Windows 7 prompting several times

classic Classic list List threaded Threaded
43 messages Options
123
| Threaded
Open this post in threaded view
|

Windows 7 prompting several times

Morris, Andi

Hi all,

Apologies for being slightly off topic.

Does anyone else get a problem with Windows 7 clients prompting for the radius credentials 2 or 3 times before finally accepting them?  No errors are shown on the radius side, and I’ve read that this is a problem with the operating system, but wondered whether anyone in this knowledgeable community had overcome this?

 

Cheers,

Andi



From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

A.L.M.Buxey
Hi,

>    Does anyone else get a problem with Windows 7 clients prompting for the
>    radius credentials 2 or 3 times before finally accepting them?  No errors
>    are shown on the radius side, and I’ve read that this is a problem with
>    the operating system, but wondered whether anyone in this knowledgeable
>    community had overcome this?

have you tried the pre-caching option where you can provide the details in advance?
(windows 7 options in advanced EAP settings)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

Phil Mayers
In reply to this post by Morris, Andi
On 05/03/12 16:16, Morris, Andi wrote:
> Hi all,
>
> Apologies for being slightly off topic.
>
> Does anyone else get a problem with Windows 7 clients prompting for the
> radius credentials 2 or 3 times before finally accepting them? No errors
> are shown on the radius side, and I’ve read that this is a problem with
> the operating system, but wondered whether anyone in this knowledgeable
> community had overcome this?

We don't see that, and I've never heard that explanation.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

A.L.M.Buxey
Hi,

> On 05/03/12 16:16, Morris, Andi wrote:
> > Hi all,
> >
> > Apologies for being slightly off topic.
> >
> > Does anyone else get a problem with Windows 7 clients prompting for the
> > radius credentials 2 or 3 times before finally accepting them? No errors
> > are shown on the radius side, and I’ve read that this is a problem with
> > the operating system, but wondered whether anyone in this knowledgeable
> > community had overcome this?
>
> We don't see that, and I've never heard that explanation.

wait until you're running windows 8 - where you'll be flicking backwards
and forwards between the new 'metro' interface and the real win7 interface
that still lurks underneath doing all the real things (in some form of 'not
really in the right place limbo' with far too many clicks/swipes)....until you finally
give up on whether credentials work or not and cower in a corner crying yourself
to sleep wishing things just worked like they used to and why cant you just
have an ethernet cable ;-)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

David Mitton
In reply to this post by A.L.M.Buxey
I've seen such things if the authentication takes an extraordinary  
length of time.  Windows EAP client expects a round trip on the order  
of 30 seconds (or 60, ummm my memory is already fading...)  and if EAP  
doesn't come back in that time, could abort the authentication.  
Typically another will start right away.
This can be exacerbated by Cisco APs that use the Session-Timeout  
value to kill the session rather than retransmit.

The orginal response will often be accepted when it arrives late.

Their is a caching option in the supplicant (Remember my credentials  
checkbox  something like that) that can make some of this transparent.

Why do I know?  My SecurID EAP client had to stand on it's head and  
dance around these constraints.

Dave. (not there anymore)


Quoting Alan Buxey <[hidden email]>:

> Hi,
>
>>    Does anyone else get a problem with Windows 7 clients prompting for the
>>    radius credentials 2 or 3 times before finally accepting them?  No errors
>>    are shown on the radius side, and I’ve read that this is a problem with
>>    the operating system, but wondered whether anyone in this knowledgeable
>>    community had overcome this?
>
> have you tried the pre-caching option where you can provide the  
> details in advance?
> (windows 7 options in advanced EAP settings)
>
> alan
> -
> List info/subscribe/unsubscribe? See  
> http://www.freeradius.org/list/users.html
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

Francois Gaudreault
In reply to this post by Morris, Andi
Hi Andi,

I did see the behavior, and it appears to be a bug with the windows
supplicant.  Apparently, the credentials are not even passed to the EAP
module to initiate the session with the NAS...

