Hi,
I recently setup a wireless network for a client, but left with one
issue that I cannot seem to resolve.
Hardware is a Cisco 2100 WCS controller with several compatible Cisco
AP's.
Hardware configured for PEAP / WPA / WPA2 / TKIP / AES combinations.
They authenticate through Windows IAS and authenticate against Active
Directory (2003).
IAS is configured to authenticate only wireless clients, and only
specifiy AD groups.
Clients are configured using PEAP / MSChapv2. Not configured to
validate server certificates. All use Windows wireless Zero
configuration utility.
The problem is that the client gives their users a standard password
which they are expected to change at first login. In other words, the
user's account in AD is set to force a password change the first time
they log into the wireless network.
Now I know this works, because it works in my lab without issue....as
long as you configure PEAP to allow the client to change their
password.
But in production, it only works sometimes. The problem occurs accross
different laptop brands....in other words, I can't pin it down to either
an IBM or Dell, or any specific kind of client wireless hardware.
When it does't work, users are prompted 3 times for their change their
password, but it doesn't work and then their authentication attempt
start sover from the beginning.
Note that when this policy is not enbaled (force passwor change), then
all notebooks authenticate without issue....it's only when we try to
force a password change through the client's AD account.
I tried applying several microsoft patches (to help with 3rd party
radius timing issues) to the clients, but so far no luck.
Any advice would be appreciated.
------------------------------------------------------------------------
View this thread:
http://www.wirelessforums.org/showthread.php?t=36857
http://www.wirelessforums.org
Similar Threads
Linear Mode
