PEAP Re-Authentication

[ciscofreak1241]

Hi, I have a WLAN solution implemented. I am running Microsoft CA, IAS (RADIUS), and Active Directory. In my wireless configuration we are using WPA/TKIP and EAP Authentication (PEAP with MS-CHAPv2 or PEAP with EAP-TLS). Everything works perfectly, but whenever I use my laptop again it reauthenticates me without asking me to enter my credentials. I turn on my wirless card and it connects automatically as if my crententials are cached. I believe this something I need to do on the Microsoft Server, but I don't know what. Please advise what I can do to always force authentication? Thanks

cf

 

[davebee]

I'm having the same problem. Have you tried disabling "enable fast reconnect"? This will prevent the caching of the tls keys and forces a reauthentication after the specified time for wpa/tkip. That might work.
Do you have any idea on how to limit concurrent logons with Windows IAS? We do it here with freeradius in Linux for Dialup/DSL customers, but this is my first go at IAS (solution desired by customer for their ease of administration).

 

[smikes19]

I'm running PEAP w/MSCHAPv2 and I've noticed that the credentials are stored in the registry:

HKLM\software\Microsoft\EAPOL\Parameters\Interfaces\{ID}

If you delete this, it will re-prompt for credentials. Not sure on how to get it to always prompt.

 

[ADB100]

This is a 'feature' of the MS 802.1x supplicant that is provided with XP:

http://www.tek-tips.com/viewthread.cfm?qid=1292643&page=2

HTH

Andy