Wireless Access

last person joined: 8 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

If a user is unable to change their AD password while they are on WiFi network.

This thread has been viewed 3 times

  • 1.  If a user is unable to change their AD password while they are on WiFi network.

    Posted Mar 16, 2016 04:28 PM

    So a customer is using 3200 controller version 6.3.1.20 and they are doing user based authentication.

    The issue is that if the user is on wiFi and their active directory password is going to expire they cannot change their network AD password when they are connecetd via their corporate WiFi.

    Also, if a user has changed their password on a desktop and then bring their laptop back to the office they can’t log onto the laptop with their new password until the laptop is plugged into the network and new password is uploaded on log on.

    I was wondering is there are any controller configuration that might affect this or cause this behaviour. 

    Does this have anything to do with their WiFi configuratoions or it is their AD issue ? 

     



  • 2.  RE: If a user is unable to change their AD password while they are on WiFi network.

    Posted Mar 16, 2016 04:37 PM
    Are you doing machine authentication on the wireless profile on the Windows the device ?

    Sent from Outlook for iPhone


  • 3.  RE: If a user is unable to change their AD password while they are on WiFi network.

    Posted Mar 16, 2016 04:40 PM

    They are doing user auth.



  • 4.  RE: If a user is unable to change their AD password while they are on WiFi network.

    Posted Mar 16, 2016 04:43 PM
    What are you using for RADIUS ?

    Sent from Outlook for iPhone


  • 5.  RE: If a user is unable to change their AD password while they are on WiFi network.

    Posted Mar 16, 2016 04:45 PM

    You mean what are they using for RADIUS authentication ?



  • 6.  RE: If a user is unable to change their AD password while they are on WiFi network.

    Posted Mar 16, 2016 05:20 PM
    Yes

    Sent from Outlook for iPhone


  • 7.  RE: If a user is unable to change their AD password while they are on WiFi network.

    Posted Mar 16, 2016 10:40 PM

    Does the issue happen when they're logged in or at the logon screen?



  • 8.  RE: If a user is unable to change their AD password while they are on WiFi network.

    EMPLOYEE
    Posted Mar 17, 2016 07:15 AM

    What probably happens here is that when the AD account has changed it password, the user can no longer authenticate to the password (using the Windows login credentials on the laptop). If you have configured ONLY user authentication, there is no way for the laptop to connect to the network and communicate to AD for the new password. Problem is the computer (old) and network (new) have a different password at that moment.

     

    If you configure computer authentication, or 'both' in Windows (the option user/computer uses the computer account when no user is logged in and switches to user authentication when a user logs in to the computer) the user should be able to logout on the laptop (then the laptop authenticates as a computer) then login with the new password at which moment the laptop and network password are 'in sync' again.

     

    Another solution is to switch to certificate authentication, which avoids the password change issue as passwords are no longer used in that case.

     

    Herman



  • 9.  RE: If a user is unable to change their AD password while they are on WiFi network.

    Posted Mar 17, 2016 08:31 AM

    Thnk you for your reply. Is their a documentation that I can follow to do user and computer authentication?



  • 10.  RE: If a user is unable to change their AD password while they are on WiFi network.

    EMPLOYEE
    Posted Mar 17, 2016 08:37 AM

    You may check this post on Airheads: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Windows-7-user-or-machine-authentication/td-p/59206#link_21

     

    That has a screenshot for Windows 7...

     

    This page seems useful as well: http://sourcedaddy.com/windows-7/wireless-authentication-modes.html

     

    Herman



  • 11.  RE: If a user is unable to change their AD password while they are on WiFi network.

    Posted Mar 17, 2016 08:39 AM
    What RADIUS server are you guys using ?

    Sent from Outlook for iPhone


  • 12.  RE: If a user is unable to change their AD password while they are on WiFi network.

    Posted Mar 17, 2016 11:18 AM
    Yes, you can control this behavior by group policy.


  • 13.  RE: If a user is unable to change their AD password while they are on WiFi network.

    Posted Mar 17, 2016 10:40 AM

    Thank you guys, I guess the configurations need to be done on the AD side. In terms of Controller there is nothing much that we can do. 

     

    Thank you all for you assiatnce