I use MS Peap on windows 2k with all the 802.1x patches and so on. every think works fine. the only thing is that the logon process takes tooo long so the logon scripts are not able to complet sucessfully bc the client doesnt have an ip address. is there any solution for that problem?
We had a similar problem. During the boot up process the client would start the EAP authentication but the AP would disassociate the client before the client finished booting up. The user had to wait until the PEAP authentication started again (approx 1 minute) before they could login.
We finally solved the problem by applying the MS patches 313664 & 823859 (install in that order) and upgrading the AP firmware (we are still Vxworks) to 12.03T. 12.02T does not work! Also make sure computer authentication is check on the client. Im not sure if MS has released patch 823859 I had to call them to get it. Now our users can login as soon as the login screen appears and successfully run the login scripts, etc..
I originally called Microsoft on knowledge base article 822725 that is written for XP but it relates to the same problem I was having on win2K. MS tech support was able to find a back port for win2k. This fix is supposed to be part of SP5.
Machine authentication occurs in a Windows domain or AD when your client PC is a member of a domain. In my environment our ACS server forwards the authentication requests to AD so we use machine authentication.