+ Reply to Thread
Results 1 to 10 of 10

Thread: 802.1x Wireless User Auth w/ XP Mandatory Profiles?

  Share/Bookmark
  1. #1

    Reputation

    Join Date
    Aug 2008
    Location
    London
    Posts
    4
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Default 802.1x Wireless User Auth w/ XP Mandatory Profiles?

    Hi there,

    Anyone ever had problems with 802.1x (EAP-MS-CHAPV2) user authentication over wireless not working when using mandatory user profiles (WinXP, SP3)?

    When a user logs on with a mandatory profile the RADIUS server (IAS on 2008) just sees repeated attempts to authenticate, but there's never an IAS_SUCCESS event indicating a proper connection (the clients stall at the 'validating identity' stage). Simply changing the profile to a normal roaming profile (NTUSER.MAN --> NTUSER.DAT, no other changes) results in everything working fine with successful authentication, and connection, etc. Rather odd and rather frustrating - the lack of anything on Google makes me wonder if it mightn't be an SP3 foible, but annoyingly I don't have any SP2 machines immediately to hand...

    Will crack out Wireshark/Process Monitor tomorrow and figure this out, but kind of hopeful someone here might well have experienced this before?

    Cheers,

    Chris.

  2. #2

    Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation
    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    Rochdale, Lancashire
    Posts
    8,813
    Thank Post
    309
    Thanked 611 Times in 554 Posts
    Rep Power
    120

    Default

    Have you tired recreating a profile?

    Z

  3. #3

    Reputation

    Join Date
    Aug 2007
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default Having same problem

    Did anyone find a fix for this problem. I am having the same thing happen.

    Thanks

    Ricky

  4. #4

    Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation Reputation
    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    6,531
    Thank Post
    139
    Thanked 391 Times in 340 Posts
    Rep Power
    95

    Default

    Interesting we use machine authentication here so don't have an issue with user profiles.

    Ben

  5. #5

    Reputation Reputation Reputation Reputation Reputation

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    619
    Thank Post
    10
    Thanked 82 Times in 53 Posts
    Rep Power
    24

    Default

    Quote Originally Posted by ChrisCole View Post
    Hi there,

    Anyone ever had problems with 802.1x (EAP-MS-CHAPV2) user authentication over wireless not working when using mandatory user profiles (WinXP, SP3)?

    When a user logs on with a mandatory profile the RADIUS server (IAS on 2008) just sees repeated attempts to authenticate, but there's never an IAS_SUCCESS event indicating a proper connection (the clients stall at the 'validating identity' stage). Simply changing the profile to a normal roaming profile (NTUSER.MAN --> NTUSER.DAT, no other changes) results in everything working fine with successful authentication, and connection, etc. Rather odd and rather frustrating - the lack of anything on Google makes me wonder if it mightn't be an SP3 foible, but annoyingly I don't have any SP2 machines immediately to hand...

    Will crack out Wireshark/Process Monitor tomorrow and figure this out, but kind of hopeful someone here might well have experienced this before?

    Cheers,

    Chris.
    Hi,

    I don;t know if mandatory profile locks down the registry but with that setup the users will need access to HKEY_CURRENT_USER\Software\Microsoft\EAPOL\UserEap Info

    Try to see if access is denied to this section of the registry.

    Ash.

  6. #6

    Reputation

    Join Date
    Aug 2007
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    Quote Originally Posted by plexer View Post
    Interesting we use machine authentication here so don't have an issue with user profiles.

    Ben
    Yeah, we have to use Computer Authentication now since SP3. Whatever happened, SP3 it. We had no problem until we upgraded to SP3. Wonder why Microsoft would have disabled 802.1x User Authenication with Mandatory Profiles?

    Thanks

    Ricky

  7. #7

    Reputation

    Join Date
    Nov 2008
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    I am also having the same problem.... after taking forever to narrow down...

    No one have a proper fix without moving to computer auth or changing to roaming profiles.....?

  8. #8

    Reputation

    Join Date
    Feb 2009
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    We are also having this issue - what brand of Access Points are you using?

    Has there been any solution to this without changing Authentication types?

  9. #9

    Reputation
    trolley01's Avatar
    Join Date
    Mar 2009
    Location
    Wisbech
    Posts
    18
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Thumbs up Solution!

    Just been working on this issue myself, and have found a solution.

    Microsoft have released a hotfix to solve the problem, which allows user authentication to take place using 802.1x on Windows XP SP3.

    A Windows XP Service Pack 3-based client computer cannot use the IEEE 802.1x authentication when you use PEAP with PEAP-MSCHAPv2 in a domain

    Hope this helps.

  10. #10

    Reputation

    Join Date
    Jul 2005
    Location
    Lancaster
    Posts
    35
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    Hiya

    we had a similar problem, dont have time to check if its same as the one posted above but ours turned out to be a server2008 issue.

    search for and read up on KB969111, sorry if its the same as already posted

    Dave

+ Reply to Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Similar Threads

  1. Mandatory Profiles
    By jcollings in forum Networks
    Replies: 7
    Last Post: 09-09-2009, 03:36 PM
  2. Mandatory Profiles
    By leegcvcc in forum Windows
    Replies: 12
    Last Post: 09-05-2008, 09:45 AM
  3. Replies: 0
    Last Post: 03-01-2008, 06:15 PM
  4. Wireless - WPA/802.1x
    By wesleyw in forum Hardware
    Replies: 2
    Last Post: 04-10-2007, 09:34 AM
  5. Mandatory Profiles
    By HodgeHi in forum Windows
    Replies: 2
    Last Post: 06-12-2006, 11:56 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts