Windows 7 slow login / delay authentication question user wireless via ACS 5.8

Just set up a new ACS 5.8 farm (only 2 servers) here and which I hope someone here can shed light on the difficulties.

The new ACS server is set up to correctly authenticate administration network device and I am currently working on the definition of profiles for our wireless users authentication and business laptops.

Being new to this version of ACS (we will migrate manually ACS 4) I followed an excellent example of this task described in a video on this site: http://www.labminutes.com/sec0044_ise_1_1_wireless_dot1x_machine_auth_peap

I managed to have a Windows XP sp3 client authenticate properly, first with the authentication of the computer, then the authentication of users... and the domain logon process takes place in a short period of time< 1min="" and="" the="" user="" gets="" all="" their="" networked="" drives="" via="" the="" domain="" login="">

However, I'm fighting to get our Windows 7 clients to authenticate properly.  It seems that the machine authentication does not work as expected (I can ping the laptop test from another machine on the network while the test machine is sitting at the login screen; and I see Authentication host recorded in the papers of authentication Radius ACS).  But, when a domain user logs in with his credentials, the connection process takes 4-5 minutes before an event to authenticate the user is entered in the register authentication Radius ACS, after which the login process completes, except that the domain logon script does not work and the user does not receive the drive mappings.

Can someone point me in the right direction here?  I would be grateful any entry on this.

Thanks in advance,

John

I had a similar problem with Wireless 802.1 x Win 7 clients unable to connect unless they had cached credentials of the AD.  Authenticate in the machine, but the user would take a lot of time if the Windows credentials have been cached.

I could solve the problem by expanding the ACL of the air space used during the user authentication to include all DC in the environment.

Tags: Cisco Security

Similar Questions

  • Outwardly the user login is authenticated as user Proxy

    Hi Experts,

    I created an externally authenticated user in the database. And can connect without a password with the syntax below.

    SQL > connect / @TESTDB
    Connected.
    SQL > show user;
    The USER is 'SCOTT '.

    That user scott has a power of attorney to an another DBuser PROXY_USER authorization. Previously, I used the syntax to connect to help below.

    connect scott[proxy_user]/password_for_scott@TESTDB

    So now, what syntax should be used for this user "Externally authenticate" log on as a user of proxy?

    Thank you.

    Hello

    Check this link http://www.adp-gmbh.ch/ora/sqlplus/connect.html
    & sub link http://www.adp-gmbh.ch/ora/admin/proxy_users.html

    Thank you

  • Edge of 530 slow wake up and question about wireless relatively to sleep

    Hi, I have a 530 advantage, I got it 2 weeks ago, running on windows 7 64.

    I found that on its quite slow to wake up default settings, I made a change that has been to the wireless card, I checked the allow my system to disable wireless to save energy (so it stays on). This seems to have made an immediate difference and the laptop wakes up now a lot faster.

    The problem now is to have this option checked, when my laptop wakes the without wireless is disabled when he wakes up and will not turn back, I have to turn it on manually. If I leave the power save option checked for the wireless card, that it automatically connect when my laptop wakes.

    Seems a little odd I thought uncheck the option to allow my laptop turn wireless off means he must just stay on, but he seems to have the opposite effect.

    Can someone advise? everything I wanted, it was for my laptop to wake you up more quickly and the wireless is turned on or auto connect after he wakes up.

    Thank you

    James

    I found myself the answer to this question, I found that I had to uncheck the same box in the bluetooth device, it does not work exactly as I wanted to and the wifi connection is more lost once I wake up my laptop

  • I'm currently having a batch file. I need to enable authentication of users can u it... Please tell me how I can run?

    I'm currently having a batch file. I need to enable authentication of users can u it... Please tell me how I can run?

    the in-house batch file calls a few .jar files... the requirement is I need to restrict who uses this batch file.
    I can either store the user name and password in a separate file or...
    Please suggest me... Thanks in advance.

    Hi Alexander,.

    Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please ask your question in the following forum.

    Windows XP IT Pro category

  • AAA authentication question

    Here is the config, I have a switch:

    AAA authentication login default group Ganymede + local

    AAA authentication login vtylogin group Ganymede + local

    AAA authentication login conlogin group Ganymede + activate none

    the AAA authentication enable default Ganymede + activate

    Now, here are my questions:

    1. when I have my login of Ganymede console connection works, but when I type 'enable' and try to use my password to Active Directory, it does not work.  So I try the enable password, don't worry.  However if I change the 4th line "aaa authentication enable the Activate by default", I can now by using the enable password.

    2. my second question is when I SSH into the switch, I want only that it uses the RADIUS server and use only the database local when the Ganymede is not available.  However while Ganymede is available, I am still able to login using the local user account.  I guess that's by design?  Is there a way to prevent this if it isn't design?

