Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 22, 2010, 11:55 AM   #1
fibrizo
macrumors 6502
 
Join Date: Jan 2009
Using Macbook pro when I'm not supposed to in windows world

I apologize in advance if this isn't the right place for this topic.

Anyways at work, they do not allow Macs, only IT approved PCs. While it is against protocol, I just added a wireless router to the network jack that one of the pcs was connected to, and I connected my mac wirelessly and could use the internet and do work as I saw fit.

I know that it's against IT policies, if you plan to just lecture me, I already know lol.

The issue I'm having is that recently they've upgraded the internet security on the network. So If I sign in on the windows PC (network login) the internet on that PC works fine (it's connected to the router that gives me wifi) When I connect my mac to the ethernet line or via wifi, I can't access the internet, but I can load up intranet pages just fine, so it's connected to the network and can get access, but can't connect to the actual internet. It's the same with another windows PC that has a generic login (not to network) it will access the intranet but not the internet.

I suspect I need to authenticate somewhere with my user name and password, but I have no idea where to start.

Is what I am wanting to do impossible?
fibrizo is offline   0 Reply With Quote
Old Jul 22, 2010, 12:02 PM   #2
belvdr
macrumors 68040
 
Join Date: Aug 2005
There are so many things that could cause this; it's impossible to troubleshoot without intimate knowledge of the network.

You should really concentrate on just using your approved equipment.
belvdr is offline   0 Reply With Quote
Old Jul 22, 2010, 02:16 PM   #3
InfoSecmgr
Guest
 
Join Date: Dec 2009
Location: Ypsilanti, Michigan
Quote:
Originally Posted by fibrizo View Post
I apologize in advance if this isn't the right place for this topic.

Anyways at work, they do not allow Macs, only IT approved PCs. While it is against protocol, I just added a wireless router to the network jack that one of the pcs was connected to, and I connected my mac wirelessly and could use the internet and do work as I saw fit.

I know that it's against IT policies, if you plan to just lecture me, I already know lol.

The issue I'm having is that recently they've upgraded the internet security on the network. So If I sign in on the windows PC (network login) the internet on that PC works fine (it's connected to the router that gives me wifi) When I connect my mac to the ethernet line or via wifi, I can't access the internet, but I can load up intranet pages just fine, so it's connected to the network and can get access, but can't connect to the actual internet. It's the same with another windows PC that has a generic login (not to network) it will access the intranet but not the internet.

I suspect I need to authenticate somewhere with my user name and password, but I have no idea where to start.

Is what I am wanting to do impossible?
I'm not trying to lecture you, but as a tech manager and IAM (information assurance manager) I can tell you that they will find the rogue wireless point at some time in the near future. I understand that IT departments often have BS rules, etc etc. I would just try to find a solution that doesn't involve wireless. However, you are playing in a dangerous area where you can be terminated. Companies don't like having unauthorized IS's (information systems) in their buildings. People like to launch attacks that way. Anyway, companies usually control network access by MAC address, you wouldn't be able to logon anyway, even if you had a username and password.

Of course being an IAM I don't officially endorse trying to bypass the rules, etc
InfoSecmgr is offline   0 Reply With Quote
Old Jul 22, 2010, 02:33 PM   #4
bukalemun
macrumors member
 
Join Date: Jul 2010
Your IT department most probably started using MAC (Media access control) address authentication to enable only trusted PCs to access the internet. As every networking device has a MAC address that's unique to them, there is not much to do unless you find a way to imitate the MAC address of your PC on your Mac. If you can find a way to do it, a new problem will arise, which is your PC and Mac cannot coexist on the same network.
bukalemun is offline   0 Reply With Quote
Old Jul 22, 2010, 03:07 PM   #5
mr0c
macrumors regular
 
Join Date: Jul 2010
Location: Virginia, US
maybe there's a network proxy?

i know my new work requires one to view external pages (my old work had direct internet access, so no silly proxies or routing).
mr0c is offline   0 Reply With Quote
Old Jul 22, 2010, 09:03 PM   #6
fibrizo
Thread Starter
macrumors 6502
 