We do not have any kind of contact at Microsoft to open a bug, so I
believe you are stuck with those issues :S

On 12-03-05 11:16 AM, Morris, Andi wrote:

> Hi all,
>
> Apologies for being slightly off topic.
>
> Does anyone else get a problem with Windows 7 clients prompting for the
> radius credentials 2 or 3 times before finally accepting them? No errors
> are shown on the radius side, and I’ve read that this is a problem with
> the operating system, but wondered whether anyone in this knowledgeable
> community had overcome this?
>
> Cheers,
>
> Andi
>
> ------------------------------------------------------------------------
>
>  >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan
> University. From the 6th December 2011, as part of this change, all
> email addresses which included @uwic.ac.uk have changed to
> @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University
> will now be sent from the new @cardiffmet.ac.uk address. *Please could
> you ensure that all of your contact records and databases are updated to
> reflect this change.* Further information can be found on the website
> here. <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Francois Gaudreault, ing. jr
[hidden email]  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: Windows 7 prompting several times

Aman Arneja
In reply to this post by Morris, Andi
Hi guys
I am from the Microsoft EAP team, and we have not seen this issue. Can
you please send the following logs to me for investigating at
[hidden email]

From an elevated command prompt :

Netsh ras set tr * en
<run scenario>
Netsh ras set tr * di

Also, you can consider me a Microsoft contact for authentication
related issues.

Thanx
Aman Arneja

Sent from my Windows Phone
From: Francois Gaudreault
Sent: 06-Mar-12 3:59 AM
To: [hidden email]
Subject: Re: Windows 7 prompting several times
Hi Andi,

I did see the behavior, and it appears to be a bug with the windows
supplicant.  Apparently, the credentials are not even passed to the EAP
module to initiate the session with the NAS...

We do not have any kind of contact at Microsoft to open a bug, so I
believe you are stuck with those issues :S

On 12-03-05 11:16 AM, Morris, Andi wrote:

> Hi all,
>
> Apologies for being slightly off topic.
>
> Does anyone else get a problem with Windows 7 clients prompting for the
> radius credentials 2 or 3 times before finally accepting them? No errors
> are shown on the radius side, and I’ve read that this is a problem with
> the operating system, but wondered whether anyone in this knowledgeable
> community had overcome this?
>
> Cheers,
>
> Andi
>
> ------------------------------------------------------------------------
>
>  >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan
> University. From the 6th December 2011, as part of this change, all
> email addresses which included @uwic.ac.uk have changed to
> @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University
> will now be sent from the new @cardiffmet.ac.uk address. *Please could
> you ensure that all of your contact records and databases are updated to
> reflect this change.* Further information can be found on the website
> here. <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Francois Gaudreault, ing. jr
[hidden email]  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

Aman Arneja
Sorry, forgot to add, I need the output stored under <Sytemdrive>\Windows\Tracing

On Tue, Mar 6, 2012 at 8:48 AM, Aman Arneja <[hidden email]> wrote:
Hi guys
I am from the Microsoft EAP team, and we have not seen this issue. Can
you please send the following logs to me for investigating at
[hidden email]

From an elevated command prompt :

Netsh ras set tr * en
<run scenario>
Netsh ras set tr * di

Also, you can consider me a Microsoft contact for authentication
related issues.

Thanx
Aman Arneja

Sent from my Windows Phone
From: Francois Gaudreault
Sent: 06-Mar-12 3:59 AM
To: [hidden email]
Subject: Re: Windows 7 prompting several times
Hi Andi,

I did see the behavior, and it appears to be a bug with the windows
supplicant.  Apparently, the credentials are not even passed to the EAP
module to initiate the session with the NAS...

We do not have any kind of contact at Microsoft to open a bug, so I
believe you are stuck with those issues :S

On 12-03-05 11:16 AM, Morris, Andi wrote:
> Hi all,
>
> Apologies for being slightly off topic.
>
> Does anyone else get a problem with Windows 7 clients prompting for the
> radius credentials 2 or 3 times before finally accepting them? No errors
> are shown on the radius side, and I’ve read that this is a problem with
> the operating system, but wondered whether anyone in this knowledgeable
> community had overcome this?
>
> Cheers,
>
> Andi
>
> ------------------------------------------------------------------------
>
>  >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan
> University. From the 6th December 2011, as part of this change, all
> email addresses which included @uwic.ac.uk have changed to
> @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University
> will now be sent from the new @cardiffmet.ac.uk address. *Please could
> you ensure that all of your contact records and databases are updated to
> reflect this change.* Further information can be found on the website
> here. <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Francois Gaudreault, ing. jr
[hidden email]  ::  <a href="tel:%2B1.514.447.4918" value="+15144474918">+1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: Windows 7 prompting several times

Morris, Andi
In reply to this post by Aman Arneja
Thanks Aman, that could be a very big help if you could take a look.  I've emailed you the log files to your Microsoft address.

