Home > Ask the Networking Experts > Wireless networking Questions & Answers > NAC solution authentication fix for your wireless network
Ask The Networking Expert: Questions & Answers
EMAIL THIS

NAC solution authentication fix for your wireless network

Lisa Phifer EXPERT RESPONSE FROM: Lisa Phifer

Pose a Question
Other Networking Categories
Meet all Networking Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 20 January 2008

We are testing NAC solutions with our Aruba 802.11a/g wireless APs, using Windows 802.1X supplicants. When the user logs on, the Windows roaming profile download fails when the connection is re-established during transition from Machine authentication to User authentication. Do you know of any workaround for this problem?


>

A Windows roaming profile contains environmental information (like desktop items) associated with an individual who uses multiple computers. Whenever that user logs onto a Windows PC, his or her roaming profile is automatically copied from the domain controller to the local computer to provide a consistent environment.

Microsoft's website describes a roaming profile problem that might be what you're experiencing. Specifically, Windows XP users who authenticate with 802.1X and EAP-TLS or PEAP may intermittently fail to download their roaming profiles. According to knowledge base article 938117:

"This problem occurs because EAP-TLS and PEAP-TLS use a client certificate to validate the network connection. The roaming profiles that contain the certificate are stored on a domain controller. When you try to download the roaming profiles after you restart the computer, Windows XP also tries to re-authenticate the user. User re-authentication times out before you can download the roaming profiles."

Microsoft recommends two workarounds for this problem. Either stick to machine (computer) authentication only, or reduce the size of the roaming profile so that the download completes faster. You can configure either EAP-TLS or PEAP to "authenticate as the computer when computer information is available" by using the Authentication tab on the Wireless Connection's Properties panel.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Wireless networking
Why is my network adapter not working after a Vista Business upgrade?
How many wireless base stations can connect to 802.11g access points?
APs drop connection in WLAN configured as a wireless mesh network
How does Wi-Fi ad-hoc mode react when 802.11n and legacy peers are present?
Can wireless adapters operate as client access points to make SoftAPs?
Will using a VPN protect me against fake wireless hotspots?
WLAN QoS and SLA monitoring with 7/24 Wireless Quality Assurance costs
How can I hide my WLAN's SSID in an Aruba AP-61?
How radio frequency (RF) of microwaves alter wireless signal strength
Stolen laptop recovery using remote access and wireless network SSIDs

Network Access Control
Using NAC for smartphone security on wireless LAN
Network security risks multiply when enterprises begin outsourcing
Dynamic policy ensures faster, safer network for school district
NAC appliance vendors: Can you depend on them?
NAC integration at the endpoint
Extending NAC enforcement to network security devices
Integrating NAC with network security tools
Network access control market crushed by economy, but future is bright
Joel Snyder discusses Network Access Control Day at Interop Las Vegas
Maturing NAC market gets its first Gartner Magic Quadrant

WLAN Security
Where can I find a wire driver that unblocks recognized passwords?
Will using a VPN protect me against fake wireless hotspots?
Fluke gets WLAN design, management, security cred with AirMagnet
Is WPA2 secure enough for a commercial business wireless network?
Health center cut cost securing wireless network edge with Aerohive
Wi-Fi RTLS for WLAN management, location-based security, asset tracking
Wireless LAN performance management and security standards beefed up
How can I hide my WLAN's SSID in an Aruba AP-61?
Wireless LAN security: SonicWall joins crowded WLAN market
Stolen laptop recovery using remote access and wireless network SSIDs

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
network access control  (SearchNetworking.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Expert networking advice and tips for IT professionals
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2000 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts