Wireless Access

Reply
Highlighted
Frequent Contributor I

Re: AD password change with 802.1x authentication and wifi

I have a customer having the same thing, user changes the password and his account is getting locked because the IPhone is using the old password :D

 

 

Also, any recommendation on using machine + user auth ? with windows XP it works perfectly and after the user logs in it changed to user auth, with windows 8 it stays authenticated as machine and doesn't change or try with the user after loging in :( any ideas ?

Highlighted
Moderator

Re: AD password change with 802.1x authentication and wifi

I've seen this when the user and computer auth isn't explicitly set and user auth times out, it will change itself to computer only. Are you setting this through group policy to use User and Computer?



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor I

Re: AD password change with 802.1x authentication and wifi

Yup group policy and set to machine or user

Highlighted
Frequent Contributor II

Re: AD password change with 802.1x authentication and wifi

Hi Islam,

 

Our XP workstations work great but we push out the settings via GPO and set it so the settings can't be changed on the workstation. Never had an issue using that method.  As for iphones, the user has to click on the > symbol and then click forget network to have it stop trying to use the old password. 

 

Because of that, we are looking at moving to cert based for iphone/ipad type devices. We are testing clearpass and onboarding and so far so good.  We don't allow non corporate devices on our network so we have custom attributes set that prevent users from onboarding a personal device.

Highlighted
Frequent Contributor I

Re: AD password change with 802.1x authentication and wifi

XP machines works perfectly i have tested, the issue is with Windows 8 machines.

 

Onboarding with TLS is good idea but customer wants it easy no onboarding for VIP users :(