Francois, it's good to know that you've also seen this issue.

Dave, I am running Cisco switches with dot1x timeouts, I wonder whether this could be causing the issue.  I'll do some testing.

Cheers all, you've been a big help this far.

Cheers,
Andi

-----Original Message-----
From: freeradius-users-bounces+amorris=[hidden email] [mailto:freeradius-users-bounces+amorris=[hidden email]] On Behalf Of Aman Arneja
Sent: 06 March 2012 03:19
To: Francois Gaudreault; [hidden email]
Subject: RE: Windows 7 prompting several times

Hi guys
I am from the Microsoft EAP team, and we have not seen this issue. Can you please send the following logs to me for investigating at [hidden email]

From an elevated command prompt :

Netsh ras set tr * en
<run scenario>
Netsh ras set tr * di

Also, you can consider me a Microsoft contact for authentication related issues.

Thanx
Aman Arneja

Sent from my Windows Phone
From: Francois Gaudreault
Sent: 06-Mar-12 3:59 AM
To: [hidden email]
Subject: Re: Windows 7 prompting several times Hi Andi,

I did see the behavior, and it appears to be a bug with the windows supplicant.  Apparently, the credentials are not even passed to the EAP module to initiate the session with the NAS...

We do not have any kind of contact at Microsoft to open a bug, so I believe you are stuck with those issues :S

On 12-03-05 11:16 AM, Morris, Andi wrote:

> Hi all,
>
> Apologies for being slightly off topic.
>
> Does anyone else get a problem with Windows 7 clients prompting for
> the radius credentials 2 or 3 times before finally accepting them? No
> errors are shown on the radius side, and I’ve read that this is a
> problem with the operating system, but wondered whether anyone in this
> knowledgeable community had overcome this?
>
> Cheers,
>
> Andi
>
> ----------------------------------------------------------------------
> --
>
>  >From 1st November 2011 UWIC changed its title to Cardiff
> Metropolitan University. From the 6th December 2011, as part of this
> change, all email addresses which included @uwic.ac.uk have changed to
> @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan
> University will now be sent from the new @cardiffmet.ac.uk address.
> *Please could you ensure that all of your contact records and
> databases are updated to reflect this change.* Further information can
> be found on the website here.
> <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


--
Francois Gaudreault, ing. jr
[hidden email]  ::  +1.514.447.4918 (x130) ::  www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
________________________________

From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

Matthew Newton
In reply to this post by Phil Mayers
On Mon, Mar 05, 2012 at 05:36:24PM +0000, Phil Mayers wrote:
> On 05/03/12 16:16, Morris, Andi wrote:
> >Does anyone else get a problem with Windows 7 clients prompting for the
> >radius credentials 2 or 3 times before finally accepting them? No errors
> >are shown on the radius side, and I’ve read that this is a problem with
> >the operating system, but wondered whether anyone in this knowledgeable
> >community had overcome this?
>
> We don't see that, and I've never heard that explanation.

I've seen it here as well. It seems a lot worse (no hard evidence
though) on XP, and also on Vista. Have seen it on 7, but less
often. Still haven't managed to work out what's causing it. I
think for XP (sp3) it's just ancient wireless support as we see
other wireless problems using that. Apart from that it could be
either Windows or the Cisco network kit. It could be clients with
a weak wireless signal, but I've also seen it sitting close within
the range of several APs.

I don't believe there are any problems with FreeRADIUS at all.

Caching passwords gets around the problem generally speaking, but
we try not to encourage that for obvious reasons (except that 99%
of phones/handhelds do it anyway, so may be less of a reason to
worry about it now). It would be nice if Windows cached the
credentials long enough to type them in again two seconds later,
though, although I'm not sure it's because it thinks the password
is wrong, or because something failed. We've not managed to get
anything useful out of any windows trace files, that we could see.
Unfortunately it's not easily repeatable.

Matthew


--
Matthew Newton, Ph.D. <[hidden email]>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <[hidden email]>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

Matthew Newton
In reply to this post by Morris, Andi
On Tue, Mar 06, 2012 at 02:22:04PM +0000, Morris, Andi wrote:
> Dave, I am running Cisco switches with dot1x timeouts, I wonder
> whether this could be causing the issue.  I'll do some testing.

Turn off "Excessive 802.1X Authentication Failures" if you've got
such a thing and it's enabled. We had it on, and if the first
login had a bad password, the user would be locked out until they
waited a minute or so to drop out of the client exclusion table.

It's supposed to be three bad login attempts, but watching the
client debug logs showed it tripping after just one due to the
number of challenges/responses etc - I forget the exact details
now. Maybe Windows did automatically retry a couple of times,
which tripped it up.

(This is Cisco wireless LAN controllers - switches may be
similar.)

We still see it with this off (see in other e-mail) but much less
often.

Matthew


--
Matthew Newton, Ph.D. <[hidden email]>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <[hidden email]>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: Windows 7 prompting several times

Morris, Andi
In reply to this post by Matthew Newton
I'm currently testing this on a wired network, so signal definitely isn't the issue.

I also don't think that this is an issue with freeradius, but I figured this mailing list would be full of people who may have seen this before and have resolved it.

Andi

-----Original Message-----
From: freeradius-users-bounces+amorris=[hidden email] [mailto:freeradius-users-bounces+amorris=[hidden email]] On Behalf Of Matthew Newton
Sent: 06 March 2012 14:29
To: FreeRadius users mailing list
Subject: Re: Windows 7 prompting several times

On Mon, Mar 05, 2012 at 05:36:24PM +0000, Phil Mayers wrote:
> On 05/03/12 16:16, Morris, Andi wrote:
> >Does anyone else get a problem with Windows 7 clients prompting for
> >the radius credentials 2 or 3 times before finally accepting them? No
> >errors are shown on the radius side, and I’ve read that this is a
> >problem with the operating system, but wondered whether anyone in
> >this knowledgeable community had overcome this?
>
> We don't see that, and I've never heard that explanation.

I've seen it here as well. It seems a lot worse (no hard evidence
though) on XP, and also on Vista. Have seen it on 7, but less often. Still haven't managed to work out what's causing it. I think for XP (sp3) it's just ancient wireless support as we see other wireless problems using that. Apart from that it could be either Windows or the Cisco network kit. It could be clients with a weak wireless signal, but I've also seen it sitting close within the range of several APs.

I don't believe there are any problems with FreeRADIUS at all.

Caching passwords gets around the problem generally speaking, but we try not to encourage that for obvious reasons (except that 99% of phones/handhelds do it anyway, so may be less of a reason to worry about it now). It would be nice if Windows cached the credentials long enough to type them in again two seconds later, though, although I'm not sure it's because it thinks the password is wrong, or because something failed. We've not managed to get anything useful out of any windows trace files, that we could see.
Unfortunately it's not easily repeatable.

Matthew


--
Matthew Newton, Ph.D. <[hidden email]>

Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <[hidden email]>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
________________________________

From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

Ricardo89
In reply to this post by Morris, Andi
Hi,
I am Ricardo and i am also having the same problem.
Is there any solution for this problem?

Best Regards
Ricardo
| Threaded
Open this post in threaded view
|

RE: Windows 7 prompting several times

Morris, Andi
Hi Ricardo,
I am still yet to find a solution, however I have sent logs to Microsoft as they requested and they suggested that the problem was with the Cisco switch asking for the credentials several times, rather than it being the Windows supplicant, or freeradius being the problem.

Are you using Cisco hardware by any chance?

Cheers,
Andi

-----Original Message-----
From: freeradius-users-bounces+amorris=[hidden email] [mailto:freeradius-users-bounces+amorris=[hidden email]] On Behalf Of Ricardo89
Sent: 29 March 2012 10:49
To: [hidden email]
Subject: Re: Windows 7 prompting several times

Hi,
I am Ricardo and i am also having the same problem.
Is there any solution for this problem?

