Wireless username/password being cached?

[jlazzaro]

We have wireless setup here (actually, im testing it)...WPA with AES encryption, PEAP with MSCHAP v2 going through a radius server. My boss didnt want for a client to authenticate using there current credentials, he wanted them to type in their username/password/domain everytime they want to authenticate through the wireless.

I have "Authenticate as computer when computer info is avaliable" under Wireless Authentication and "Automatically use my Windows logon name and password" in MSCHAPv2 properties both UNCHECKED. When I go to authenticate at first, it asks for my username/password/domain fine and I authenticate and connect to the AP.

If I disconnect and reconnect, it doesnt ask me for my credentials and uses the ones I typed in previously. If i log off and log back on and attempt to connect again, it still uses the credentials I did the first time I authenticated. Is there a way to force this issue and make it not use the username/password I did he first time? This is an obvious security issue as someone can logon to an domain account that isnt theirs without entering any credentials. TIA!

 

[Woodie]

Originally posted by: jlazzaro
This is an obvious security issue as someone can logon to an domain account that isnt theirs without entering any credentials. TIA!

No it's not an obvious issue. You have to logon as a domain account...which requires knowledge of an ID and password.

If you change the domain password, then disconnect, then log on again and try to connect, it should prompt you at that point, since the connection should have failed.

What I think would work best would be to turn ON the checkbox for "Automatically use my Windows Logon...". That way the second user won't use the WLAN credentials that the first user put in. (assuming you're sharing clients). However, the user won't be prompted when accessing the WLAN, just when they log on to Windows.

How are they going to log on to the machine for the first time? Will it be wired at that point?

Why is there a requirement to re-authenticate the user when they connect to the WLAN? Do you not trust Windows Auth? (wait...you're using that for the WLAN back end). Is the WLAN providing access to a more restrictive set of resources?

Just trying to understand the concerns that management has, so we can help you allay those fears.

IME, people want the network access thing to be completely seamless, and almost invisible to the majority of end-users.