Join Date: Jan 2009
Quote:
Originally Posted by bukalemun View Post
Your IT department most probably started using MAC (Media access control) address authentication to enable only trusted PCs to access the internet. As every networking device has a MAC address that's unique to them, there is not much to do unless you find a way to imitate the MAC address of your PC on your Mac. If you can find a way to do it, a new problem will arise, which is your PC and Mac cannot coexist on the same network.
I'm actually pretty sure they do not. Simply because the 2 computers in the back (which had not been updated properly to sign onto the windows network) can't get internet access either, but can access the intranet.

Also if I connect my macbook right to a ethernet jack, It hands me an ip normally and I can access the intranet web pages, but not things offsite. Also the router is cloning the MAC of a working PC that it is connected to, and it makes no difference. There may be something regarding a proxy I have to authenticate to however. Any idea where I might check on the working windows PCs to find out?

If it was mac filtering, I should be able to connect and get an ip right? (as far as my rudimentary understanding goes)

Thanks for the help/info so far guys, Any other ideas?

Last edited by fibrizo; Jul 22, 2010 at 09:11 PM.
fibrizo is offline   0 Reply With Quote
Old Jul 22, 2010, 09:11 PM   #7
fibrizo
Thread Starter
macrumors 6502
 
Join Date: Jan 2009
Quote:
Originally Posted by InfoSecmgr View Post
I'm not trying to lecture you, but as a tech manager and IAM (information assurance manager) I can tell you that they will find the rogue wireless point at some time in the near future. I understand that IT departments often have BS rules, etc etc. I would just try to find a solution that doesn't involve wireless. However, you are playing in a dangerous area where you can be terminated. Companies don't like having unauthorized IS's (information systems) in their buildings. People like to launch attacks that way. Anyway, companies usually control network access by MAC address, you wouldn't be able to logon anyway, even if you had a username and password.

Of course being an IAM I don't officially endorse trying to bypass the rules, etc
Hehe, I would love to have a competent IT guy like you. Ours are unfortunately... well let's just say not the brightest bulbs.

Thank you for the concern though, even if I could run a Cat5 cable into the room to use it, (old old building built around 1890s-1900...) I still have the same issue as currently. ie I connect to the network but I can't get internet access even though it assigns me an IP and I can access intranet websites... because I need to figure out where I need to authenticate to get to the internet.

I'm rather skeptical they would terminate me, rather just be annoyed an report me to my superiors (who feel the same way about the IT people... who incidentally got upset when we purchased(with our own personal funds) our own more reliable printer and installed it... because they had to come by to bolt it down lol)
fibrizo is offline   0 Reply With Quote
Old Jul 22, 2010, 11:37 PM   #8
Les Kern
macrumors 68030
 
Les Kern's Avatar
 
Join Date: Apr 2002
Location: Alabama
don't be surprised if you are out of work after they find out. I'm an IT director, and you would be gone before your hard drive spun down to a stop. Brutal, but honest.
Les Kern is offline   0 Reply With Quote
Old Jul 23, 2010, 09:18 AM   #9
belvdr
macrumors 68040
 
Join Date: Aug 2005
Quote:
Originally Posted by Les Kern View Post
don't be surprised if you are out of work after they find out. I'm an IT director, and you would be gone before your hard drive spun down to a stop. Brutal, but honest.
Same here. We had someone bring down an entire building due to them recabling at their desk.

Again, I say just use the equipment you are approved to use. If you don't like it, quit and find a job that lets you use a Mac.
belvdr is offline   0 Reply With Quote
Old Jul 23, 2010, 11:44 AM   #10
CorporateFelon
macrumors regular
 
Join Date: Oct 2007
Location: Boston, MA
Quote:
Originally Posted by belvdr View Post
Same here. We had someone bring down an entire building due to them recabling at their desk.

