We have a solution 'A' that is working very well but the login times are
about 2 minutes. Performance tests being done are to simply LogOff and let
workstation's autologin bring us back to the desktop. These times are
always 2 minutes 5 seconds to be precise.

If I do this test using a wired connection (with no 802.1x of course), the
LofOff takes 10 seconds.

We're looking at a 2 minute delay because of Wireless/802.1x. !

My question is simply, does anyone have suggestions on how to improve this
login time?

Solution 'A' we use:
-> Windows XP SP3 using Novell Client 4.91 SP4.
-> Authentication is done using 802.1x with WPA1/AES on a Cisco wireless
(Cisco APs managed using 4400 Series wireless LAN controllers)
-> RADIUS server is FreeRADIUS connected to our eDirectory
-> Workstation is setup in dual-NOS (as we call it) and logs into eDirectory
and A.D. simultaneously.
(Side note: ID synchronization between eDir. and AD is done using Novell's
IDM. ID data only flows from eDir to AD, except for Password data which is

Solution 'B' takes 1 min 10 seconds on a LogOff:
-> Windows XP SP2 with various patches.
-> 802.1x authentication is done using Cisco supplicant instead of Microsoft
supplicant with Novell's 802.1x
-> These workstations are setup with a Novell login bounce solution (as I
call it), where the workstations authenticate to WLAN using Cisco supplicant
(802.1x/WPA2/AES), once layer 3 network is up (using some scripting),
workstation automatically logs off to then auto-login to eDirectory. I have
17 wireless computers setup this way and used by nursing staff with good
-> This solution was used because we did not have success with Novell's
802.1x client at the time and needed to have Novell login cleanly to be able
to push our application objects using ZENworks.

My goal is to move away from this "login bounce solution" as it's simply not
ideal. I would think that login time with 'A' should be better than 'B' but
they are not. I believe one post indicated that because Novell uses the
Microsoft supplicant, authentication via RADIUS is actually done twice,
which might explain my better login time with solution 'B'. With 'B' the
RADIUS authentication is done only once using Cisco supplicant.

I will likely stick with 'A', even if I can't get improved login times
simply because it's easier for our desktop support staff.

Any suggestions are appreciated.