We are running Cisco 1200 Access points authenticating to ACS 3.3 using PEAP authentication with both user and machine authentication. The clients are XP and have the KB885453 patch loaded.
The issue is that when a machine is powered on the machine authentication processes fine and the user authentication is successfull. The issue is that after the machine is left connected or left unattended for an hour or two you come back and you have lost connectivity and the ACS logs say DB user access denied(machine access restriction). If the user reboots the computer it is fine again.
In ACS under global authentication setup I have fast reconnect enabled and currently the PEAP session timeout set to 0. The recommendation was that the PEAP session timeout be set to longer than your workday and I had it set to 10 hours but it had the same affect. Can anyone tell me a recommended configuration where the machine authentication is maintained throughout a workday or overnight. I would think that if it times out that it would attempt to reauthenticate if a user tries to login or come out of suspend. I would really like to keep machine authentication if possible.