    When you use the local user account to connect to the device, can you check if you can see the log in "past the authentication attempt" on the box of the CSA? If so, the same account could you please check your local ACS DB user to see that it was created by a fake?

  • Windows does not allow me to change user

    I created a new user on my pc at the recommendation of Apple Support - to solve a problem of synchronization between my ipod and iTunes. They suggested registration as a new user, synchronization of the ipod in this way, and c. I have followed the instructions, created a new user - but discovered that windows would allow me to return to the administrator, my default login information. Whenever I am trying to connect, there is only one icon to click - the new user - administrator icon is. Would appreciate your help - thanks!

    The original administrator account was not intended to be used for the operation that day and, therefore, it will be hidden once the first user is added.  It's normal.  Impatient, you have a few options...

    (1) you can continue to log on as an administrator.  When the logon screen shows up (with only a single user), you can press Ctrl-Alt-Del twice.  This will bring up a classic logon window where you can enter the administrator user name and password manually.
    (2) you can create another user (profile) with administrator privileges if you wish and migrate your files from the hidden in this new user administrator account.  To do this, the fast is to pretend that your [invisible] Administrator profile is damaged and then follow the instructions in the following article:
    "How to recover damaged Windows XP user profile"
      <>http://support.Microsoft.com/kb/555473 >
    When finished, it will show you two users to the login screen.

    HTH,
    JW

  • I want to share folders on my xp pro sp3 PC. How can I configure it so that a login prompt appears when users connect to it as \\ip\shared... ?

    I want to share folders on my xp pro sp3 PC. How can I configure it so that a login prompt appears when users connect to it as \\ip\shared... ?

    Hi Kelvin,

    You can share a folder on your XP by the listed method: http://support.microsoft.com/kb/304040

    Others have an option to connect to your pc as a guest, to make interactive you will need to click on start-> run, type &-> gpedit.msc

    Navigate to Computer Configuration-> Windows settings-> Security-> Security Option settings. On the right side, look for-> ' access network: model sharing and security for local accounts "-> double click and select-> classic-Local user authenticate.

    Now another pc you can access this computer and you will be asked for the username and password.

    I hope this helps.

  • After upgrading my Windows Vista computer to SP2 double my user account icons.

    Original title: After upgrading my Windows Vista computer to SP2 double my user account icons. I'm not trying to delete one of them, because all of the account will be deleted.  How can I fix it?

    I use a laptop Lenovo Dual 32-bit CPU. My OS is Windows Vista Business.

    Hello
     
    Where it seems double?
     
     
    Method 1:
    Step 1:
     
    If step 1 work, try step 2
     
    Step 2:
    Try to perform the clean boot and check if it helps, here is the link:
    http://support.Microsoft.com/kb/929135
     
    Note: When you're done to diagnose, follow step 7 in the article to start on normal startup.

    Method 2:
     
    If the problem persists, you can uninstall service pack 2, put the computer in start state in minimum mode, and then reinstall Service Pack 2 and see if that helps.
     
    Step 1:
    Perform the system restore and go back to a date when Service pack was not installed on the computer.
     
    Step 2: Put the computer in a clean boot state.
    Note: When you're done to diagnose, follow step 7 in the article to start on normal startup.

    Step 3: Download Windows Vista Service Pack 2 here:
    http://www.Microsoft.com/download/en/details.aspx?ID=16468

  • HP 14-r015tx: Windows 8 slow start welcome screen

    Hello

    I have a HP 14-r015tx running Windows OEM (preinstalled) 8.1 update and update Windows via Windows Update today (08/11/2015).

    I have this problem where whenever I start my PC after Windows loading-black-screen with the HP logo (this approach indirect loading animation), get this screen "Please wait...". "so long as about 4 to 8 minutes until I get my account picture and the name with the 'Welcome' screen and my office appeared. I tried a lot of things:

    -Defragment all my hard drive partitions,

    -Optimize all my partitions of hard disk with the Windows defragmentation tool,

    -Used TuneUp and clean all the junks, defragment the registry clean registry and redefragment my hard drive partitions.

    -Uninstalling most of my games and unused applications (have 36.4 GB of free space on C,)

    -Use cleanmgr and cleaned all the possible junks from there.

    -Updated Windows 8 on a regular basis, and I just updated on 8 August 2015.

    -Looking upward on my hard drive deep and my records and clear on the unused entries.

    -Turn off much, services.msc and start apps services

    -From msconfig, I put a few services, and

    -Updated my BIOS HP PC software.

    I do not understand on this subject. I tried many things and I can't fix this crappy Windows 8.

    In conclusion, my questions are:

    1. How do I fix this shit?

    2. can I I defragment RECOVERY (D [2 GB] partition?) (I think it's the Windows Recovery Partition)

    Thanks in advance.

    Hi @phillmont22900

    Thank you for visiting the HP Forums! A place where you can find solutions for your problems with the help of the community!

    I stumbled upon your post on the laptop and wanted to help you! I looked in your question about your laptop 14-r015tx HP and problems with Windows 8 slow start to the Welcome screen. Here is a link to show you how to address the power of plan options in Windows 8. Attached is a screenshot that shows you how to activate the quick start.

    Taken from the site Winaero.

    I hope this helps.

    Thank you.

  • My computer has always said that my windows vista 2009 is not authentic. What does mean mean

    My computer has always said when I open my windows Vista 2009 is not authentic and also said I should add those. I don't know what to do, can you help me with this kind problem?

    I got a c .d windows 7 but it does not work with my windows vista 2009, and I like windows Vista.Do windos Vista 2010 can run on my computer?

    My computer has always said when I open my windows Vista 2009 is not authentic and also said I should add those. I don't know what to do, can you help me with this kind problem?

    I got a c .d windows 7 but it does not work with my windows vista 2009, and I like windows Vista.Do windos Vista 2010 can run on my computer?

    RE: your Windows Vista is not genuine

    Please take a look at this article/answer given by Keith, the moderator of the forum

    http://answers.Microsoft.com/en-us/Windows/Forum/Windows_7-windows_install/Windows-is-showing-as-not-genuine/cbd43297-0e4d-458C-8487-9168c4cd668d

    There is no such thing as Windows Vista 2009 or 2010 Windows Vista.
    Are you actually referring to Microsoft Office 2009 and 2010?

    In any case...

    1. you should post this question in installation, upgrade, and activate forum

    http://answers.Microsoft.com/en-us/Windows/Forum/windows_vista-windows_install?tab=unanswered

    2. If it will make it easier for you, you can use the forum on French language for your questions

    http://answers.Microsoft.com/fr-FR/Windows/Forum/windows_vista-windows_install?tab=unanswered

  • Administrator log - on: can someone tell me why Windows Vista Premium does not create a user profile ADMINISTRATOR for me by default

    Can someone tell me why Windows Vista Premium does not create a user profile ADMINISTRATOR for me by default, as I am the main user and why he keeps me access to many programs and features in Windows, including installation and view and edit privileges?  How can I set up my profile as ADMINISTRATOR rather than another user profile and get rid of all the other profiles?  Please write to * address email is removed from the privacy * for your answer.

    Steve

    Can someone tell me why Windows Vista Premium does not create a user profile ADMINISTRATOR for me by default, as I am the main user and why he keeps me access to many programs and features in Windows, including installation and view and edit privileges?  How can I set up my profile as ADMINISTRATOR rather than another user profile and get rid of all the other profiles?  Please write toEmail removed privacy for your answer.

    Steve

    Let me soce entry details:

    1. all computers need to have at least one administrator account. It will not work without it.
    It does NOT, however, create a profile For YOU defaultAdmin. It belongs to the user or the owner to create and decide who is Admin, and who is a regular user.
    2. even an admin account will not get to install and change the settings automatically. UAC (user account control) always appears to ask for confirmation of the task by clicking on continue, or by typing the admin password.
    3 be the main user is not to be an administrator. It is up to the user/owner of the computer to be configured as such.
    That said, now my question... How do you know that you're not an admin?

    t-4-2

  • The upgrade to windows 7 will be available for vista users?

    The upgrade to windows 7 will be available for vista users? If it's free what you will that the family premium, pro or ultimate?

    Depending on your edition of vista, there are pre-order options that are very good: http://www.microsoft.com/windows/buy/offers/pre-order.aspx
    Win7 Home premium to win 7 Professional for 99.99 and 49.99

    Cheers.

    * If you think that your question has been answered usefully, please check the response as the response, while others may find it.
    * If you are assisted by a response to another Member of q-n-a, please vote for the thread as helpful.

  • Group Policy to clear the MRU lists and to clear or to prevent the login information of the user for such programs as being registered remote desktop

    Hello

    Please someone can instruct me on how to implement Group Policy to clear the MRU lists and to clear or to prevent the login information of the user for such programs as being registered remote desktop. Your help would be much appreciated.

    Kind regards

    RocknRollTim

    Hi Tim,.

    Please contact Microsoft Community.

    I understand that you want to prevent the user details stored connection and deletes automatically the most recently used (MRU) list. To help you better ask you to answer the following questions:

    Your computer is connected to the domain?

    Please see the configuration group policies section below.

    http://TechNet.Microsoft.com/en-us/library/bb742376.aspx

    If the problem persists, thanks for posting the same question in the Microsoft TechNet forum for assistance.

    https://social.technet.Microsoft.com/forums/en-us/home

    Hope this information helps. Response with status so that we can help you.

  • Microsoft says my Windows 7 key is not authentic, but I know that it is.

    Microsoft says my Windows 7 key is not authentic, but I know that it is. I bought Windows 7 upgrade of a person for $200 and the package seems authentic. I ran diagnostics & it says timeout.

    Hello

    I suggest refer you to the link below and check if it helps.

    Genuine Windows: Frequently asked questions: http://windows.microsoft.com/en-US/windows/help/genuine/faq

    Hope this information is useful.

  • Users wireless with peap authentication problem

    Good afternoon

    I am currently trying to authenticate users wireless using PEAP and an external RADIUS server. The problem is when I try to authenticate that I get this error:

    AAA/AUTHENTIC/PPP: List of selection method "permanent premises.

    Dot11-7-AUTH_FAILED: Station... Failed authentication

    Should not use local authentication, but the aaa server that I set up.

    I looked on the internet but have not found a working solution.

    Does anyone know why it does not work?

    Here is my configuration running:

    Current configuration: 4276 bytes
    !
    ! Last modification of the configuration at 00:45:40 UTC Monday, March 1, 1993
    ! NVRAM config update at 16:38:23 UTC Thursday, July 24, 2014
    ! NVRAM config update at 16:38:23 UTC Thursday, July 24, 2014
    version 15.2
    no service button
    horodateurs service debug datetime msec
    Log service timestamps datetime msec
    encryption password service
    !
    host ap name
    !
    !
    Pulse 9 logging console
    enable secret 5 $1$ QVC3$ dIVAarlXOo52rN3ceZm1k0
    !
    AAA new-model
    !
    !
    AAA rad_eap radius server group
    192.168.2.2 Server ACCT-port auth-port 1812 1813
    !
    AAA rad_mac radius server group
    !
    AAA rad_acct radius server group
    !
    AAA rad_admin radius server group
    !
    AAA server Ganymede group + tac_admin
    !
    AAA rad_pmip radius server group
    !
    RADIUS server AAA dummy group
    !
    AAA authentication login eap_methods group rad_eap
    AAA authentication login mac_methods local
    AAA authorization exec default local
    AAA accounting network acct_methods power group rad_acct
    !
    !
    !
    !
    !
    AAA - the id of the joint session
    no ip Routing
    no ip cef
    !
    !
    !
    dot11 syslog
    !
    ssid dot11 test
    authentication open eap eap_list
    authentication-key wpa version2 management
    Comments-mode
    !
    !
    EAP peap profile
    peap method
    !
    Crypto pki token removal timeout default 0
    !
    ...
    !
    !
    Bridge IRB
    !
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route cache
    !
    encryption ciphers aes - ccm mode
    !
    SSID test
    !
    gain of antenna 0
    STBC
    beamform ofdm
    root of station-role
    Bridge-Group 1
    Bridge-group subscriber-loop-control 1
    Bridge-Group 1 covering-disabled people
    Bridge-Group 1 block-unknown-source
    No source of bridge-Group 1-learning
    unicast bridge-Group 1-floods
    !
    interface Dot11Radio1
    no ip address
    no ip route cache
    Shutdown
    gain of antenna 0
    no block of dfs
    channel SFR
    root of station-role
    Bridge-Group 1
    Bridge-group subscriber-loop-control 1
    Bridge-Group 1 covering-disabled people
    Bridge-Group 1 block-unknown-source
    No source of bridge-Group 1-learning
    unicast bridge-Group 1-floods
    !
    interface GigabitEthernet0
    no ip address
    no ip route cache
    automatic duplex
    automatic speed
    dot1x EAP authenticator
    Bridge-Group 1
    Bridge-Group 1 covering-disabled people
    No source of bridge-Group 1-learning
    !
    interface BVI1
    192.168.3.10 IP address 255.255.255.0
    no ip route cache
    !
    The default gateway IP
    IP forward-Protocol ND
    IP http server
    IP http secure server
    IP http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    radius of the IP source-interface BVI1
    !
    format of server RADIUS attribute 32 include-in-access-req hour
    RADIUS-server host 192.168.2.2 auth-port 1812 acct-port 1813 borders 7 140441081E501F0B7D
    RADIUS vsa server send accounting
    !
    1 channel ip bridge
    !
    !
    !
    Line con 0
    line vty 0 4
    transport of entry all
    !
    end

    Thank you

    I don't have installation autonomous APs before but I think I see the problem. You define a list of authentication , called "eap_methods" but you never call for it in the settings of your SSID. Instead he call you a list named "eap_list" in addition, I think that you might miss one order more. So maybe try this:

     dot11 ssid test authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa version 2 guest-mode

    I hope this helps!

    Thank you for evaluating useful messages!

Maybe you are looking for