Correct. -Neil
-- Neil Johnson Network Engineer The University of Iowa Phone: +1 319 384-0938<tel:+13193840938> Fax: +1 319 335-2951<tel:+13193352951> E-Mail: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu> Lync: neil-john...@uiowa.edu<sip:neil-john...@uiowa.edu> From: Tim Cappalli <cappa...@brandeis.edu<mailto:cappa...@brandeis.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Monday, November 18, 2013 5:40 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] Force Windows to send UPN So you are using the single sign on feature, not machine auth? Thanks Tim Cappalli, Network Engineer LTS | Brandeis University x67149 | (617) 701-7149 cappa...@brandeis.edu<mailto:cappa...@brandeis.edu> On Nov 15, 2013 10:42 AM, "Johnson, Neil M" <neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu>> wrote: Here is what we ended up doing. Quoted from our Enterprise Client Team e-mail….. We have had some reported issues with the Eduroam single sign on GPO. The GPO, called _PUBLIC-Eduroam Wireless Config, allows laptops to connect to Eduroam before logon as long as the UPN is used as the username – haw...@uiowa.edu<mailto:haw...@uiowa.edu>. The issue occurs after the computer connects and logs in fine. Then while it is being used it disconnects from Eduroam and never reconnects. It tries to reconnect with iowa\HawkID, which causes the failure. I have created a fix for this by adding a second wireless profile to the GPO called Eduroam Reconnect. The original profile is still there, so single sign on works as expected. If during regular use the machine disconnects from Eduroam and fails to reconnect, it falls back to Eduroam Reconnect which prompts for a user ID. This allows the user to type haw...@uiowa.edu<mailto:haw...@uiowa.edu> and reconnect to the Wireless network again. If they are disconnected again, it will reconnect using this profile without prompting. We have this implemented in a few places around campus, and I’d like to add it to the public GPO. Let me know if you have any issues or concerns. Otherwise, I’ll make the change at the end of the day. It's not elegant, but it does work… -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: +1 319 384-0938<tel:+13193840938> Fax: +1 319 335-2951<tel:+13193352951> E-Mail: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu> Lync: neil-john...@uiowa.edu From: Walter Reynolds <wa...@umich.edu<mailto:wa...@umich.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Thursday, November 14, 2013 10:25 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] Force Windows to send UPN I would be interested in the answer as well. ------------------------ Walter Reynolds Principal Systems Security Development Engineer Information and Technology Services University of Michigan (734) 615-9438<tel:%28734%29%20615-9438> On Thu, Nov 14, 2013 at 10:01 AM, Tim Cappalli <cappa...@brandeis.edu<mailto:cappa...@brandeis.edu>> wrote: Morning, Does anyone know of a way to force Windows to pass credentials in the UPN format instead of NETBIOS when using the “Automatically use Windows credentials” option for user authentication? Is there a group policy option to disable legacy NETBIOS use for authentication? For example, my user account: NETBIOS: USERS\cappalli UPN: cappa...@brandeis.edu<mailto:cappa...@brandeis.edu> Thanks for the help Tim Tim Cappalli, Network Engineer LTS | Brandeis University x67149 | (617) 701-7149<tel:%28617%29%20701-7149> cappa...@brandeis.edu<mailto:cappa...@brandeis.edu> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