Again, I say just use the equipment you are approved to use. If you don't like it, quit and find a job that lets you use a Mac.
Is your network that fragile?
CorporateFelon is offline   0 Reply With Quote
Old Jul 23, 2010, 12:17 PM   #11
Frosties
macrumors 6502a
 
Join Date: Jun 2009
Macs pollute windows networks with files every time you open something in finder. You are on a countdown. And opening up the entire network with your wireless access point is just that a reason to be terminated. I know I would kick you out.
Frosties is offline   0 Reply With Quote
Old Jul 23, 2010, 12:18 PM   #12
belvdr
macrumors 68040
 
Join Date: Aug 2005
Quote:
Originally Posted by CorporateFelon View Post
Is your network that fragile?
All networks are that fragile. Sure you can put in some preventative measures and we have, but sometimes things slip through. Also when you inherit a network that you don't fully control, things happen.
belvdr is offline   0 Reply With Quote
Old Jul 23, 2010, 01:09 PM   #13
fibrizo
Thread Starter
macrumors 6502
 
Join Date: Jan 2009
Well it's really no big deal. I can always Wimax it to do whatever I need to do anyways. I was just wondering, and hoping to gain a better understanding.

Again. I have stated before, it doesn't quite work like it does in the real world for business. I'm actually hoping that with the merger we get real IT people working on the stuff, as the other campus I'm on, actually has wireless, real security, and uses macs as well. (That entity is in the process of taking over operations). Thanks for all your concern.

If they really want to be concerned about security breaches, they'd actually set up the computers so all the dang secretaries couldn't download random crap and 100x toolbars that load on malware onto the computers and networks
fibrizo is offline   0 Reply With Quote
Old Jul 23, 2010, 02:28 PM   #14
jdstelljes
macrumors newbie
 
Join Date: Jul 2008
Location: Las Vegas, NV
If adding 1 mac to an office network can take down the whole network then I would say the IT moron should be fired, not the guy who plugged in a mac. I hear so much rediculous tripe from IT people its astounding how un-real world they are, and that any business can run efficently with some of these stupid rules.
__________________

24" iMac 2.8 GHz, 2 GB RAM, 16 GB iPhone 3G, 15"MBP 4GB RAM, Quad-Core G5, Airport Extreme, TV, Apogee Duet, Logic Studio, Razer DeathAdder Mac Edition, iLife09, iWork09, 10.6
jdstelljes is offline   0 Reply With Quote
Old Jul 23, 2010, 02:33 PM   #15
ChaosAngel
macrumors member
 
Join Date: Sep 2005
Location: UK
Quote:
Originally Posted by mr0c View Post
maybe there's a network proxy?

i know my new work requires one to view external pages (my old work had direct internet access, so no silly proxies or routing).
That would be my guess. Check your Internet Settings on your work machine for a proxy server or PAC file (it is probably being applied by GPO). You should then be able to add the correct proxy/port on your Mac.

This is however a complete guess and without additional information regarding your works network it is impossible to be accurate.
__________________
LifeinTECH
ChaosAngel is offline   0 Reply With Quote
Old Jul 23, 2010, 03:06 PM   #16
Makosuke
macrumors 603
 
Join Date: Aug 2001
Location: The Cool Part of CA, USA
Quote:
Originally Posted by jdstelljes View Post
If adding 1 mac to an office network can take down the whole network then I would say the IT moron should be fired, not the guy who plugged in a mac.
Actually, I'm pretty sure people were saying that doing bad, unauthorized things to get around network restrictions can bring down a network, not a Mac specifically. While a Mac may be secure, if the connected device is not, or if it opens a point of attack inside the firewall, it could at the very least flood the network with traffic or max out the Internet uplink, if not try and do something more harmful. Or start broadcasting untoward DHCP packets, which can cause all manner of unhappiness (that's a common one when people misconfigure network sharing).

