Thanks for the replies. We've run into 2 issues with using username@domain for login. The first was that even using username@domain, the Windows client still passed netbiosdomain\user to the RADIUS server. It's my assumption that this would not work for remote users. The second issue that we hit is our own problem - our Windows domain is named fandm.dom, while our public domain is fandm.edu, so we can't authenticate to the computer using [email protected]. Our systems guys are currently working on a migration, but that isn't due to be complete for some time.
Jonathan Miller Network Analyst Franklin and Marshall College On Fri, Nov 4, 2016 at 7:47 AM, Osborne, Bruce W (Network Operations) < [email protected]> wrote: > I may be wrong, but wouldn't the proper solution be to use the full > "username@domain" for login as Microsoft recommended when AD was > introduced? You could then have the network caching turned off. > > We do not use EDUROAM but only use the network caching for non-domain > (usually student owned) computers. > > > Bruce Osborne > Wireless Engineer > IT Network Operations - Wireless > (434) 592-4229 > > LIBERTY UNIVERSITY > Training Champions for Christ since 1971 > > -----Original Message----- > From: Harald Terkelsen [mailto:[email protected]] > Sent: Thursday, November 3, 2016 10:50 AM > Subject: Re: 802.1x (eduroam) Win10 - no prompt for new password after > credential change > > On 11/01/2016 06:25 PM, Jonathan Miller wrote: > > We are running into an issue where we have settings for eduroam pushed > > out via GPO (which cert authority is good, user auth only, and a few > > other settings). The problem that we are running into is that if we > > check the 'cache credentials' option in the GPO, Win10 won't prompt > > the user for their new password after a password change. Win7 and 8 > > will both pop up and ask the user to re-enter their username and > > password, it's just Win10 that won't. > > > > Has anybody else run into this? > > Yes: > > https://social.technet.microsoft.com/Forums/en-US/edabb0f1-7dda-4517-9af2- > 39dedeb7726d/update-user-credentials-on-a-wlan-profile- > with-8021x-coming-from-gpo?forum=win10itpronetworking > > Our workaround is to install a script on the PC which deletes the registry > key containing the cached credential when run. > > > Harald Terkelsen > Oslo and Akershus University College of Applied Sciences > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
