Security

Reply
Contributor I
Posts: 26
Registered: ‎11-15-2013

Windows 7 long login times

Hi,

 

I have been testing using enforce machine auth vs disabling enforce machine auth.  The login times vary from 30 seconds to 1 minute.  Probably stupid question, but is this by design?  On our wired network we just have comp auth.  The wireless is using computer or user auth.  When at the Ctrl+alt+delete screen, the computer does authenticate from the radius server.

 

 

Guru Elite
Posts: 8,178
Registered: ‎09-08-2010

Re: Windows 7 long login times

Few questions:

 

  • EAP-TLS or EAP-PEAP/MSCHAPv2 ?
  • Are you using ClearPass?
  • Are you restricting access in your machine authentication role?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 26
Registered: ‎11-15-2013

Re: Windows 7 long login times

EAP-PEAP/MSCHAPv2

No, we do not have clearpass

 

We have a domain-computer role which includes logon-control (dns, dhcp, icmp) and (allow domain controller) policy which gives full access to the domain controllers.

Contributor I
Posts: 26
Registered: ‎11-15-2013

Re: Windows 7 long login times

Ok, you had me think.  I added allowall to the domain-computer policy -- and that did the trick.  Now only took 5 seconds compared to 1min 18 seconds.

Guru Elite
Posts: 8,178
Registered: ‎09-08-2010

Re: Windows 7 long login times

Generally slow logon times mean something is being blocked.

 

Just to test, can you change that role to have an allowall and see if it speeds up?

 

If so, remove the allowall and then use the "show datapath session table <client-ip> | include D" command to see what is being blocked during the logon process.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: