1

I have setup an NPS Server (Windows Server 2016) which uses RADIUS to allow my users to authenticate against AD for their Wireless Connections.

When I disable an account in AD, NPS will not allow the user to authenticate and the connection fails. However, if I disable an AD account after the user has authenticated and connected, the connection persists until the client disconnects and re-negotiates.

I have checked in NPS settings, Google searches return generic/non-related results, etc...

Is there a way to drop the 802.1x connection when the account has been deleted?

Thank you for any help you can provide!

kccoers
  • 31
  • 3
  • Most likely you will need to send a message to your wireless controller to tell them to drop the session for the user. What APs are you using? – Mark Henderson May 02 '17 at 21:00
  • We are using Unifi's. We just came to the conclusion (after some more research) that RADIUS doesn't control connections, so we will just reboot the access point when we disable someones account. (Not too many wireless users right now so we aren't worried about everyones connection dropping) – kccoers May 02 '17 at 21:27
  • @kccoers In the unifi controller, you *can* kick a user off of an AP, which will force the re-auth process. No need to reboot the whole AP. – EEAA May 02 '17 at 22:13
  • @EEAA That is the same conclusion we just came to. – kccoers May 02 '17 at 23:33

1 Answers1

2

RADIUS doesn't control the functionality we were looking for.

We are, instead, going to use our UniFi controller to kick off users if they are disabled or deleted.

kccoers
  • 31
  • 3