Enable eDirectory login when 802.1x server is not available

  • 7024698
  • 23-Jun-2020
  • 24-Jun-2020

Environment

Client for Open Enterprise Server 2 SP5
802.1x authentication

Situation

After successfully establishing an 802.1x login configuration, the administrator wants users to be able to authenticate to eDirectory even when the 802.x authentication (RADIUS) server is not available. The network switches are configured to allow full access when the 802.1x server is unavailable.  In this case, the "Computer Only" (Active Directory) login works, but Client for OES throws the error:

NCLOGINUI
802.1x Authentication failed.  Timeout waiting for authentication to finish.  Network Login not attempted.

Resolution

To adjust the 802.1x authentication timeout, open Regedit.exe and set a DWORD named "AuthTimeout" under [HKEY_LOCAL_MACHINE\Software\Novell\NovEAP]. This defines, in seconds, the timeout used during the eDirectory login.

Another registry setting, "DisableAuthenticationFailurePrompts", if defined as a DWORD value of 0x1 under [HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\Tab Settings\EAP] will suppress the all 802.1x authentication failure messages, regardless of the reason for the failure.

Additional Information

There is also an 802.1x authentication attempt in the "Computer Only Logon" case, but it has a hard-coded and shorter default timeout, independent of the eDirectory login case.  This prevents an undue delay in the "Computer Only Logon" case when Windows itself can perform a cached domain login, and doesn't require network connectivity "immediately," as in the eDirectory login case.