cancel
Showing results for 
Search instead for 
Did you mean: 

Updated password over wired not updating to wireless

Updated password over wired not updating to wireless

Thomas_Maddox
New Contributor
We have an implemented password policy in our network setup. Users are alerted when their domain passwords are nearing expiration. Users are able to successfully change their password on their desktops by pressing ctr+alt+del. The problem is if they try to login to their laptop using either the new or old password, they are denied. Only way for them to get the password update/change is on a wired connection. I would like behavior to be the same on a wired connection.

This is an Extreme end to end solution. We have Identifi controllers and Extreme NAC's.
5 REPLIES 5

dflouret
Extreme Employee
Thomas,

That post DOES apply to your case.

The problem with expired passwords is that they are no longer valid, and that is exactly your case when the user password has been changed somewhere else. The notebook caches Windows logon information (user/password) and uses that information to log the notebook to 802.1x. But the stored password is the old one and will be rejected by the DC because it is no longer valid.

Check this article about SingleSignOn: https://technet.microsoft.com/en-us/magazine/2007.11.cableguy.aspx

If you have Single Sign On enabled (probably), Windows will log the notebook to the 802.1x protected SSID before asking for Windows user credentials.

23ffde3457b147a4a1a10c8adff3782f_10925-mvkq2t_inline.png



Which credentials will it use depends on whether EAP MSCHAP v2 is configured to use stored Windows logon credentials or not.

23ffde3457b147a4a1a10c8adff3782f_10925-1dabodu_inline.png



If it is configured to use stored Windows logon credentials... guess what? It will use the OLD credentials, because those were the ones used the last time there was a successful login. If you uncheck "Automatically use my Windows logon name...", 802.1x should ask for username/password each time it connects to wireless.

The alternative is to connect the notebook through a wired connection and login with the new password, which will refresh the stored credentials. Or create the "remediation" SSID with no security indicated in
https://community.extremenetworks.com/extreme/topics/reset-expired-password-over-wireless

Thomas_Maddox
New Contributor
Yes I checked it out before posting this question. That post is directed to passwords that have expired. My issue is updating existing valid passwords.

Ronald_Dvorak
Honored Contributor

Thomas_Maddox
New Contributor
Yes you are correct. No 802.1X auth. on the LAN. We only have enough licensing on the NAC's to cover the wireless side. We have MAC auth. on the LAN. Password changes are successful through the WLAN the change is initiated through it first.

GTM-P2G8KFN