Security

Reply
Occasional Contributor II

802.1x - Windows Password Issue

Helloexperts,

 

We are using 802.1x authentication and it works fine. 

 

Some users have laptops and desktops, sometimes they change the password using the wireless network, other use the wired network.

 

When passwords are changed using the wireless network, everything works fine, but when passwords are changed through the wired network, some problems occur.

 

To login again on laptops users must enter the old password, only after the login, the new password is requested again and the users have access to wireless network.

 

The machines of the users are a mix of Windows XP, Vista and 7.

 

Anyone had this problem?

 

Is there anything I can do to solve this problem?

 

Regards 

 

Thiago Araujo

Aruba

Re: 802.1x - Windows Password Issue

It sounds as though you have your laptops setup to only use user authentication, and not machine authentication.   If I am wrong, ignore this long winded explanation.....

 

What I mean by that is that when the user changes the password on a desktop, then goes over to a laptop, the laptop is not on the wireless network yet....so when they log in (CTRL+ALT+DEL) they are logging into the laptop with cached credentials.  The reason for this is b/c the laptop is not on the wireless network at the time of user login and can't talk to a domain controller to use the new password.  Then, once logged in, the wireless kicks in and requests their new updated password.  

 

I'd suggest you look at enabling machine authentication on the laptops.   You don't have to use the "enforce machine authentication" within the dot1x profile if you don't want to, but you should look at the wireless settings on the Windows clients to allow for either user or machine (will show up as host\computername in the user table).    If you do this, you'll need to make sure your Radius solution supports machine authentication and that are not doing EAP termination on the controller. 

 

I've attached a screenshot of the Windows 7 configuration option.  This is something you can push out with Group Policy if you desire.    By allowing the computers to authenticate, you also get the benefit of group policy application at login and logon scripts/etc.

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II

Re: 802.1x - Windows Password Issue

Hi clembo, 

 

Thanks for your explanation.

 

I'll check this informations and try these settings.

 

I think this is an OS limitation, but I'm trying to work around this problem somehow.

 

 

Occasional Contributor II

Re: 802.1x - Windows Password Issue

OK have you gave it a try , I am still facing issue and looking for Some soluction.

Re: 802.1x - Windows Password Issue


MK_1707 wrote:

OK have you gave it a try , I am still facing issue and looking for Some soluction.


probably a better idea to start a new thread and provide some more info on your setup and issue.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: