cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
723
Views
0
Helpful
3
Replies

Seeing multiple-passed machine and user authentications???

rteel
Level 1
Level 1

I am interested if others are seeing multiple-passed machine and user authentications

Using 802.1x PEAP-MSCHAPv2 wireless authentication.

XP(SP3) - Getting dual-passed machine authentications, then dual-passed user authentications
Win7 - Getting triple-passed machine authentications, then triple-passed user authentications (sometimes just duals)

Seeing this behavior in two customer environments:

Customer 1
Mix of 2008/2003 DCs
CSACS-1121-K9  5-3-0-40-1
AIR-CT5508-K9 7.0.220.0

Customer 2
Mix of 2008/2003 DCs
CSACS-1121-K9  5-3-0-40-3 (also saw issue with patch 2)
AIR-CT5508-K9 7.2.103.0

                  

???

3 Replies 3

George Stefanick
VIP Alumni
VIP Alumni

I have a similar envoirment. I just checked my logs and I am not seeing double or tripple authentications for devices or clients.

Although, I am not on 7.2 yet.

Did you do a wireless packet capture to see what is actually being sent from the client ? I wonder if your client is doing a preautntication to another ap in advance, But windoz does pmk cache, not pre autentication. So that wouldnt be it ..

Have your tried the free cisco  anyconnect 3.x, it has a wireless supplicant. Just for testing purposes, to see if it still acts the same way ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Been working with TAC on this for several weeks. Looks like clients are sending EAPOL-START even after they have already authenticated. Right now we are having customer tweak an XP registry to suppress EAPOL-START messages, just to see how it reacts. Have not heard results yet.

I can't be the only one seeing this behavior, at two different sites... can I?

FYI... schedule about an extra 30-45+ minutes when you upgrade to 7.2 as there is a FUS upgrade that is also part of going to 7.2.  FUS updates low-level WLC components.  You've got to baby sit it, cause it prompts you for each upgrade to to each component.

Have you tried a differernt supplicant rather then the XP and 7 itself?

Thanks for the heads up on 7.2.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: