802.1x issue

[abelardlim]

Hi all

I have some issues i) if a user A logon, logout from machine A, then restart that machine A, user B who wish to logon to the same machine A,he/she is not able to do so ii) if user A changed his password at desktop PC, when user A tried to logon to a notebook, user A is not able to logon

Below are the 802.1x configuration details

i) Wired AutoConfig and Wireless Zero Configuration are Started at Windows XP SP3 Client

ii) At Authentication tab of Windows XP client, Enable IEEE 802.1x is checked

iii) Cache user information for subsequent connections to this network is checked

iv) Protected EAP (PEAP)

v) At Protected EAP Properties, Validate server certficate has been checked

vi) check box for “Automatically use my Windows logon name and password (and domain if any)” is checked.

pls help

 

[ironhide]

Can you please re-phrase the issue.It appears to be something with wireless security.

 

[JustAGuy51]

ii) At Authentication tab of Windows XP client, Enable IEEE 802.1x is checked

802.1x requires RADIUS server. Do you have one set up?

iv) Protected EAP (PEAP)

v) At Protected EAP Properties, Validate server certficate has been checked

PEAP requires 2 certificates: a CA cert and the server cert. Do you have both properly set up? They are not trivial to set up and troubleshoot.

vi) check box for “Automatically use my Windows logon name and password (and domain if any)” is checked.

I believe it will be best for you to uncheck this since it may give you more trouble than benefits.

 

[abelardlim]

Can you please re-phrase the issue.It appears to be something with wireless security.

Sorry, let me rephrase, i have got a few issues :-


map drive - At the time of login, login script (kix) is not running, hence, i could not get any map drive, but my machine is successfully authenticated

When user A changed password at his desktop and if he is trying to logon to the notebook which he is currently using, he will not be able to do so, currently, a way to solve it is user A would need to logon by using old password at the notebook, changed to the same password which was created at desktop

User A logon machine A, logout and restart PC, user B try to logon at machine A,but failed, user B can logon to machine A, provided machine A has not been restarted

User A logon machine A, logout and restart PC, user B try to logon at machine A,but failed, user B can logon to machine A, provided machine A has not been restarted

 

[abelardlim]

802.1x requires RADIUS server. Do you have one set up?

Yes, i have got IAS server


PEAP requires 2 certificates: a CA cert and the server cert. Do you have both properly set up? They are not trivial to set up and troubleshoot.

Yes, i have done the above

I believe it will be best for you to uncheck this since it may give you more trouble than benefits.

Why do i need to uncheck,

Just additional information, at Remote access permission (dial-in or VPN) tab, it has been set as Deny access, does it need to change to allow access ?

 

[abelardlim]

Can you please re-phrase the issue.It appears to be something with wireless security.

In order to get the map drive, i would need to logout and logon back. If the machine is to restart, the same procedures would need to redo.

 

[JustAGuy51]

Why do i need to uncheck,

Just additional information, at Remote access permission (dial-in or VPN) tab, it has been set as Deny access, does it need to change to allow access ?

No comment on changing Deny to Allow access.

The reason for disabling auto-logon using Windows signin credentials is for eliminating (potential) extra problems introduced by that. But if you know what you are doing, please ignore my suggestion.

I think I may know the problem you described in #2 of your original post. After changing password at Desktop, you can't log on using new password in laptop because that change is never reflected in IAS server. You may need to upgrade or change to compatible version of sign-on manager in Desktop so that the new version will sync with IAS server (new password will be reflected in IAS server). Try logging on using old password in laptop. If that works, then this is the case. Caveat for my advice is that I have not used IAS but have used freeRADIUS server with 802.1x setup.

 

[abelardlim]

I ran into a problem at 802.1x where map drive (kix logon script) just could not map during 1st time of logon, i.e when the machine is power up, the logon script did not run, but at the end the machine got authenticated, i would need to logout and logon again to get logon script running and authenticated.

anyone can suggest better idea ?