AP1252 : Support for LEAP and PEAP for authentication

Similar Messages

• 7920 - Firmware Version that support WEP, LEAP and WPA

  Hi Guys,
  My Customer have the CallManager version 4.1.3. He have the IP Phone 7920 and need use WEP, LEAP and WPA. Anybody tell me if version cmterm_7920.4.0-03-02 support this protocolos?
  Thank You,
  Wilson

  LEAP uses WEP 40 or 128 bit encryption
  WPA (or WPA-PSK) uses TKIP
  You can only define one encryption type per radio interface so that is why both won't work simultaneously...
  With multiple vlans setup, you can now assign encryption on a per vlan/ssid basis.
  DaveFromPeg

• After Aiport Extreme Update 2007 001 broke LEAP and 802.1x authentication

  Apple Updater installed the Airport update 2007 001. This has completely broken my LEAP and 802.1x network access. It never recognizes the "preferred" networks, and if I connect manually by entering in the password it doesn't transmit any packets.
  I tried to reverse the upgrade by following these instructions but then it wouldn't recognize my airport hardware: www.macfixit.com/article.php?story=20070126190822382
  I tried to file a bug report, but that apple bug reporter seems to be down (it says, "An Exception has Occurred (click triangle to view)" but no triangle exists).
  ***?

  I finally discovered what was going on. When doing either the 10.4.9 update or the Airport update, my /System/Library/Keychains/X509Anchors file was either corrupted or completely emptied. The file did remain with 0K size.
  I started noticing that all SSL connections from the computer were failing (Safari, iChat, whatever) that depended on the Mac OS X components to do the SSL validation. (Firefox continued to work fine, as it has its own SSL stack.) I then ran the Keychain file check in Keychain, which alerted me to the exact file problem.
  My wife also has a MacBook with the same version of Mac OS X, so I was able to copy her X509Anchors file to my computer and everything worked perfectly after that. SSL came back, iChat works, Safari works with SSL, and 802.1x works again.
  Hope that helps someone else...

• OSX and PEAP machine authentication

  We are starting to get a few OSX users in our environment, and they can't seem to authenticate to our wireless network using machine authentication with PEAP. They can bind to AD and I see the computer name in AD, but PEAP fails. Has anyone gotten this working successfully?
  The error we get in the RADIUS logs is:
  ACS has not been able to confirm previous successful machine authentication for user in Active Directory
  Thanks!

  If you configure PEAP MsChapv2 properly along with the client side, it will work and you will not get any type of error.  I run PEAP or EAP-TLS on customer environments with ACS, ISE, Microsoft Radius and other radius servers with no issues. If you look at the Apple device guide or search for supported 802.1x encryption types, you will see what type of encryption is supported. You just have to setup the radius and the back end to work.
  Scott

• Support for TLSv1.1

  Hello,
  Because "TLSv1.1" is listed as a SSLContext Algorithm (https://cis.med.ucalgary.ca/http/java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext)
  i have been trying to specify it in my code as shown below:
  SSLContext sc = SSLContext.getInstance("TLSv1.1");
  sc.init(kmFact.getKeyManagers(), tmFact.getTrustManagers(), null);
  But i get the following instead:
  java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available
       at sun.security.jca.GetInstance.getInstance(Unknown Source)
       at javax.net.ssl.SSLContext.getInstance(Unknown Source)
  I am using JDK1.6.0_4. Does it support TLSv1.1? Or do I find another provider (if there is one)?
  Thanks

  I am sorry.... in fact i was reading the wrong doc.... here is the one from java6 spec
  The JSSE API is capable of supporting SSL versions 2.0 and 3.0 and Transport Layer Security (TLS) 1.0. These security protocols encapsulate a normal bidirectional stream socket and the JSSE API adds transparent support for authentication, encryption, and integrity protection. The JSSE implementation shipped with Sun's JRE supports SSL 3.0 and TLS 1.0. It does not implement SSL 2.0.
  Link
  nevertheless TLS1.1 is not implemented by java1.6 as well....
  thanks ejp... for the correction....

