Problem trying to force password change through PEAP

Hi, I recently setup a wireless network for a client, but left with one issue that I cannot seem to resolve. Hardware is a Cisco 2100 WCS controller with several compatible Cisco AP's. Hardware configured for PEAP / WPA / WPA2 / TKIP / AES combinations. They authenticate through Windows IAS and authenticate against Active Directory (2003). IAS is configured to authenticate only wireless clients, and only specifiy AD groups. Clients are configured using PEAP / MSChapv2. Not configured to validate server certificates. All use Windows wireless Zero configuration utility. The problem is that the client gives their users a standard password which they are expected to change at first login. In other words, the user's account in AD is set to force a password change the first time they log into the wireless network. Now I know this works, because it works in my lab without long as you configure PEAP to allow the client to change their password. But in production, it only works sometimes. The problem occurs accross different laptop other words, I can't pin it down to either an IBM or Dell, or any specific kind of client wireless hardware. When it does't work, users are prompted 3 times for their change their password, but it doesn't work and then their authentication attempt start sover from the beginning. Note that when this policy is not enbaled (force passwor change), then all notebooks authenticate without's only when we try to force a password change through the client's AD account. I tried applying several microsoft patches (to help with 3rd party radius timing issues) to the clients, but so far no luck. Any advice would be appreciated.

------------------------------------------------------------------------ View this thread:

formatting link

Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.