The IT guys can shut such a device down, but it's still annoying at minimum, harmful at worst. At a small company, with relatively simple network hardware, it can be even harder to deal with.
Makosuke is offline   0 Reply With Quote
Old Jul 23, 2010, 03:56 PM   #17
WrQth
macrumors member
 
Join Date: Jul 2010
Sounds like internet access is determined at the user level not machine level which would explain why on your computer using your log in you can get to the internet where as on the 2 computers in the back that are using generic logins only get to the intranet. Why not the internet and just the intranet you ask well that is simple the internet is there people do back things along with connecting hardware that can violate compliance with legal regulations when they shouldn't and the intranet is controled content that everyone in the company should be able to view so why create additional security to control the internal site that is assumed to be safe from deviants.
WrQth is offline   0 Reply With Quote
Old Jul 23, 2010, 06:49 PM   #18
wlh99
macrumors 6502
 
Join Date: Feb 2008
First thing, your wireless router probably has a port marked "WAN" or "Internet". When connected to a business network most people mistakenly connect that to the business network. Don't do that. All connections, to the wall, and to the computers need to be on the LAN side of the router. Don't plug anything into the WAN port.

Second, make sure DHCP is turned of on your wireless router.

Third, Macs don't always play well on PC networks. You might need IT's help to create a machine account on the domain controller or otherwise allow it.

But, most likely the first suggestion will fix it. I've seen that many times and the symptom is just what you describe, you can see the internal network, but not the internet.

The obligitory lecture (from an IT manager)
Many companies will terminate an employee on the spot no questions asked for installing a wireless router. Bringing in the Mac is a slap on the wrist, but the router is a very serious offense at many places. Then again, many places have an IT policy some attorney wrote and don't care what you do.
__________________
Warren Holybee
wlh99 is offline   0 Reply With Quote
Old Jul 23, 2010, 10:19 PM   #19
Mike Reed
macrumors regular
 
Join Date: Apr 2010
Location: Columbus, OH
Is there a particular reason you wish to use your Mac on the network? If it enables you to perform duties more efficiently than the provided computers you should let those responsible know why.

A general purpose IT department should be responsible for protecting company assets as well as enabling employees to work efficiently. If they are only focusing on half of the equation then they aren't really doing their job. Try and focus on the problem you are having, such as not having appropriate software to perform your job effectively instead of the solution (i.e. using your mac) when communicating with them. It's their job to leverage their knowledge and experience toward a solution.

Now that all the touchy-feely junk is out of the way, I freaking hate IT departments. My job isn't to worry about security, it's to get things done. Their job is to make our systems secure enough that I can't do anything remotely productive or useful toward getting things done. Am I exaggerating? Probably. Is it hypocritical of me to take an me vs. them stance while accusing them of the exact same thing. Absolutely. Do I care? Nope. :P
Mike Reed is offline   0 Reply With Quote
Old Jul 24, 2010, 04:51 AM   #20
SidBala
macrumors 6502a
 
Join Date: Jun 2010
Where I work, bringing macs or any personal laptops can get someone into a lot of trouble.
SidBala is offline   0 Reply With Quote
Old Jul 24, 2010, 06:48 AM   #21
belvdr
macrumors 68040
 
Join Date: Aug 2005
Quote:
Originally Posted by wlh99 View Post
First thing, your wireless router probably has a port marked "WAN" or "Internet". When connected to a business network most people mistakenly connect that to the business network. Don't do that. All connections, to the wall, and to the computers need to be on the LAN side of the router. Don't plug anything into the WAN port.
Since you cannot enable a DHCP server on the WAN port, why would you want to bypass that? Additionally, by plugging the LAN ports to the wall, your wall port may become disabled if bpduguard is enabled. This won't happen if you use the WAN/Internet port.
belvdr is offline   0 Reply With Quote
Old Jul 24, 2010, 09:06 AM   #22
Les Kern
macrumors 68030
 
Les Kern's Avatar
 
Join Date: Apr 2002
Location: Alabama
Quote:
Originally Posted by CorporateFelon View Post
Is your network that fragile?
Nope, but it's MY network, not his.
Les Kern is offline   0 Reply With Quote
Old Jul 25, 2010, 11:06 AM   #23
satcomer
macrumors 601
 
satcomer's Avatar
 
Join Date: Feb 2008
Location: Upstate NYS
Wow just wow. You now it's people like you that there is these bad rules in place on your work network. This is a HUGE firing offense and you have just signed your own termination notice!

