Wireless Access

Reply
RSH
Occasional Contributor II
Posts: 11
Registered: ‎03-04-2016

If a user is unable to change their AD password while they are on WiFi network.

So a customer is using 3200 controller version 6.3.1.20 and they are doing user based authentication.

The issue is that if the user is on wiFi and their active directory password is going to expire they cannot change their network AD password when they are connecetd via their corporate WiFi.

Also, if a user has changed their password on a desktop and then bring their laptop back to the office they can’t log onto the laptop with their new password until the laptop is plugged into the network and new password is uploaded on log on.

I was wondering is there are any controller configuration that might affect this or cause this behaviour. 

Does this have anything to do with their WiFi configuratoions or it is their AD issue ? 

 

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: If a user is unable to change their AD password while they are on WiFi network.

Are you doing machine authentication on the wireless profile on the Windows the device ?

Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
RSH
Occasional Contributor II
Posts: 11
Registered: ‎03-04-2016

Re: If a user is unable to change their AD password while they are on WiFi network.

They are doing user auth.

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: If a user is unable to change their AD password while they are on WiFi network.

What are you using for RADIUS ?

Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
RSH
Occasional Contributor II
Posts: 11
Registered: ‎03-04-2016

Re: If a user is unable to change their AD password while they are on WiFi network.

You mean what are they using for RADIUS authentication ?

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: If a user is unable to change their AD password while they are on WiFi network.

Yes

Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: If a user is unable to change their AD password while they are on WiFi network.

Does the issue happen when they're logged in or at the logon screen?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
MVP
Posts: 553
Registered: ‎11-04-2011

Re: If a user is unable to change their AD password while they are on WiFi network.

What probably happens here is that when the AD account has changed it password, the user can no longer authenticate to the password (using the Windows login credentials on the laptop). If you have configured ONLY user authentication, there is no way for the laptop to connect to the network and communicate to AD for the new password. Problem is the computer (old) and network (new) have a different password at that moment.

 

If you configure computer authentication, or 'both' in Windows (the option user/computer uses the computer account when no user is logged in and switches to user authentication when a user logs in to the computer) the user should be able to logout on the laptop (then the laptop authenticates as a computer) then login with the new password at which moment the laptop and network password are 'in sync' again.

 

Another solution is to switch to certificate authentication, which avoids the password change issue as passwords are no longer used in that case.

 

Herman

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
RSH
Occasional Contributor II
Posts: 11
Registered: ‎03-04-2016

Re: If a user is unable to change their AD password while they are on WiFi network.

Thnk you for your reply. Is their a documentation that I can follow to do user and computer authentication?

MVP
Posts: 553
Registered: ‎11-04-2011

Re: If a user is unable to change their AD password while they are on WiFi network.

You may check this post on Airheads: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Windows-7-user-or-machine-authentication/td-p/59206#link_21

 

That has a screenshot for Windows 7...

 

This page seems useful as well: http://sourcedaddy.com/windows-7/wireless-authentication-modes.html

 

Herman

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: