We use the Login Window Profile to enable 802.1x wireless authentication before domain authentication. We're in an Active Directory environment using Windows Server 2003 IAS for RADIUS. The problem we run into is when users' passwords expire and they aren't prompted to change their passwords during wireless login because the RADIUS/wireless authentication fails before AD can be contacted. The result is users with cached accounts get in but can't get on the network; users without cached accounts can't log in at all.
Anyone else out there with this issue and any creative solutions?
Yes! We have same situation. Enterprise Wi-Fi in a school.
This only started happening with iOS7. We have NPS with RADIUS auth running on Server 2008R2.
iOS7 doesn't re-prompt for password like iOS6 did. No solution yet though.... other than to re-enroll the device.