Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EAP-FAST password expiry cause user lockout

We’ve deployed several mobile workstations on carts in a hospital:

Neoware (Thin Client) w/Citrix with Aironet PCI cards (both 802.11b & g)

The security is EAP-FAST

Cisco Aironet 1200 AP’s running V12.2(13) JA1

The AP is communicating to a Cisco ACS server v3.2 configured for EAP-FAST

The ACS syncs up with the NT Authentication server

Things work fine for a while, then when the password expires the user is locked out of their account.


Re: EAP-FAST password expiry cause user lockout

With the information given, I'd suspect the problem is with the Citrix ... something akin to a "hanging" session.

It may be that Citrix thinks it still has an open session with the client, so when it tried to re-connect, Citrix says " you already have one session open, so I won't open another" .... but since the client lost original session it looks hung.

If you have a parameter for "max sessions" on the Citrix host, check to see if there's a one-session limitation and open it up (at least for diagnostics).

Also look around for other time-outs or "Allow the OS to conserve energy by putting the into standby or sleep mode."

Some things don't re-associate well when coming out of power-save mode. I have a laptop with a Cisco Aironet NIC (same with others) that, once it's gone into power standby, will not re-associate with the AP.

Good Luck


CreatePlease to create content