Radius Server - 802.1x log off?

Author

802.1x log off?

Maarten

2004-05-10, 5:45 pm

Hi,
Sorry if this question has been posted before..

I'am working on a project with 3com superstack 4400, AD, IAS and certificate
server.
Everything seems to be working properly but I still have a question

I presumed that windows would send an EAP-logoff message to the IAS server
when a user would log off Windows?
But if a privileged user logs on to the network (logs out of Windows
afterwards), then an unprivilegd user can still use the connection because
it is still marked 'authorised'.
Is there a way to get around this so that a port goes back in 'unauthorised'
when the priviliged user wants to log off?

(Also in Win xp using MD5, a users only seems to get one chance to log in to
the IAS server using the 'xp balloon' on the bottom of the screen. There
doesn't seem te be another way to fill in the credentials. This question is
less important since I have started to work with certificates, but I would
still very much like to know

)

thanks,
Maarten
(student)

Xuemei Bao

2004-05-10, 5:45 pm

windows does not send a log-off to IAS, but its 802.1x EAP state machine
transites to log off state, When the next user logs on, a new authentication
will start, which will not use the privileged user's connection.

Unfortunately winxp MD5 only requires user to input credentials once, then
they are stored in the current user registry until there is an
authentication failure or the reg key value is removed manually.
--
========================================
=================
This post is provided AS IS with no warranties, and confer no rights
========================================
=================

"Maarten" <maarten_ve@nospamhotmail.com> wrote in message
news:Qmync.101048$0G1.6109298@phobos.telenet-ops.be...
> Hi,
> Sorry if this question has been posted before..
>
> I'am working on a project with 3com superstack 4400, AD, IAS and
certificate
> server.
> Everything seems to be working properly but I still have a question
>
> I presumed that windows would send an EAP-logoff message to the IAS server
> when a user would log off Windows?
> But if a privileged user logs on to the network (logs out of Windows
> afterwards), then an unprivilegd user can still use the connection because
> it is still marked 'authorised'.
> Is there a way to get around this so that a port goes back in
'unauthorised'
> when the priviliged user wants to log off?
>
> (Also in Win xp using MD5, a users only seems to get one chance to log in
to
> the IAS server using the 'xp balloon' on the bottom of the screen. There
> doesn't seem te be another way to fill in the credentials. This question
is
> less important since I have started to work with certificates, but I would
> still very much like to know

)
>
> thanks,
> Maarten
> (student)
>
>

Maarten

2004-05-10, 5:45 pm

And what if the 802.1x state machine doesn't send a log-off message? In my
case I can still connect to the network after a priviled user once logged
in. (3com 4400)

Thank you for the reply

"Xuemei Bao" <xbao@online.microsoft.com> schreef in bericht
news:409ecc9c$1@news.microsoft.com...
> windows does not send a log-off to IAS, but its 802.1x EAP state machine
> transites to log off state, When the next user logs on, a new
authentication
> will start, which will not use the privileged user's connection.
>
> Unfortunately winxp MD5 only requires user to input credentials once, then
> they are stored in the current user registry until there is an
> authentication failure or the reg key value is removed manually.
> --
> ========================================
=================
> This post is provided AS IS with no warranties, and confer no rights
> ========================================
=================
>
>
> "Maarten" <maarten_ve@nospamhotmail.com> wrote in message
> news:Qmync.101048$0G1.6109298@phobos.telenet-ops.be...
> certificate
server[vbcol=seagreen]
because[vbcol=seagreen]
> 'unauthorised'
in[vbcol=seagreen]
> to
> is
would[vbcol=seagreen]
>
>