Hi all, I’ve got an issue in my company that it’s now some months that is happening to many windows users.

Basically the user change the windows password due to a policy that require every 3 months to change it (I know not ideal, but still) , the user then works fine under wifi for 1-4 hours and then he gets kicked out from the network.

The network is a visible SSID with WPA2-Enterprise security (AES ecncryption) and the authentication method is PEAP using the saved login information (from AD).

Here some test I did for troubleshooting:

1st Test: Normal password change from windows: ctrl alt canc, change pw: All good, no disconnection at all -> user is good to work

2nd Test: We force-reset a new password on the PC -> The users stays connected to wifi even after 15 minutes from the reset, this means that the wireless network kept an “old token” as valid even tho the windows password changed. We manually disconnect from the network (turn off wifi) and reconnect -> doesn’t work We reboot the PC which still logs in with the OLD password -> We try to connect to wifi (without using the new pw) -> KO We connect ethernet cable, we receive the message that the domain has a different pw than the PC -> lock PC -> Unlock with new password -> Wifi still doesn’t work -> Reboot, login to pc with new Password -> wireless works

NOTE: We suspect that this “old token” is not renewed for a while sometimes, that’s why the user, even with an old pw, can still connect and work normally.

  • @PeroBastaOP
    link
    English
    15 months ago

    The tech in charge of the radius said that there is no memory of logged user. Radius server check with AD every time someone authenticates. Is this possible?