Controllerless Networks

Reply
Occasional Contributor II

802.1x Auth Accounts expired

I have a customer that is using an Aruba IAP solulution with a Microsoft NPS server doing 802.1x authentication. The wireless profiles on the end users decices are set to "Automatically use the windows Creds"  They are having issues when account password expires. Users arent able to log in via wireless and change their passwords. I have the NPS server set to allow passwords to be changed but it is not prompting them.  Users have to then plug in using a LAN connection to change their passwords and then all is well.  That is a good work around except for the few users that have Microsoft Surfaces as they do NOT have a LAN port.  I really do not want the users to have to forget their wireless profile and reset them up.  Any other options? 

Re: 802.1x Auth Accounts expired

Do you have machine authentication configured as well? You need to allow Domain Computers to Authenticate so that the machine can have access to the LAN to allow the User to change their credentials.


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: 802.1x Auth Accounts expired

I do not - How would I set that up ?

Re: 802.1x Auth Accounts expired

Hey, this should help :)

 

http://community.arubanetworks.com/t5/Controller-less-WLANs/Can-we-do-machine-authentication-in-Aruba-Instant/ta-p/181242


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: 802.1x Auth Accounts expired

I have Machine Auth turned on for the SSID and enforcing Machine Auth with the Machine Auth only and the User Auth only set to the same SSID profile.  Wondering if that was correct or ?   We tried logging into a Domain PC with credentials from a user that hasnt logged into the PC before and we get a "The username and password is incorrect. Try agian" 

 

***I was able to get this to login now on a Windows 7 machine now and change the password.  However on the Microsoft surfaces with users that have never logged into the device before we are unable to get it to log in with the same error as above. 

Re: 802.1x Auth Accounts expired

Do those surface machines have a domain account? Or a wireless profile where you can set computer vs user logon?

Sent from my iPhone

ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: