Wireless Access

Reply
Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Machine authentication 24 hour time out

HI all -

 

I know that the machine authentication is pulled from AD but what I'm looking for is a way to reset the authentication with out having to reboot or log off/on (I know - people should do that but they don't and now they don't like the wireless network). So I've been tasked with finding a solution that isn't going to cost money (yes clear pass might be the ultimate solution, but there is no budget)

 

So, has anybody out there found a way to re-authenticate with out having to close everything and reboot?

 

We are using Machine and Radius authentication.

 

Looking forward to some creative solutions!

 

Lirria

Guru Elite
Posts: 21,530
Registered: ‎03-29-2007

Re: Machine authentication 24 hour time out

If you are using enforce machine authentication, you should increase the timeout to more than 24 hours.  That is the only way.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: Machine authentication 24 hour time out

OK -

 

Hmm - I didn't think that value could be changed in the past - but I see that under the profile we can now change the time out (I always thought it was a hard value from Windows - my bad).

 

So we'll do some testing and see if that makes a difference - good thing it's Friday - with a 72 hour time out I should still show up authenticated on Monday am

 

Thanks Collin! A life saver as usual!

 

Lirria

Guru Elite
Posts: 21,530
Registered: ‎03-29-2007

Re: Machine authentication 24 hour time out

Lirria,

 

You were probably on the local when you last looked at it.  It would be read-only there...

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: Machine authentication 24 hour time out

Sadly that didn't work :( still lost machine authentication after 24 hours and got kicked to the guest network - did I miss something?

 

I didn't reboot after the change is that why it didn't work?


Lirria

Guru Elite
Posts: 21,530
Registered: ‎03-29-2007

Re: Machine authentication 24 hour time out

When a machine authenticates, it creates a record in the local user database as to how long the machine will maintain that state until it no longer is machine authenticated.  By the time you changed it, there was probably already a record in there.  If that is the case, it would apply to only the NEXT time the device machine authenticated.  So the NEXT time that device machine authenticates, it will get the new expiry.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: Machine authentication 24 hour time out

I suspected as much (sure wish I would have rebooted on friday) :)

 

OK - I'll check again in the am.

 

Lirria

Guru Elite
Posts: 21,530
Registered: ‎03-29-2007

Re: Machine authentication 24 hour time out

You can see how long each machine's cache is by typing "show local-userdb" on the master controller to see the expiry of the cached entries.

 

Remember this will ONLY work if you have enforce machine authentication enabled on the 802.1x profile.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: Machine authentication 24 hour time out

Ah - super - looks like it's working - I'll have to see if it's still authenticated offically tomorrow -

You totally rock as usual!

 

Lirria

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: Machine authentication 24 hour time out

Yup it's totally keeping the authentication - thank you so much!

 

Now if only I could get the users to actually reboot more often.

:)

 

Lirria

Search Airheads
Showing results for 
Search instead for 
Did you mean: