04-27-2012 10:17 AM - edited 07-03-2021 10:04 PM
I am interested if others are seeing multiple-passed machine and user authentications
Using 802.1x PEAP-MSCHAPv2 wireless authentication.
XP(SP3) - Getting dual-passed machine authentications, then dual-passed user authentications
Win7 - Getting triple-passed machine authentications, then triple-passed user authentications (sometimes just duals)
Seeing this behavior in two customer environments:
Customer 1
Mix of 2008/2003 DCs
CSACS-1121-K9 5-3-0-40-1
AIR-CT5508-K9 7.0.220.0
Customer 2
Mix of 2008/2003 DCs
CSACS-1121-K9 5-3-0-40-3 (also saw issue with patch 2)
AIR-CT5508-K9 7.2.103.0
???
04-27-2012 12:03 PM
I have a similar envoirment. I just checked my logs and I am not seeing double or tripple authentications for devices or clients.
Although, I am not on 7.2 yet.
Did you do a wireless packet capture to see what is actually being sent from the client ? I wonder if your client is doing a preautntication to another ap in advance, But windoz does pmk cache, not pre autentication. So that wouldnt be it ..
Have your tried the free cisco anyconnect 3.x, it has a wireless supplicant. Just for testing purposes, to see if it still acts the same way ?
04-27-2012 12:55 PM
Been working with TAC on this for several weeks. Looks like clients are sending EAPOL-START even after they have already authenticated. Right now we are having customer tweak an XP registry to suppress EAPOL-START messages, just to see how it reacts. Have not heard results yet.
I can't be the only one seeing this behavior, at two different sites... can I?
FYI... schedule about an extra 30-45+ minutes when you upgrade to 7.2 as there is a FUS upgrade that is also part of going to 7.2. FUS updates low-level WLC components. You've got to baby sit it, cause it prompts you for each upgrade to to each component.
04-27-2012 01:45 PM
Have you tried a differernt supplicant rather then the XP and 7 itself?
Thanks for the heads up on 7.2.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: