Radius for 802.1x; Remote Access and Wireless authentication

Similar Messages

• Will the Apple Digital AV adapter work for the DISH Remote Access app?

  I have a Sling adapter hooked up to my 722K DISH receiver, and the DISH Remote Access app installed on an iPad 2. Great app, btw.
  What I'd like to know is if I'll be able to use this AV adapter to watch my recorded shows on a TV. Hotel room situation, and I would just like a larger screen every once in a while.
  So far, my understanding doing some searches here is that the adapter will work for Netflix, but won't for HBO GO (bummer).
  Since I'll be phasing out Netflix soon anyway, and this adapter isn't going to work for HBO GO content, I am just wondering if it will for the Dish Remote Access app before I bother to buy one.
  If not, is there something that would be a better choice? I did look at the component and composite cables too, but couldn't quite make up my mind.
  Thanks for any input.

  iphone4 dont support mirror so only apps which support the normal tvout will work on iphone4 witht he hdmi out setup

• RV220W - Wrong NAS Port-Type using RADIUS for 802.11

  Hi everyone
  I am attempting to configure the RV220W (Firmware 1.0.6.6) for dot1x authentication over a Windows 2008 based RADIUS Server (using Remote Access Services).
  The RADIUS settings on the RV220W are pointing towards that W2008 Server. The SSID has been set up for "WPA2 Enterprise" Security.
  All the authentication attempts arrive at the server, but they fail to get authenticated because the Cisco RV220W is not transmitting a "NAS Port-Type" and therefore, the RADIUS Server will reject the requests.
  This is what the request from the RV220W looks like on the server:
  And this is a request from a similar Zyxel Router:
  How can I enable the Cisco RV220W to send a NAS Port-Type (19, Wireless 802.11)?
  Thank you for your support!

  The RADIUS server in OS X Server is a standard FreeRADIUS implementation with Apple's own custom GUI frontend for configuring it and which only allows adding AirPort base-stations. In Mountain Lion Server it is even limited to a specific configuration for the AirPort base-station.
  However if you follow the normal command-line instructions and steps for configuring FreeRADIUS then it will be possible to add any type of RADIUS client.
  While as far as I can see by manually configuring the FreeRADIUS server in OS X Server should enable you to do what you want, most people chose to configure Squid to use either a PAM or the LDAP modules for Squid to in this case authenticate directly to Open Directory (which is of course based on LDAP).
  I myself have used a PAM in the past with Squid to successfully configure Squid to authenticate users via Open Directory. I was even able to specific an Open Directory group and only allow members of that group access via the Squid Proxy Server. I then went a bit OTT and set up another open-source tool (which was discontinued and I had to fix to get working) to process the Squid logs and store them in MySQL, and then setup FileMaker Pro to connect to the MySQL database via ODBC to allow producing reports.
  Unfortunately the AFP458 website had a major redesign a while ago and many previous technical articles on it are now hard to find. I had used two articles on that site to guide me through setting up Squid and the PAM on a Mac server. I believe the two articles I used are the ones listed below.
  http://afp548.com/2004/09/08/using-os-x-open-directory-to-authenticate-squid-pro xy-server/
  http://afp548.com/2004/12/13/squid-server-using-ldap-authentication/

• Considerations for 802.1x Port Based and Wi-Fi Certificate Authentication

  Lately, we have been going back and for with the thought of doing certificate authentication for Wi-Fi and Port. We have Server 2012 PKI and CA and it seems fairly straight forward to pump out a certificate to a user and have them authenticate with their
  certificate to a RADIUS/NPS. However, every time I mention our thoughts with consultants or others they seem to cringe saying that they've seen this deployment cripple networks.
  We have almost 50 branch retail locations (with hub-spoke topology - all have VPN tunnels to corporate and also a disaster recovery location) and their internet isn't always super stable and they absolutely need to have network access at all times because
  they are running Point Of Sale. Right now, if their internet fails, they can remain functional because we have the necessary pieces at all locations to keep a Windows network going but I'm afraid that if we force 802.1x certificate authentication for the switch
  ports and Wi-Fi that if their internet goes down, they won't be able to authenticate since the authentication server will be at corporate. I am curious as to how people deal with:
  1. Fail over to a disaster recovery authentication server if Corporate connection goes down
  and:
  2. If internet fails locally and can no longer communicate with any authentication server. Is there some sort of scale-out? It seems complicated since (if I'm not mistaken) it needs access to the CRL to validate certificates and also a Network Policy Server
  for the authentication and so on.
  What we're really trying to accomplish is to prevent people from bringing in a laptop or device with an Ethernet port and removing an existing device and plugging into the port in its place. MAC filtering doesn't seem like a good solution on a large scale,
  nor a super secure option so it seemed like 802.1x certificate seemed to be the most flexible without having to go full NAP/NAC. Anyhow, sorry for the lengthy post and I really appreciate your time in advance!

  Re-authentication could be triggered by the NPS, the switch / AP or the client:
  NPS: There is a bunch of attributes to be configured in the Network Policy that determine the time a machine can remain connected such as Idle Timeout and Session Timeout. (When WEP was still common the session timeout had been used to enforce
  a change of the insecure key.) Otherwise, the machine should remain connected as far as NPS is concerned.
  Switch / AP: Depends on the configuration, e.g. re-authentication has to be triggered if the link went down. If a user plugs a cable or accidentally disable WLAN on his machine when the internet link he will not be able to reconnect.
  Then I have seen some options similar to the NPS options, and switches could have their own session timeouts or be configured for respecting the radius server's setting.
  Client: The term "re-authentication" is also used happens if you have to / want to use both machine and user authentication: When the machine starts up, the machine account is authenticated; when the user logs on the user is authenticated;
  when the user logs off the machine is authenticated again. Per GPO you configure the machines for this kind of re-authentication (the default) or use machine-only or user-only authentication instead.
  It might be a challenge to manage and test these settings if you have to support many different APs / switches and different WLAN devices.
  I would recommend to carefully test it with a pilot group of users.
  Would you have any chance to turn off 802.1x on the switches / APs in case of a major outage? I guess not as you would be able to manage them remotely?

• Certificates to 802.1x LEAP ethernet and wireless clients

  Hello guys, I have just configured a radius server, active directory domain controller and certificate server on one windows 2003 pc. I have generate a self-signed digital certificate and used certificate server to generate a root certificate from it. I have exported it as a 'public key only' and saved it on the desktop of the radius server.
  1) I configure the radius server policy to accept connections from wireless and Ethernet connections using 'PEAP'
  2) And that the user must supply a user name and password from active directory. Before entering the network.
  3) I am planning on using 802.1x port security ( config-if # dot1x port-security auto )on the switch connecting to the pc
  4) i am planning on pointint the switch to server and server to switch. i will also configure the client network cards for PEAP.
  What I don't know is how will the client pc get this certificate that is on my radius server? Do they need to have a copy on their own machines for them to be able to communicate with the server? This is where I am lost
  Thanks

  Certificates are a matter of trust - if an entity trusts the root (your CA) of a user certificate, and the certificate itself has no other problems, then it automatically trusts the certificate. If your RADIUS server and user/machine certificates all came from the same root (your self-signed CA), and you put the root certificate (public key version) in the trusted list, then you are good to go.
  If you are using the Microsoft PKI services on your server (that is also your domain controller), then I'm pretty sure that your windows computers will automatically trust your root once the windows computers have been joined to your domain.
  Also - for PEAP on Windows computers, you can completely disable the client's verification of the (RADIUS) server certificate. It's great for testing, but I recommend deploying with server certificate validation enabled.
  Lastly - if you're building a lab, you may also want to investigate user and computer certificates and EAP-TLS. Windows CA with windows clients makes it very simple to deploy. Macintoshes are a pain, no matter what kind of CA you use.

• Remote access and network services problem

  I have a Mac Pro with two IP configs:
  Ethernet 1: 69.##.##.## /255.255.255.248 [hidden for public forum security]
  Ethernet 2: 10.0.0.20/255.255.255.0
  My primary needs:
  Able to remotely access the Mac via Remote Desktop using the public IP. Local LAN connectivity using 10.##.##.##.
  Setup:
  I have a 10 public IP address from my ISP and using one of the 10 now. Everything pings OK.
  Question:
  How can I customize the network service so that I can select the Ethernet 1 or Ethernet 2 port to use? So far it forces me select Ethernet 1 for all of the services selected. I'd like to use FTP & Web Server & Remote Access on the Ethernet 2 (public). The rest is LAN. I notice that Appletalk is only allowable on a single IP.
  Quick experiment with the Internet sharing using Ethernet 2 (public) to Ethernet 1 failed to provide the desired forwarding result.
  Mac Pro   Mac OS X (10.4.9)  

  I think you need to go further into the settings and define FTP etc. to the specific Ethernet. There are also settings Automatic and where you define your connection. I have a 3 inch book that I will look at to see if they address it. I to plan to do something similar, but haven't got there yet.
  Michael

• How to enable SSL optimization only for a single remote WAE and specific website?

  Hi guys.
  I have to enable SSL optimization for a specifc HTTPS website only and for a specific remote site only (branch office).
  The scenario is as follows:
  Multiple sites connected via a MPLS cloud. Each site has its own WAE device (module or appliance).
  There is a central manager and core WAE in the main site (central site).
  There is a website accessed via HTTPS by all the remote sites. This specific website is hosted within the main site.
  For only a specific branch office (remote site) we want to enable SSL optimization for this specific website.
  I saw this great and useful doc, but I still have some concerns.
  https://supportforums.cisco.com/docs/DOC-16452
  Basically, according to I see, I should do the following if I want to enable SSL optimization with the entire environment:
  - export the certificate and keys;
  - enable secure store in the central manager;
  - In the remote and core WAE, Check "initialize CMS secure store" and "Open CMS Secure Store";
  - In the core WAE, import the CA certificate (upload PEM file);
  - In the core WAE, create the SSL Accelerated Service by:
      --importing the client certificate and the key;
      -- Match interesting traffic;
      -- Put the SSL Acc Service in service;
  - Finally, make sure SSL acceleration is enabled in both remote and core WAE.
  The concerns:
  I only need to enable SSL optimization for a specific location accessing a specific website.
  Should the steps above work fine If I enable the SSL service for this specific website in the core WAE and enabling secure store only in a single remote site (brach office)?
  how will the other remote locations behave?
  Will they access the website normally with no SSL optimization even passing thru the core WAE?
  What about the other SSL sites which have no certificate? They will be treated as normal HTTPS with no optimization, right?
  If the site uses proxy, will any flow be impacted?
  If the steps above do not fit my case, how can I configure SSL optimization for only one remote WAE?
  Thanks in advance.
  importing  the client certificate and key (client.crt and client.key exported from  the Web server - See more at:  https://supportforums.cisco.com/docs/DOC-16452#sthash.3BKz05zU.dpu

  Hi guys.
  I have to enable SSL optimization for a specifc HTTPS website only and for a specific remote site only (branch office).
  The scenario is as follows:
  Multiple sites connected via a MPLS cloud. Each site has its own WAE device (module or appliance).
  There is a central manager and core WAE in the main site (central site).
  There is a website accessed via HTTPS by all the remote sites. This specific website is hosted within the main site.
  For only a specific branch office (remote site) we want to enable SSL optimization for this specific website.
  I saw this great and useful doc, but I still have some concerns.
  https://supportforums.cisco.com/docs/DOC-16452
  Basically, according to I see, I should do the following if I want to enable SSL optimization with the entire environment:
  - export the certificate and keys;
  - enable secure store in the central manager;
  - In the remote and core WAE, Check "initialize CMS secure store" and "Open CMS Secure Store";
  - In the core WAE, import the CA certificate (upload PEM file);
  - In the core WAE, create the SSL Accelerated Service by:
      --importing the client certificate and the key;
      -- Match interesting traffic;
      -- Put the SSL Acc Service in service;
  - Finally, make sure SSL acceleration is enabled in both remote and core WAE.
  The concerns:
  I only need to enable SSL optimization for a specific location accessing a specific website.
  Should the steps above work fine If I enable the SSL service for this specific website in the core WAE and enabling secure store only in a single remote site (brach office)?
  how will the other remote locations behave?
  Will they access the website normally with no SSL optimization even passing thru the core WAE?
  What about the other SSL sites which have no certificate? They will be treated as normal HTTPS with no optimization, right?
  If the site uses proxy, will any flow be impacted?
  If the steps above do not fit my case, how can I configure SSL optimization for only one remote WAE?
  Thanks in advance.
  importing  the client certificate and key (client.crt and client.key exported from  the Web server - See more at:  https://supportforums.cisco.com/docs/DOC-16452#sthash.3BKz05zU.dpu