Best Regards
Ricardo

--
View this message in context: http://freeradius.1045715.n5.nabble.com/Windows-7-prompting-several-times-tp5538046p5603214.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
________________________________

From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

Ricardo89
In reply to this post by Morris, Andi
Hi Andy,
and thanks for your early reply.
Our wireless infrastructure is 3com. When we noticed this issue, and to discard the possibility of being a problem of the hardware, we tested with a Linksys/cisco wireless access point and the issue persisted.
In order to understand the problem, we installed a windows server 2003 and the internet authentication server to test if the problem would be from the freeradius. Then we discovered that must be some kind of difference between the messages exchanged between a windows supplicant and a freeradius server and a windows supplicant and a windows server 2003 running the internet authentication server, because in the first case, when the password was wrong the windows supplicant don't show us a message saying that the password was wrong, simple asks for entering the password again and again. In the second using the windows 2003 server and the internet authentication server, when a wrong password was entered, the supplicant show a message stating that the password was wrong.
Then we configured the internet authentication server to act as proxy, in order to redirect the all the requests to our Linux freeradius server, and the issue persisted. Then
we decided to set up our windows server 2003 and internet authentication server to work as radius server and until now the issue seems to disappear.
With these tests, it seems that messages exchanged between a windows supplicant and Linux radius server and windows supplicant and windows 2003 with the internet authentication server are different in some kind, and we like to understand why in the case of a Linux radius server the user must enter the credentials more than one time.
Best regards
Ricardo
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

A.L.M.Buxey
Hi,

> freeradius. Then we discovered that must be some kind of difference between
> the messages exchanged between a windows supplicant and a freeradius server
> and a windows supplicant and a windows server 2003 running the internet
> authentication server, because in the first case, when the password was
> wrong the windows supplicant don't show us a message saying that the
> password was wrong, simple asks for entering the password again and again.
> In the second using the windows 2003 server and the internet authentication
> server, when a wrong password was entered, the supplicant show a message
> stating that the password was wrong.

well, configure your FreeRADIUS to send the 'your passwords was wrong, retry'
message.....this is on by default in Windows servers as its Microsoft stuff.

you will need to look at the bottom of eap.conf and bottom of mschap module


the FreeRADIUS server does what you tell it to do


oh, you'll need to be running FR 2.1.11 or higher


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

Ricardo89
In reply to this post by Morris, Andi
Hi Alan,
thanks for your reply.
We are running freeradius 2.1.10, and therefore we need to update our radius version that we will gladly do.  Will this update solve the initial issue of sometimes, a user needs to enter his credentials more than one time before the server accepted them?

Best Regards
Ricardo
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

A.L.M.Buxey
Hi,

> We are running freeradius 2.1.10, and therefore we need to update our radius
> version that we will gladly do.  Will this update solve the initial issue of
> sometimes, a user needs to enter his credentials more than one time before
> the server accepted them?

<shrug> I dont know your setup...i dont know what auth you are doing,
what your default EAP method is etc.  it works here - we've been running
802.1X in production with FreeRADIUS since a long long time.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

Ricardo89
In reply to this post by Morris, Andi
Hi Alan,
thanks for your reply.
Until so far, seems like the update for the last version reduce the number of occurrences of the problem which is that sometimes users in windows 7 entered their correct credentials, but that credentials doesn’t reached the server, therefore the user was asked to entered again and again their credentials, normally at third time the credentials reached the freeradius server, but in some cases neither the tenth time the credentials reach the server.
During the rest of day and tomorrow I and my team will conduct more tests to check if the problem is finally resolved.
I like to thank you and Andi for the help that you gave me.



Best Regards
Ricardo Cardoso
| Threaded
Open this post in threaded view
|

Re: Windows 7 prompting several times

Ricardo89
In reply to this post by Morris, Andi
Hi again Alan.
For the record my authentication mechanism is Ldap and the EAP type is EAP-PEAP with MSCHAP v2.

Best regards
Ricardo Cardoso
123