Wireless Access

last person joined: 12 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Machine authentication 24 hour time out

This thread has been viewed 1 times

  • 1.  Machine authentication 24 hour time out

    Posted Apr 19, 2013 05:10 PM

    HI all -

     

    I know that the machine authentication is pulled from AD but what I'm looking for is a way to reset the authentication with out having to reboot or log off/on (I know - people should do that but they don't and now they don't like the wireless network). So I've been tasked with finding a solution that isn't going to cost money (yes clear pass might be the ultimate solution, but there is no budget)

     

    So, has anybody out there found a way to re-authenticate with out having to close everything and reboot?

     

    We are using Machine and Radius authentication.

     

    Looking forward to some creative solutions!

     

    Lirria



  • 2.  RE: Machine authentication 24 hour time out
    Best Answer

    EMPLOYEE
    Posted Apr 19, 2013 05:32 PM

    If you are using enforce machine authentication, you should increase the timeout to more than 24 hours.  That is the only way.

     



  • 3.  RE: Machine authentication 24 hour time out

    Posted Apr 19, 2013 05:42 PM

    OK -

     

    Hmm - I didn't think that value could be changed in the past - but I see that under the profile we can now change the time out (I always thought it was a hard value from Windows - my bad).

     

    So we'll do some testing and see if that makes a difference - good thing it's Friday - with a 72 hour time out I should still show up authenticated on Monday am

     

    Thanks Collin! A life saver as usual!

     

    Lirria



  • 4.  RE: Machine authentication 24 hour time out

    EMPLOYEE
    Posted Apr 20, 2013 12:40 PM

    Lirria,

     

    You were probably on the local when you last looked at it.  It would be read-only there...

     



  • 5.  RE: Machine authentication 24 hour time out

    Posted Apr 22, 2013 12:44 PM

    Sadly that didn't work :( still lost machine authentication after 24 hours and got kicked to the guest network - did I miss something?

     

    I didn't reboot after the change is that why it didn't work?


    Lirria



  • 6.  RE: Machine authentication 24 hour time out

    EMPLOYEE
    Posted Apr 22, 2013 12:48 PM

    When a machine authenticates, it creates a record in the local user database as to how long the machine will maintain that state until it no longer is machine authenticated.  By the time you changed it, there was probably already a record in there.  If that is the case, it would apply to only the NEXT time the device machine authenticated.  So the NEXT time that device machine authenticates, it will get the new expiry.



  • 7.  RE: Machine authentication 24 hour time out

    Posted Apr 22, 2013 12:50 PM

    I suspected as much (sure wish I would have rebooted on friday) :)

     

    OK - I'll check again in the am.

     

    Lirria



  • 8.  RE: Machine authentication 24 hour time out
    Best Answer

    EMPLOYEE
    Posted Apr 22, 2013 12:57 PM

    You can see how long each machine's cache is by typing "show local-userdb" on the master controller to see the expiry of the cached entries.

     

    Remember this will ONLY work if you have enforce machine authentication enabled on the 802.1x profile.

     



  • 9.  RE: Machine authentication 24 hour time out

    Posted Apr 22, 2013 01:03 PM

    Ah - super - looks like it's working - I'll have to see if it's still authenticated offically tomorrow -

    You totally rock as usual!

     

    Lirria



  • 10.  RE: Machine authentication 24 hour time out

    Posted Apr 24, 2013 01:40 PM

    Yup it's totally keeping the authentication - thank you so much!

     

    Now if only I could get the users to actually reboot more often.

    :)

     

    Lirria