|
Home > Archive > Radius Server > March 2004 > Cached Credential Setup for PEAP MS-CHAP v2 802.1X
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Cached Credential Setup for PEAP MS-CHAP v2 802.1X
|
|
|
| Hello folks,
My XP Pro notebook connects successfully via a cisco 350 PCMCIA WiFi card to our Microsoft PEAP MS-CHAPv2 802.1X network. The problem is, exactly every 10 minutes (I assume this is the WEP key turnover time), or whenever I roam to a new AP, I am reprompted via the balloon pop-up to re-enter my username and password, which do not change. Needless to say, this is highly annoying.
Supposedly, XP stores the PEAP authentication credentials in the registry, as in MS Q823731. According to this article, in order to *remove* the cached credentials, it is sufficient to delete HKEY_CURRENT_USER\Software\Microsoft\Eap
ol\UserEapInfo. My problem is the inverse, I want to *create* this key from scratch. What are the details on this (these) key(s)? Any ideas why this key doesn't exist on my XP?
Thanks VERY much for any advice/info. | |
| James McIllece [MS] 2004-03-22, 7:35 pm |
| dv440 <dv440.13jmhl@mail.webservertalk.com> wrote in
news:dv440.13jmhl@mail.webservertalk.com:
>
> Hello folks,
>
> My XP Pro notebook connects successfully via a cisco 350 PCMCIA WiFi
> card to our Microsoft PEAP MS-CHAPv2 802.1X network. The problem is,
> exactly every 10 minutes (I assume this is the WEP key turnover time),
> or whenever I roam to a new AP, I am reprompted via the balloon pop-up
> to re-enter my username and password, which do not change. Needless to
> say, this is highly annoying.
>
> Supposedly, XP stores the PEAP authentication credentials in the
> registry, as in MS Q823731. According to this article, in order to
> *remove* the cached credentials, it is sufficient to delete
> HKEY_CURRENT_USER\Software\Microsoft\Eap
ol\UserEapInfo. My problem is
> the inverse, I want to *create* this key from scratch. What are the
> details on this (these) key(s)? Any ideas why this key doesn't exist
> on my XP?
>
> Thanks VERY much for any advice/info.
>
>
>
> --
> dv440
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message159378.html
>
>
I can address one issue, which is being prompted for credentials when you
roam to a new AP.
The feature that you are discussing is called PEAP fast reconnect, and it
works in the following way:
If PEAP fast reconnect is enabled on the Windows Server 2003 IAS server and
on client computers, you can move from one AP to another without being
prompted to input your credentials.
A portion of the credentials, along with other connection information, is
stored on the IAS server (not in a client registry key).
Note that this is only true if the APs between which you move are
configured as RADIUS clients to the same IAS server. If your laptop
associates with an AP that is not configured as a RADIUS client to the same
RADIUS server as the previous AP you were associated with, you will be
prompted to enter your credentials.
It is most likely that your admins have not enabled PEAP fast reconnect for
some reason. You should probably contact them to clear up both issues.
BTW, both of these issues can be resolved without your adding a reg key to
your system, which is not a recommended action.
If you or the admins have questions about how to set up IAS with PEAP,
please see the whitepapers "Enterprise Deployment of Secure 802.11 Networks
Using Microsoft Windows" and "The Advantages of Protected Extensible
Authentication Protocol (PEAP)" on the IAS web site at
http://www.microsoft.com/windowsser...s/default.mspx.
Hope that helps...:-)
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
|
| Thanks, I sent your observations to the admins and am awaiting a response. But since this is new for the admins as well as me, if I could ask some follow-ups...
If PEAP fast reconnect is enabled on the Windows Server 2003 IAS server and
on client computers, you can move from one AP to another without being
prompted to input your credentials.
How do I make this adjustment on the client side?
A portion of the credentials, along with other connection information, is
stored on the IAS server (not in a client registry key).
I'm confused, KB823731 talks about a registry key cache, and says the article is for XP Home/Pro SP1.
BTW, both of these issues can be resolved without your adding a reg key to
your system, which is not a recommended action.
How??? I'm happy to not mess with the registry if there is a way for me to get access without typing in the creds every 10 minutes.
Also... even if PEAP fast reconnect is turned off, I am getting prompted to enter creds every 10 minutes -- this is with me not roaming physically, and from the cisco ACM I can see that there is no change in the AP MAC. Is this normal behavior?
Thanks again! |
|
|
|
|