Reauthentication of Wireless User does not get prompt

Discussion in 'Wireless Networking' started by =?Utf-8?B?RGVsb24=?=, May 23, 2006.

  1. Hi Sir,

    I set up a Radius server to authenticate wireless users via 802.1x. The EAP
    protocol deployed is Microsoft PEAP as most of the clients OS is XP. The
    users might be sharing the same laptops. When a user select the wireless
    network to connect to, he was prompted a window for him to enter the
    Username, Password and Domain field. After successful authentication, he was
    able to access the network resources.

    However, the user is not prompted the Username, Password and Domain after he
    has done so the first time. I understand that XP cached the user credentials
    in the registry. But my customer would like the window prompt to appear when
    the following scenario happens to reauthenticate

    a) Session timeout
    b) Idle timeout to reauthenticate the current wireless user as the user
    might leave his workspace for a short period of time and someone might have
    use his credential to access the network illegitimately
    c) When he shuts down the PC and the laptop is passed to another user but
    the previous user credential is used rather than the second user credentioal
    is used.

    How can I disable the automatic cached user credentials? Is there a way to
    prompt the user after a period of time for him to enter Username, Password
    and Domain field again? Is the option available in the XP client? I search
    through the AP configuration options but found none.

    Please advise. Thank you
    Delon
     
    =?Utf-8?B?RGVsb24=?=, May 23, 2006
    #1
    1. Advertising

  2. =?Utf-8?B?RGVsb24=?=

    Dave Mitton Guest

    Delon <> wrote:

    >Hi Sir,
    >
    >I set up a Radius server to authenticate wireless users via 802.1x. The EAP
    >protocol deployed is Microsoft PEAP as most of the clients OS is XP. The
    >users might be sharing the same laptops. When a user select the wireless
    >network to connect to, he was prompted a window for him to enter the
    >Username, Password and Domain field. After successful authentication, he was
    >able to access the network resources.
    >
    >However, the user is not prompted the Username, Password and Domain after he
    >has done so the first time. I understand that XP cached the user credentials
    >in the registry. But my customer would like the window prompt to appear when
    >the following scenario happens to reauthenticate
    >
    >a) Session timeout


    >b) Idle timeout to reauthenticate the current wireless user as the user
    >might leave his workspace for a short period of time and someone might have
    >use his credential to access the network illegitimately


    Screen saver lock?

    >c) When he shuts down the PC and the laptop is passed to another user but
    >the previous user credential is used rather than the second user credentioal
    >is used.
    >
    >How can I disable the automatic cached user credentials? Is there a way to
    >prompt the user after a period of time for him to enter Username, Password
    >and Domain field again? Is the option available in the XP client? I search
    >through the AP configuration options but found none.
    >
    >Please advise. Thank you
    >Delon


    I know what is happening. Windows caches the User information from a
    successfull EAP connection in the registry. And it WZC re-uses it when
    setting a new connection to the same SSID. KB823731 described this relative to
    PEAP, but it really applies to all EAP protocols. I couldn't find the article
    when I just looked.

    If you can work how to get a program to run for your events, what you want to do
    is find the key in HKCU\Software\Microsoft\EAPOL\UserEapInfo\{deviceGUID}\n
    where n starts at 1. Find the key containing your user and delete it. Or just
    delete them all.

    Of course WZC caches the information in memory, so deleting the key isn't always
    sufficent.

    Dave.
     
    Dave Mitton, May 26, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lars P.

    no automatic reauthentication/reconnect

    Lars P., Feb 1, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    561
    Lars P.
    Feb 1, 2005
  2. lbbss
    Replies:
    0
    Views:
    1,714
    lbbss
    Feb 11, 2005
  3. Gary

    Get rid of XP startup password prompt

    Gary, Jun 19, 2005, in forum: Computer Support
    Replies:
    29
    Views:
    17,518
    fujitsu
    Nov 1, 2007
  4. widdison1991
    Replies:
    0
    Views:
    650
    widdison1991
    Oct 31, 2006
  5. Replies:
    1
    Views:
    418
    Pavel A.
    Nov 3, 2007
Loading...

Share This Page