We are using Local-EAP with eapfast authentication method. The pac expired days was 100 days. Then the problem came after pacs get expired. The users are not able connect with the expired usernames on the same system where pacs installed. But newly created usernames are working and existing user names working in another laptops.
The issue is with expired pacs, we not able to trace where the pacs are stored. if we can able to trace and delete, the problem will be resolved.
My problem with the laptops with windows 7 laptops. By default some laptops comes with eap-fast and in some laptops we installing eapfast registry provided by windows.
–PACs are stored as encrypted data files in either the global or private store on the user's computer.
· Global PACs can be accessed and used by any user at any logon stage. They are available before or during logon or after the user is logged off if the profile is not configured with the No Network Connection Unless User Is Logged In option.
· Private PACs can be accessed and used only by the user who provisioned them or the system administrator.
Note Global PACs are stored on C:\Document and Settings\All Users\Application Data\Cisco\cscostore, and private PACs are stored on C:\Document and Settings\user\ Application Data\Cisco\cscostore.
–If automatic PAC provisioning is enabled and it occurs after the user is logged on, the PAC is stored in the private store of the currently logged-on user. Otherwise, the PAC is stored in the global store.
–PAC files can be added or overwritten using the import feature.
–PAC files can be removed using the delete feature. They are also deleted when the client adapter software is uninstalled.
–PAC files are tied to the machine, so they cannot be used if copied to another machine.