an ip right? (as far as my rudimentary understanding goes)

Thanks for the help/info so far guys, Any other ideas?
 

fibrizo

macrumors 6502
Original poster
Jan 23, 2009
411
5
I'm not trying to lecture you, but as a tech manager and IAM (information assurance manager) I can tell you that they will find the rogue wireless point at some time in the near future. I understand that IT departments often have BS rules, etc etc. I would just try to find a solution that doesn't involve wireless. However, you are playing in a dangerous area where you can be terminated. Companies don't like having unauthorized IS's (information systems) in their buildings. People like to launch attacks that way. Anyway, companies usually control network access by MAC address, you wouldn't be able to logon anyway, even if you had a username and password.

Of course being an IAM I don't officially endorse trying to bypass the rules, etc ;)

Hehe, I would love to have a competent IT guy like you. Ours are unfortunately... well let's just say not the brightest bulbs.

Thank you for the concern though, even if I could run a Cat5 cable into the room to use it, (old old building built around 1890s-1900...) I still have the same issue as currently. ie I connect to the network but I can't get internet access even though it assigns me an IP and I can access intranet websites... because I need to figure out where I need to authenticate to get to the internet.

I'm rather skeptical they would terminate me, rather just be annoyed an report me to my superiors (who feel the same way about the IT people... who incidentally got upset when we purchased(with our own personal funds) our own more reliable printer and installed it... because they had to come by to bolt it down lol)
 

Les Kern

macrumors 68040
Apr 26, 2002
3,063
76
Alabama
don't be surprised if you are out of work after they find out. I'm an IT director, and you would be gone before your hard drive spun down to a stop. Brutal, but honest.
 

belvdr

macrumors 603
Aug 15, 2005
5,945
1,372
don't be surprised if you are out of work after they find out. I'm an IT director, and you would be gone before your hard drive spun down to a stop. Brutal, but honest.

Same here. We had someone bring down an entire building due to them recabling at their desk.

Again, I say just use the equipment you are approved to use. If you don't like it, quit and find a job that lets you use a Mac.
 

Frosties

macrumors 65816
Jun 12, 2009
1,079
209
Sweden
Macs pollute windows networks with files every time you open something in finder. You are on a countdown. And opening up the entire network with your wireless access point is just that a reason to be terminated. I know I would kick you out.
 

belvdr

macrumors 603
Aug 15, 2005
5,945
1,372
Is your network that fragile?

All networks are that fragile. Sure you can put in some preventative measures and we have, but sometimes things slip through. Also when you inherit a network that you don't fully control, things happen.
 

fibrizo

macrumors 6502
Original poster
Jan 23, 2009
411
5
Well it's really no big deal. I can always Wimax it to do whatever I need to do anyways. I was just wondering, and hoping to gain a better understanding.

Again. I have stated before, it doesn't quite work like it does in the real world for business. I'm actually hoping that with the merger we get real IT people working on the stuff, as the other campus I'm on, actually has wireless, real security, and uses macs as well. (That entity is in the process of taking over operations). Thanks for all your concern.

If they really want to be concerned about security breaches, they'd actually set up the computers so all the dang secretaries couldn't download random crap and 100x toolbars that load on malware onto the computers and networks :)
 

jdstelljes

macrumors newbie
Jul 12, 2008
9
0
Las Vegas, NV
If adding 1 mac to an office network can take down the whole network then I would say the IT moron should be fired, not the guy who plugged in a mac. I hear so much rediculous tripe from IT people its astounding how un-real world they are, and that any business can run efficently with some of these stupid rules.
 

ChaosAngel

macrumors member
Sep 29, 2005
91
15
UK
maybe there's a network proxy?

i know my new work requires one to view external pages (my old work had direct internet access, so no silly proxies or routing).

That would be my guess. Check your Internet Settings on your work machine for a proxy server or PAC file (it is probably being applied by GPO). You should then be able to add the correct proxy/port on your Mac.

This is however a complete guess and without additional information regarding your works network it is impossible to be accurate.
 

Makosuke

macrumors 604
Aug 15, 2001
6,661
1,242
The Cool Part of CA, USA
If adding 1 mac to an office network can take down the whole network then I would say the IT moron should be fired, not the guy who plugged in a mac.
Actually, I'm pretty sure people were saying that doing bad, unauthorized things to get around network restrictions can bring down a network, not a Mac specifically. While a Mac may be secure, if the connected device is not, or if it opens a point of attack inside the firewall, it could at the very least flood the network with traffic or max out the Internet uplink, if not try and do something more harmful. Or start broadcasting untoward DHCP packets, which can cause all manner of unhappiness (that's a common one when people misconfigure network sharing).

The IT guys can shut such a device down, but it's still annoying at minimum, harmful at worst. At a small company, with relatively simple network hardware, it can be even harder to deal with.
 

WrQth

macrumors member
Jul 23, 2010
89
11
Sounds like internet access is determined at the user level not machine level which would explain why on your computer using your log in you can get to the internet where as on the 2 computers in the back that are using generic logins only get to the intranet. Why not the internet and just the intranet you ask well that is simple the internet is there people do back things along with connecting hardware that can violate compliance with legal regulations when they shouldn't and the intranet is controled content that everyone in the company should be able to view so why create additional security to control the internal site that is assumed to be safe from deviants.
 

wlh99

macrumors 6502
Feb 7, 2008
272
0
First thing, your wireless router probably has a port marked "WAN" or "Internet". When connected to a business network most people mistakenly connect that to the business network. Don't do that. All connections, to the wall, and to the computers need to be on the LAN side of the router. Don't plug anything into the WAN port.