Stop now before someone sees you!
__________________
Mac Pro Dual 2.8 Quad(Rev B.), 16 G RAM, OS X 10.9, 23'' LCD
Mac Book Pro Core 2 Duo 2.16Ghz, SuperDrive, 2G RAM, OS X 10.7.5
iPad 3, 32 black
satcomer is offline   0 Reply With Quote
Old Jul 25, 2010, 11:27 AM   #24
Winni
macrumors 68030
 
Winni's Avatar
 
Join Date: Oct 2008
Location: Germany.
Quote:
apologize in advance if this isn't the right place for this topic.

Anyways at work, they do not allow Macs, only IT approved PCs. While it is against protocol, I just added a wireless router to the network jack that one of the pcs was connected to, and I connected my mac wirelessly and could use the internet and do work as I saw fit.

I know that it's against IT policies, if you plan to just lecture me, I already know lol.

The issue I'm having is that recently they've upgraded the internet security on the network. So If I sign in on the windows PC (network login) the internet on that PC works fine (it's connected to the router that gives me wifi) When I connect my mac to the ethernet line or via wifi, I can't access the internet, but I can load up intranet pages just fine, so it's connected to the network and can get access, but can't connect to the actual internet. It's the same with another windows PC that has a generic login (not to network) it will access the intranet but not the internet.

I suspect I need to authenticate somewhere with my user name and password, but I have no idea where to start.

Is what I am wanting to do impossible?

You, sir, are going to spend a lot of time on monster.com very soon.

But honestly, you should find yourself another job anyway - a place with such restrictions simply cannot be a fun place to work.

In any case, you should buy a UMTS/3G USB dongle with contract for your MacBook and be completely independent from any company network. But they still might not like the fact that you bring in your own computer to work. After all, you might be stealing company data or whatever other paranoid BS they might have in mind.

If you want to come to Germany, we're currently hiring. ;-)
__________________
Coming soon: http://endnacht.de.
Winni is offline   0 Reply With Quote
Old Jul 25, 2010, 02:17 PM   #25
northerngit
macrumors member
 
Join Date: Jul 2007
Location: England
Quote:
Originally Posted by fibrizo View Post
I'm actually pretty sure they do not. Simply because the 2 computers in the back (which had not been updated properly to sign onto the windows network) can't get internet access either, but can access the intranet.

Also if I connect my macbook right to a ethernet jack, It hands me an ip normally and I can access the intranet web pages, but not things offsite. Also the router is cloning the MAC of a working PC that it is connected to, and it makes no difference. There may be something regarding a proxy I have to authenticate to however. Any idea where I might check on the working windows PCs to find out?

If it was mac filtering, I should be able to connect and get an ip right? (as far as my rudimentary understanding goes)

Thanks for the help/info so far guys, Any other ideas?
Given you mention "old compuetrs" not on the Windows domain, I would suggest they are using an ISA firewall, tied to Windows domain authentication. Either that, or RADIUS authentication via AD to an edge device restricting outbound traffic.

If so, they'll be logging - probably by default. One day, probably by accident, they'll see unauthorised access attempts...
northerngit is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Macbook Pro applecare world wide? ramzijw MacBook Pro 3 Jan 14, 2014 11:56 PM
What is a macbook pro meant/supposed to be used for? Jameson.Kusch MacBook Pro 22 Oct 30, 2013 09:29 AM
Is the mid-2012 MacBook Pro supposed to supply firewire bus power in sleep mode? Super Macho Man MacBook Pro 0 May 19, 2013 11:48 AM
Study: The MacBook Pro with Boot Camp is the world’s most reliable Windows PC AutoUnion39 Windows, Linux & Others on the Mac 4 Apr 27, 2013 08:03 PM
Macbook Pro - Cheapest in the World? GoldMan MacBook Pro 28 May 31, 2012 10:51 PM

Forum Jump

All times are GMT -5. The time now is 07:57 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC