Reauthentication of Wireless User does not get prompt

Hi Sir,

I set up a Radius server to authenticate wireless users via 802.1x. The EAP
protocol deployed is Microsoft PEAP as most of the clients OS is XP. The
users might be sharing the same laptops. When a user select the wireless
network to connect to, he was prompted a window for him to enter the
Username, Password and Domain field. After successful authentication, he was
able to access the network resources.

However, the user is not prompted the Username, Password and Domain after he
has done so the first time. I understand that XP cached the user credentials
in the registry. But my customer would like the window prompt to appear when
the following scenario happens to reauthenticate

a) Session timeout
b) Idle timeout to reauthenticate the current wireless user as the user
might leave his workspace for a short period of time and someone might have
use his credential to access the network illegitimately
c) When he shuts down the PC and the laptop is passed to another user but
the previous user credential is used rather than the second user credentioal
is used.

How can I disable the automatic cached user credentials? Is there a way to
prompt the user after a period of time for him to enter Username, Password
and Domain field again? Is the option available in the XP client? I search
through the AP configuration options but found none.

Please advise. Thank you
Delon

=?Utf-8?B?RGVsb24=?=

Delon <> wrote:

>Hi Sir,
>
>I set up a Radius server to authenticate wireless users via 802.1x. The EAP
>protocol deployed is Microsoft PEAP as most of the clients OS is XP. The
>users might be sharing the same laptops. When a user select the wireless
>network to connect to, he was prompted a window for him to enter the
>Username, Password and Domain field. After successful authentication, he was
>able to access the network resources.
>
>However, the user is not prompted the Username, Password and Domain after he
>has done so the first time. I understand that XP cached the user credentials
>in the registry. But my customer would like the window prompt to appear when
>the following scenario happens to reauthenticate
>
>a) Session timeout

>b) Idle timeout to reauthenticate the current wireless user as the user
>might leave his workspace for a short period of time and someone might have
>use his credential to access the network illegitimately

Screen saver lock?

>c) When he shuts down the PC and the laptop is passed to another user but
>the previous user credential is used rather than the second user credentioal
>is used.
>
>How can I disable the automatic cached user credentials? Is there a way to
>prompt the user after a period of time for him to enter Username, Password
>and Domain field again? Is the option available in the XP client? I search
>through the AP configuration options but found none.
>
>Please advise. Thank you
>Delon

I know what is happening. Windows caches the User information from a
successfull EAP connection in the registry. And it WZC re-uses it when
setting a new connection to the same SSID. KB823731 described this relative to
PEAP, but it really applies to all EAP protocols. I couldn't find the article
when I just looked.

If you can work how to get a program to run for your events, what you want to do
is find the key in HKCU\Software\Microsoft\EAPOL\UserEapInfo\{deviceG UID}\n
where n starts at 1. Find the key containing your user and delete it. Or just
delete them all.

Of course WZC caches the information in memory, so deleting the key isn't always
sufficent.

Dave.

Dave Mitton