Security, WIDS/WIPS and Aruba ECS

Reply
New Contributor

Authenticated Computer - Unahenticated user closes the channel

In the situation where we have a domain registered Computer, andlogs on with local administrator instead of a domain user, the channel/port is open for about 5 minutes. If no domain user is logged on during that time period, access to the network is closed. I'm unable to find what causes this behaviour, and where I can change the settings. Anyone to point me in the right direction?

Regards Stein
Guru Elite

Local Administrator


In the situation where we have a domain registered Computer, andlogs on with local administrator instead of a domain user, the channel/port is open for about 5 minutes. If no domain user is logged on during that time period, access to the network is closed. I'm unable to find what causes this behaviour, and where I can change the settings. Anyone to point me in the right direction?

Regards Stein




If you have your laptops automatically submit the credentials of the user who logs into the laptop, these credentials are sent to a radius server where they are authenticated by the domain. If you login with a local administrator's username and password, that account is not normally in the domain, so the user will fail authentication and be disconnected.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Authenticated Computer - Unahenticated user closes the channel

What you're describing Colin is quite correct. What I'm looking for is the mechanism that gives me several minutes to logon with another (domain) user BEFORE I'm disconnected. I sort of get ut to 5 minutes "grace" time to provide another login after logging in with local administrator.

best regards, Stein
Guru Elite

Login After


What you're describing Colin is quite correct. What I'm looking for is the mechanism that gives me several minutes to logon with another (domain) user BEFORE I'm disconnected. I sort of get ut to 5 minutes "grace" time to provide another login after logging in with local administrator.

best regards, Stein




There is a parameter called "automatically use Windows Logon name and password" in the wireless profile. You can uncheck this temporarily while you are logged in locally to put in your own username and password..


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Authenticated Computer - Unahenticated user closes the channel

I'll try to rephrase the question:
On Aruba controllers, what makes the controller reauthenticate the user after the computers has been successfully validated. As long as the computer is validated, which setting do require the validation of user as well and how do I control how long the grace period before an authenticated user is logged on will be.

bear with me, it's not always easy to get the question right the first time,

Stein
Guru Elite

Reauthenticate


I'll try to rephrase the question:
On Aruba controllers, what makes the controller reauthenticate the user after the computers has been successfully validated. As long as the computer is validated, which setting do require the validation of user as well and how do I control how long the grace period before an authenticated user is logged on will be.

bear with me, it's not always easy to get the question right the first time,

Stein




By default, Windows will authenticate a user at logon via wireless 802.1x. If a user fails authentication, the previous session will be dropped, period. It is the Windows station that control this portion of it, not Aruba.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Authenticated Computer - Unahenticated user closes the channel

Thanks a lot for pointing this out for me. I thought the was the controller itself that demanded the extra logon. :)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: