Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > Reauthentication of Wireless User does not get prompt

Reply
Thread Tools

Reauthentication of Wireless User does not get prompt

 
 
=?Utf-8?B?RGVsb24=?=
Guest
Posts: n/a
 
      05-23-2006
Hi Sir,

I set up a Radius server to authenticate wireless users via 802.1x. The EAP
protocol deployed is Microsoft PEAP as most of the clients OS is XP. The
users might be sharing the same laptops. When a user select the wireless
network to connect to, he was prompted a window for him to enter the
Username, Password and Domain field. After successful authentication, he was
able to access the network resources.

However, the user is not prompted the Username, Password and Domain after he
has done so the first time. I understand that XP cached the user credentials
in the registry. But my customer would like the window prompt to appear when
the following scenario happens to reauthenticate

a) Session timeout
b) Idle timeout to reauthenticate the current wireless user as the user
might leave his workspace for a short period of time and someone might have
use his credential to access the network illegitimately
c) When he shuts down the PC and the laptop is passed to another user but
the previous user credential is used rather than the second user credentioal
is used.

How can I disable the automatic cached user credentials? Is there a way to
prompt the user after a period of time for him to enter Username, Password
and Domain field again? Is the option available in the XP client? I search
through the AP configuration options but found none.

Please advise. Thank you
Delon
 
Reply With Quote
 
 
 
 
Dave Mitton
Guest
Posts: n/a
 
      05-26-2006
Delon <(E-Mail Removed)> wrote:

>Hi Sir,
>
>I set up a Radius server to authenticate wireless users via 802.1x. The EAP
>protocol deployed is Microsoft PEAP as most of the clients OS is XP. The
>users might be sharing the same laptops. When a user select the wireless
>network to connect to, he was prompted a window for him to enter the
>Username, Password and Domain field. After successful authentication, he was
>able to access the network resources.
>
>However, the user is not prompted the Username, Password and Domain after he
>has done so the first time. I understand that XP cached the user credentials
>in the registry. But my customer would like the window prompt to appear when
>the following scenario happens to reauthenticate
>
>a) Session timeout


>b) Idle timeout to reauthenticate the current wireless user as the user
>might leave his workspace for a short period of time and someone might have
>use his credential to access the network illegitimately


Screen saver lock?

>c) When he shuts down the PC and the laptop is passed to another user but
>the previous user credential is used rather than the second user credentioal
>is used.
>
>How can I disable the automatic cached user credentials? Is there a way to
>prompt the user after a period of time for him to enter Username, Password
>and Domain field again? Is the option available in the XP client? I search
>through the AP configuration options but found none.
>
>Please advise. Thank you
>Delon


I know what is happening. Windows caches the User information from a
successfull EAP connection in the registry. And it WZC re-uses it when
setting a new connection to the same SSID. KB823731 described this relative to
PEAP, but it really applies to all EAP protocols. I couldn't find the article
when I just looked.

If you can work how to get a program to run for your events, what you want to do
is find the key in HKCU\Software\Microsoft\EAPOL\UserEapInfo\{deviceG UID}\n
where n starts at 1. Find the key containing your user and delete it. Or just
delete them all.

Of course WZC caches the information in memory, so deleting the key isn't always
sufficent.

Dave.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to open a shell prompt from an existing shell prompt gaurav kashyap Python 2 10-30-2008 09:18 AM
Force reauthentication with basic auth on IIS? JGH Java 1 02-09-2005 02:16 AM
no automatic reauthentication/reconnect Lars P. Wireless Networking 0 02-01-2005 02:18 PM
Forcing Reauthentication for a Webform with NTLM auth..ion Andrew_Revinsky ASP .Net Security 3 07-14-2004 09:22 AM
How to force reauthentication of a Web service client (Basic auth) Alek Davis ASP .Net Security 0 10-24-2003 06:19 PM



Advertisments