Smart Card

[Mark Pfeifer]

I am having a problem with Windows XP and A Windows Smart Card.

I have Windows 2003 Server with Active Directory. The Smart Card was
created from the user settings in AD. So my user name is name@domain and
that is what is placed on the card.

When I use the card connected to the domain all is well. However, when I am
using the machine off the network, the user id of name@domain can not be
validated. However, if I use name, password and set the domain, I can log
into the machine.

Any ideas on how I should set up the card to avoid the name@domain user id
and something more like domain/user?

Thanks,
Mark

p.s. sorry for the cross-post, I did not know which security group was best.

 

[Dave Taylor]

Mark, can you login without using your token when off the network (using
(e-mail address removed)) ?

Are your crl's published to active directory ? (If they're only published
to http sites, are they accessible when you are off-line)

 

[Shawn Corey [MSFT]]

This sounds like cached credentials are playing a part in this. Have you
tried logging on to a machine that has been offline for more than 8 hours?
You shouldn't be able to with domain creds. If you take out the name@domain
from the smartcard you could get some unexpected results or the smartcard
won't let you login with it.

 

[Mark Pfeifer]

Are you saying that if I travel with the laptop, I will be unable to login
via the domain account on the local machine?

Thanks,
Mark