what radius server do you use?
We had a similar issue with freeradius serever using Novell NDSldap
authetication.
The current freeradius server has this issue fixed.
johnh...
________________________________
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[[email protected]] on behalf of Jack Vizelter
[[email protected]]
Sent: Monday, November 07, 2011 5:42 PM
To: [email protected]
Subject: Re: [WIRELESS-LAN] WPA2-Enterprise - account lockouts and password
changes
We use WPA2 Enterprise on our wireless network and we've seen OSX connectivity
issues to our wireless network that authenticates against our LDAP/AD when
using WPA2 Ent.
When a user authenticates the first time and saves the password in the wifi
profile and keychain and then changes their LDAP/AD password, the wireless
profile does not always prompt to enter a new password. This causes the
wireless not to connect. And when it does, the airport has multiple wifi
profiles for the same SSID causing issues.
What we've found that works (at least thus far) is to both delete duplicate
wireless profiles and delete the keychain password. Then update manually the
password only for the remaining wireless profile with the new password.
Unfortunately, we require password changes annually.
We do enforce LDAP & AD password lockouts after several failed attempts, but
they auto-unlock themselves after a fixed period.
-jack
On Nov 7, 2011, at 5:19 PM, Fleming, Tony wrote:
Crew,
We have had several complaints from our students about wireless trouble. We
believe we have a couple issues going on:
Account lockouts – Our students are allowed to register four
devices on WiFi and the majority of our students using all of their
registrations ( laptops/ipads/smartphones…) What we see are a lot of password
failures resulting in account lockouts. If one of their four devices has a bad
username and password combination stored in the WiFi profile, it just compounds
the problem and creates a lot of confusion for our students. Sadly, these
devices do not return a failure cause to the user and is interpreted as a bad
signal or bad network.
OSX and WPA2 – It is our observation that OSX has a continual
history of WPA2 bugs.
My questions to the group:
How do you guys handle Account lockouts?
Do your students interpret these issues as WiFi trouble?
If so, how are you changing that perception?
Have any of you abandoned 802.1x (PEAP) because of this issue?
Do you see the same trouble with OSX and WPA2?
********** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
