We have a private DSL-based Home worker WAN solution. The users connect via wireless to their router and use PEAP to authenticate to central ACS 3.3 radius server.
The problem we have is that, because the laptop is not on the network until they have successfully authenticated, they logon to the laptop using cached credentials and don't actually authentiacte with the domain. Consequently, the users are not notified when their password is about to expire.
When their password has expired, they are prompted to change it during the wireless logon process, but this doesn't work. Subsequently, they have to travel to their local office to logon to the domain and hange their password.
The local routers are Netgear set for WPA-802.1x, the laptops are set for PEAP (EAP-MSCHAP v2), the Radius is ACS 3.3 authenticating to AD.
Any ideas will be gratefully received.