• Virtualisation Remote Access and Server

  Guys,
  Question about licensing:
  I have a Mac Lion 10.7.2 Server, so the questions are based around that but would like to know differences for other licenses or systems. This is being used in a corporate testing enviroment and we would like to increase its use by have multiple users/remote users.....but licensing looks an issue/complex.
  There seem to be 2 licenses Mac OS X Server (Lion) licence and Mac OS X (Lion 10.7.2) licence? Does one superceed the other or do they run 'together' if you have Mac Lion 10.7.2 Server?
  According to the 2nd (Lion 10.7.2) license you can run 2 virtual machines in addition the the running one. So this is 3 altogether? One being the main OS and the other 2 virtual. Are there anyways of running all 3 in a hypervisor (vmware Vsphere like?) and is this allowed under the license(s)? This also seems to be only for 'downloaded' and not pre-installed software.
  Also in the 2nd (Lion 10.7.2) license it is possible to have Remote Desktop Connections. This is not mentioned in the first (server)  license?
  Both licenses mention the you can use the OS "by multiple individuals on a single shared Mac Computer that you own or control." but then seem to limit this to one user at a time. Can you have multiple Remote (VNC) desktop with multiple users? If not with these licenses which can you use?
  Can you point me to who to/how to ask about these?
  Thanks
  Ben

  The ACLs appear to be working fine. I am passing IP traffic for all of the configured subnets with the exception of the remote access subnet. I have both ends of the tunnel configured with the RA subnet in the crypto map. I am not using reverse route injection. Actually I am not at all familiar with it. Do you think this is where I should start looking?
  Thanks

• Can my moto 4 be remotly accessed and my text be read by someone else I am pretty sure mine is

  I am on a pre paid plan and am almost certian my wife has remotly accessed my text  messages ... how can this happen and how can I stop it

  There are a number of apps designed to do this and much more
  Top 10 Android Spy Apps and Software you don’t want to miss

• Creating large scale secure document repository for remote access and a few other Azure questions

  Hello Microsoft Community,
  Is there a way to put a bunch of documents in Azure storage and present them to an end user via an interface that is either web based or local that will provide security (log in control) to the folders and logging along with allowing access from multiple
  sites? I have a large document library of medical records that have been scanned to PDF format that are historical. They moved EMR systems to a new system and the documents I'm talking about are historical access only in case a patient needs historical records
  and aren't in the new system. Records staff would need to be able to log into said site, gain access to the files, search by file name and print / copy / save the PDF document so it can be sent to the patient requesting the info.

  Shared access signature and stored access policy can be used in this case.
  A shared access signature is a URI that grants restricted access rights to containers, blobs, queues, and tables for a specific time interval. By providing
  a client with a shared access signature, you can enable them to access resources in your storage account without sharing your account key with them. A stored access policy provides an additional level of control over shared access signatures on the server
  side.
  For more details, please refer the following links:
  Create and Use a Shared Access Signature (http://msdn.microsoft.com/en-us/library/azure/jj721951.aspx)
  Use a Stored Access Policy (http://msdn.microsoft.com/en-us/library/azure/ee393341.aspx)

• HT4623 I tried to update my iTunes tonight....waited and now it says something is corrupt??  I also tried to update my iPad and it didn't work after waiting for 4 hours for that one.  I need a remote access and John Whitaker is the one I want to do this f

  What is going on with my iPad update.  I waited for four hours letting it "update" and after the alloted time, it tells me that I needed to update my iTunes first.  After doing that, I can't even get into my iTunes.  It says a file is corrupt.  This is making me less and less impressed with these updates.  I have trouble 80% of the time.

  What iPad model and what iOS is it currently running? Are you trying to update the iOS via wifi or connected to your computer?
  If you have an iPad 1, the max iOS is 5.1.1. For newer iPads, the current iOS is 6.1. The Settings>General>Software Update only appears if you have iOS 5.0 or higher currently installed.
  iOS 5: Updating your device to iOS 5 or Later
  http://support.apple.com/kb/HT4972
  How to install iOS 6
  http://www.macworld.com/article/2010061/hands-on-with-ios-6-installation.html
  iOS: How to update your iPhone, iPad, or iPod touch
  http://support.apple.com/kb/HT4623
  If you are currently running an iOS lower than 5.0, connect the iPad to the computer, open iTunes. Then select the iPad under the Devices heading on the left, click on the Summary tab and then click on Check for Update.
  Tip - If connected to your computer, you may need to disable your firewall and anitvirus software temporarily.  Then download and install the iOS update. Be sure and backup your iPad before the iOS update. After you update an iPad (except iPad 1) to iOS 6.x, the next update can be installed via wifi (i.e., not connected to your computer).
   Cheers, Tom

