Security

Reply
Highlighted
Contributor I

Windows 7 long login times

Hi,

 

I have been testing using enforce machine auth vs disabling enforce machine auth.  The login times vary from 30 seconds to 1 minute.  Probably stupid question, but is this by design?  On our wired network we just have comp auth.  The wireless is using computer or user auth.  When at the Ctrl+alt+delete screen, the computer does authenticate from the radius server.

 

 


Accepted Solutions
Highlighted
Moderator

Re: Windows 7 long login times

Generally slow logon times mean something is being blocked.

 

Just to test, can you change that role to have an allowall and see if it speeds up?

 

If so, remove the allowall and then use the "show datapath session table <client-ip> | include D" command to see what is being blocked during the logon process.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: Windows 7 long login times

Few questions:

 

  • EAP-TLS or EAP-PEAP/MSCHAPv2 ?
  • Are you using ClearPass?
  • Are you restricting access in your machine authentication role?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor I

Re: Windows 7 long login times

EAP-PEAP/MSCHAPv2

No, we do not have clearpass

 

We have a domain-computer role which includes logon-control (dns, dhcp, icmp) and (allow domain controller) policy which gives full access to the domain controllers.

Contributor I

Re: Windows 7 long login times

Ok, you had me think.  I added allowall to the domain-computer policy -- and that did the trick.  Now only took 5 seconds compared to 1min 18 seconds.

Highlighted
Moderator

Re: Windows 7 long login times

Generally slow logon times mean something is being blocked.

 

Just to test, can you change that role to have an allowall and see if it speeds up?

 

If so, remove the allowall and then use the "show datapath session table <client-ip> | include D" command to see what is being blocked during the logon process.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: