>The first was that even using username@domain, the Windows client still passed >netbiosdomain\user to the RADIUS server.
By default, Windows will set "Automatically use my Windows logon name and password" for PEAP connections, that is why you see netbiosdomain\user is passed to RADIUS server. If you uncheck this option and make sure to use user authentication, it should use username@domain then. Dennis Xu, MASc, CCIE #13056 Analyst 3, Network Infrastructure Computing and Communications Services(CCS) University of Guelph 519-824-4120 Ext 56217 d...@uoguelph.ca www.uoguelph.ca/ccs ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Jonathan Miller <jmill...@fandm.edu> Sent: Friday, November 4, 2016 8:40:56 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.1x (eduroam) Win10 - no prompt for new password after credential change Thanks for the replies. We've run into 2 issues with using username@domain for login. The first was that even using username@domain, the Windows client still passed netbiosdomain\user to the RADIUS server. It's my assumption that this would not work for remote users. The second issue that we hit is our own problem - our Windows domain is named fandm.dom, while our public domain is fandm.edu<http://fandm.edu>, so we can't authenticate to the computer using usern...@fandm.edu<mailto:usern...@fandm.edu>. Our systems guys are currently working on a migration, but that isn't due to be complete for some time. Jonathan Miller Network Analyst Franklin and Marshall College On Fri, Nov 4, 2016 at 7:47 AM, Osborne, Bruce W (Network Operations) <bosbo...@liberty.edu<mailto:bosbo...@liberty.edu>> wrote: I may be wrong, but wouldn't the proper solution be to use the full "username@domain" for login as Microsoft recommended when AD was introduced? You could then have the network caching turned off. We do not use EDUROAM but only use the network caching for non-domain (usually student owned) computers. Bruce Osborne Wireless Engineer IT Network Operations - Wireless (434) 592-4229<tel:%28434%29%20592-4229> LIBERTY UNIVERSITY Training Champions for Christ since 1971 -----Original Message----- From: Harald Terkelsen [mailto:harald.terkel...@hioa.no<mailto:harald.terkel...@hioa.no>] Sent: Thursday, November 3, 2016 10:50 AM Subject: Re: 802.1x (eduroam) Win10 - no prompt for new password after credential change On 11/01/2016 06:25 PM, Jonathan Miller wrote: > We are running into an issue where we have settings for eduroam pushed > out via GPO (which cert authority is good, user auth only, and a few > other settings). The problem that we are running into is that if we > check the 'cache credentials' option in the GPO, Win10 won't prompt > the user for their new password after a password change. Win7 and 8 > will both pop up and ask the user to re-enter their username and > password, it's just Win10 that won't. > > Has anybody else run into this? Yes: https://social.technet.microsoft.com/Forums/en-US/edabb0f1-7dda-4517-9af2-39dedeb7726d/update-user-credentials-on-a-wlan-profile-with-8021x-coming-from-gpo?forum=win10itpronetworking Our workaround is to install a script on the PC which deletes the registry key containing the cached credential when run. Harald Terkelsen Oslo and Akershus University College of Applied Sciences ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