• Offline Access and Wireless synchronization

  We are looking at several different platforms for a mobile application to compliment our existing Oracle application (currently migrating to 10g backend and 10g Forms frontend).
  Our two basic requirements are that we can
  1) have offline (local on the device) access to our data
  2) be able to sync via a wireless connection (wifi, gprs, etc)
  Outside of those two requirements, we just want a visually rich application. We are initially (and potentially only) targeting Windows Mobile (PocketPC) devices. I am unfamiliar with the mobile development kit (MDK) and what all it accomplishes, so any insight (or links) would be greatly appreciated.
  Does anyone have any suggestions for how best to accomplish this task? We are still in the preliminary stages of research, so any and all feedback is welcomed.

  We just implemented a system using oracle lite as offline database. Our client sycn using wifi, DSL, Cable Modem etc etc... no issues there.
  Oracle Lite will meet both of your requirements. However it does not provide you a rich GUI developing facility. So You have to build ALL your screens using some other tool.
  MDK primarily consists of 2 tools:
  1) MDW : Mobile Database Workbench (Used for creating.testing Data sync functionalities)
  2) Packaging Wizard: Used for Packaging an application along with the database and deploy it in the Mobile Server to be published.
  Good luck on your research.
  Sourav

• Alien Remote Desktop and wireless weirdness

  I have been having intermittent connectivity problems with my MB the past couple days at the office. Airport shows full power connected to my Belkin WEP-protected wireless router. However, when I try to get online I get a spinning beachball and "server can't be found." Then, other times it works OK. If I move out of my office to another part of the office building the problem usually goes away.
  Here's the 1st weird thing: all the other Macs in the office work fine, including a mini that is 10 feet away from my MB. Internet browsing is fast and uninterrupted.
  2nd weird thing: under "Shared" on my sidebar there are two screen icons with names like "ubuadm's remote desktop." I do not have Remote Desktop turned on on any of my computers. There are lots of wireless locations listed under the Airport icon when I click on it, so I know my office neighbors have devices on. My questions: Is someone possibly getting into my computer (firewall is on)?? Or, am I just getting interference from one of my neighbors? What can I do to remedy this situation? Thanks!

  I found, menu Setup: uPnp. Add a Service Management item.

• Autoselection for a switch between wired and wireless network

  Hello,
  We currently have a VTC codec installed on a mobile cart that can connect via wireless or wired network.  The cart has the Linksys WET610N Dual-Band Wireless-N gaming and video adapter bridge.  If you want to go wireless you will have to unplug the CAT5 that goes into the walljack and plug in the cable from the bridge into the codec. 
  We need a 3-5 port switch. Port 1 will connect to the wireless bridge.  Port 2 would be available to connect to a wall jack.  Port 3 will connect to the codec.
  We need the ability for the switch to autoselect port 1 and 2.  If Port 2 is not connected (no link light), then Port 1 will be active.  If Port 2 is active, Port 1 will be inactive. 
  I need to know how to configure the bridge and a network switch if this is scenerio is possible.  Any help is appreciated.
  Thanks,
  Aaron

  Well, I thought i had tried this before, but I followed another board's suggestion of turning of IGMP proxy and it is now working. I can see my iTunes server which is wired on my wireless devices.

• His there a widget for dashboard which i can use to turn the infrared functionality for my apple remote on and off quickly?

  As many of you i suppose, i have a universal dock and a macbook pro.
  Now because this dock and my MBP are often in the same room and both react to the remote, it would be handy if there was a widget which i could use to temporarily turn of my infrared port of the macbook, when i want to use my remote for the dock only.
  If i only want to use the remote for my macbook it's simple, i just unplug my iphone, but if i want to do the opposite, use it only for my dock while working on the computer i have to complete several steps in the system preferences before i can get what i want.
  So is there an easy way (i was thinking a widget in the dashboard) to get around this?
  thx in advance for your thoughts!

  Unfortunetally, No and no.  Apple TV is a closed API so developers are right now unable to create an app that is very compatible to connect to Apple TV.  There is also no remote app on the Mac App Store. 
  Let me know if this solves your questions or if you have any others,
  Thanks,
  Allen