Second, make sure DHCP is turned of on your wireless router.

Third, Macs don't always play well on PC networks. You might need IT's help to create a machine account on the domain controller or otherwise allow it.

But, most likely the first suggestion will fix it. I've seen that many times and the symptom is just what you describe, you can see the internal network, but not the internet.

The obligitory lecture (from an IT manager)
Many companies will terminate an employee on the spot no questions asked for installing a wireless router. Bringing in the Mac is a slap on the wrist, but the router is a very serious offense at many places. Then again, many places have an IT policy some attorney wrote and don't care what you do.
 

Mike Reed

macrumors regular
Apr 3, 2010
182
26
Columbus, OH
Is there a particular reason you wish to use your Mac on the network? If it enables you to perform duties more efficiently than the provided computers you should let those responsible know why.

A general purpose IT department should be responsible for protecting company assets as well as enabling employees to work efficiently. If they are only focusing on half of the equation then they aren't really doing their job. Try and focus on the problem you are having, such as not having appropriate software to perform your job effectively instead of the solution (i.e. using your mac) when communicating with them. It's their job to leverage their knowledge and experience toward a solution.

Now that all the touchy-feely junk is out of the way, I freaking hate IT departments. My job isn't to worry about security, it's to get things done. Their job is to make our systems secure enough that I can't do anything remotely productive or useful toward getting things done. Am I exaggerating? Probably. Is it hypocritical of me to take an me vs. them stance while accusing them of the exact same thing. Absolutely. Do I care? Nope. :p
 

SidBala

macrumors 6502a
Jun 27, 2010
533
0
Where I work, bringing macs or any personal laptops can get someone into a lot of trouble.
 

belvdr

macrumors 603
Aug 15, 2005
5,945
1,372
First thing, your wireless router probably has a port marked "WAN" or "Internet". When connected to a business network most people mistakenly connect that to the business network. Don't do that. All connections, to the wall, and to the computers need to be on the LAN side of the router. Don't plug anything into the WAN port.

Since you cannot enable a DHCP server on the WAN port, why would you want to bypass that? Additionally, by plugging the LAN ports to the wall, your wall port may become disabled if bpduguard is enabled. This won't happen if you use the WAN/Internet port.
 

satcomer

Suspended
Feb 19, 2008
9,115
1,973
The Finger Lakes Region
Wow just wow. You now it's people like you that there is these bad rules in place on your work network. This is a HUGE firing offense and you have just signed your own termination notice!

Stop now before someone sees you!
 

Winni

macrumors 68040
Oct 15, 2008
3,207
1,196
Germany.
apologize in advance if this isn't the right place for this topic.

Anyways at work, they do not allow Macs, only IT approved PCs. While it is against protocol, I just added a wireless router to the network jack that one of the pcs was connected to, and I connected my mac wirelessly and could use the internet and do work as I saw fit.

I know that it's against IT policies, if you plan to just lecture me, I already know lol.

The issue I'm having is that recently they've upgraded the internet security on the network. So If I sign in on the windows PC (network login) the internet on that PC works fine (it's connected to the router that gives me wifi) When I connect my mac to the ethernet line or via wifi, I can't access the internet, but I can load up intranet pages just fine, so it's connected to the network and can get access, but can't connect to the actual internet. It's the same with another windows PC that has a generic login (not to network) it will access the intranet but not the internet.

I suspect I need to authenticate somewhere with my user name and password, but I have no idea where to start.

Is what I am wanting to do impossible?


You, sir, are going to spend a lot of time on monster.com very soon.

But honestly, you should find yourself another job anyway - a place with such restrictions simply cannot be a fun place to work.

In any case, you should buy a UMTS/3G USB dongle with contract for your MacBook and be completely independent from any company network. But they still might not like the fact that you bring in your own computer to work. After all, you might be stealing company data or whatever other paranoid BS they might have in mind.

If you want to come to Germany, we're currently hiring. ;-)
 

northerngit

macrumors member
Jul 16, 2007
80
0
England
I'm actually pretty sure they do not. Simply because the 2 computers in the back (which had not been updated properly to sign onto the windows network) can't get internet access either, but can access the intranet.

Also if I connect my macbook right to a ethernet jack, It hands me an ip normally and I can access the intranet web pages, but not things offsite. Also the router is cloning the MAC of a working PC that it is connected to, and it makes no difference. There may be something regarding a proxy I have to authenticate to however. Any idea where I might check on the working windows PCs to find out?

If it was mac filtering, I should be able to connect and get an ip right? (as far as my rudimentary understanding goes)

Thanks for the help/info so far guys, Any other ideas?

Given you mention "old compuetrs" not on the Windows domain, I would suggest they are using an ISA firewall, tied to Windows domain authentication. Either that, or RADIUS authentication via AD to an edge device restricting outbound traffic.

If so, they'll be logging - probably by default. One day, probably by accident, they'll see unauthorised access attempts...
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.