Re: 802.1x log off?

From: Xuemei Bao (xbao_at_online.microsoft.com)
Date: 05/10/04

• Next message: Maarten: "Re: 802.1x log off?"
• Previous message: Xuemei Bao: "Re: Peap Authentication fails after boot up (RASTLS LOG)"
• In reply to: Maarten: "802.1x log off?"
• Next in thread: Maarten: "Re: 802.1x log off?"
• Reply: Maarten: "Re: 802.1x log off?"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sun, 9 May 2004 17:28:11 -0700

windows does not send a log-off to IAS, but its 802.1x EAP state machine
transites to log off state, When the next user logs on, a new authentication
will start, which will not use the privileged user's connection.

Unfortunately winxp MD5 only requires user to input credentials once, then
they are stored in the current user registry until there is an
authentication failure or the reg key value is removed manually.

-- 
=========================================================
This post is provided AS IS with no warranties, and confer no rights
=========================================================
"Maarten" <maarten_ve@nospamhotmail.com> wrote in message
news:Qmync.101048$0G1.6109298@phobos.telenet-ops.be...
> Hi,
> Sorry if this question has been posted before..
>
> I'am working on a project with 3com superstack 4400, AD, IAS and
certificate
> server.
> Everything seems to be working properly but I still have a question
>
> I presumed that windows would send an EAP-logoff message to the IAS server
> when a user would log off Windows?
> But if a privileged user logs on to the network (logs out of Windows
> afterwards), then an unprivilegd user can still use the connection because
> it is still marked 'authorised'.
> Is there a way to get around this so that a port goes back in
'unauthorised'
> when the priviliged user wants to log off?
>
> (Also in Win xp using MD5, a users only seems to get one chance to log in
to
> the IAS server using the 'xp balloon' on the bottom of the screen. There
> doesn't seem te be another way to fill in the credentials. This question
is
> less important since I have started to work with certificates, but I would
> still very much like to know :) )
>
> thanks,
> Maarten
> (student)
>
>

---

• Next message: Maarten: "Re: 802.1x log off?"
• Previous message: Xuemei Bao: "Re: Peap Authentication fails after boot up (RASTLS LOG)"
• In reply to: Maarten: "802.1x log off?"
• Next in thread: Maarten: "Re: 802.1x log off?"
• Reply: Maarten: "Re: 802.1x log off?"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: IAS 2003 Connection Request Policies ... why should Microsoft IAS be so difficult? ... for Linux and Radiator for Windows) and they are very inexpensive. ... > not referred to as authentication since MAC address is public information ... > connect as a Windows guest account. ... (microsoft.public.internet.radius) Re: IAS issues ... I was wondering if anyone has run into any issues with SP1 for windows ... Windows 2003 IAS ... "A LDAP connection with domain controller server.test.com for domain ... I asked the product team to review your problem and this is their response: ... (microsoft.public.internet.radius) Re: Radius Problems - Cannot find DC ... the IAS Server is not registered with AD. ... might want to check out this document written for Windows 2000. ... Radius for authentication and security since it offered the highest ... (microsoft.public.windows.server.networking) Re: Proxy IAS on Windows 2003 ... Windows 2003 IAS has the ability to proxy and load balance. ... > Can I implement a Proxy radius on a Windows 2003> server, to connect IAS servers on Windows 2000 DCs on each> forest? ... (microsoft.public.internet.radius) Re: IAS System Rights / IAS + Win2003 SP1 ... checked that - it's all okay. ... deeply within Windows. ... IAS Event logs with the failures include (see bottom). ... (microsoft.public.internet.radius)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet  > microsoft.public.internet.radius  > 2004-05