• Authentication support for Apex 4.1 and 3.2.1.00.1 on Active Direct 2008 R2

  Hi,
  We are about to upgrade our domain controllers to Windows Server 2008 R2 from Windows Server 2003.
  We have 2 Apex production applications running on:
  Apex 4.1 and Apex 3.2.1.00.11., both of which authenticate users against the domain. Can anyone confirm whether upgrading our Domain Controllers to WINDOWS SERVER 2008 R2 is supported or likely to require changes? Neither application points to a specific DC for authentication, they simply point to the domain top level.
  Thanks,
  Andy

  That's a shared drive. And it must be allowed because our current production APEX applications have been linking (and still do) to files for several years now. Only my fresh install of APEX 4.1 doesn't link.

• EAP Authentication Configuration for EAP-FAST and PEAP

  Hi Everyone,
  I pretty much got EAP working, however using LEAP 
  When I get to EAP-FAST and PEAP, I just can't seem to get it to work
  What am I missing, I do know that EAP-FAST and PEAP involve certificates. However, how do i set them up on the client side?
  Hope you guys can help me on this, stuck on this part xD

  EAP is a complicated subject for sure. But it shouldn't be really once you know the foundation. 
  EAP-PEAP can use server side and client side and EAP-FAST can as well. It all depends how its deployed. 
  Generally speaking, most deployments of PEAP use server side only and EAP-FAST uses PACS only.
  The cert that you install on the radius server for PEAP is passed to the wireless supplicant and is used by the supplicant to hash the logon and password from the user. This hash is passed back to the radius server who has the private key who can decode the hash and pass the user ID and password  back to AD for example. 
  Hope this helps .. 

• Authentication with Edge, weinre is not supported for Fiddler

  Environment
  laptop- laptop Windows 7
  mobile- iOS iPad
  I installed Edge, the iOS client, chrome extension, as well as Fiddler and CharlesProxy. We have an app that requires authentication, and the UN/PW cannot be passed via URL params. I configured the iPad to use a proxy, as detailed in  http://blogs.adobe.com/edgeinspect/2012/05/16/shadow-charles-proxy-virtual-hosts-workflow/  Both proxy apps use port 8888 by default.  The site I am trying to hit is external and not a localhost. Here is what I am seeing so far.
  Using Fiddler, I am able to connect remotely, and essentially, what is shown on the iPad is a mirror of my laptop's chrome browser. The problem is that I am unable to initiate remote inspection using weinre, specifically, under the weinre remote button, my device is not listed
  Using Charles Proxy, again, I can connect remotely, but am unable to get past the authentication screen. However, weinre's remote inspection is working and my device is listed under devices. The request looks correct, but when I try to enter a valid UN/PW in the iPad, an error dialog shows with "server returned incorrect response type [200]".
  How is the correct way to authenticate with Charles? Or is there a way to have weinre attach correctly using Fiddler2?
  TIA.

  Hi Christian,
  The error you saw should only occur for a subscription used with a free trial offer type. Please use the below link to open a support ticket.
  http://azure.microsoft.com/en-us/support/options/
  You can check the following links for similar issues.
  The operation is not supported for your subscription offer type
  Could not submit the request to create database
  DBNAME. The operation is not supported for your subscription offer type
  Thanks,
  Lydia Zhang
  If you have any feedback on our support, please click
  here.
  Lydia Zhang
  TechNet Community Support

• I want to integrate SMS gateway to Cisco ISE 1.2 and my question is SMS notifications are supported for Guest self−registration

  I want to integrate SMS gateway to Cisco ISE 1.2 and my question is 
  SMS notifications are supported for Guest self−registration Services ? or it should be done by Sponsor 

  I'm not sure I understand the question.  Do you want to log in to the Sponsor Portal using AD credentials?
  Create an Identity Source Sequence using AD as an Authentication Source.  Go to Administration > Identity Management > Identity Source Sequences.  Either Edit or +Add a Sequence and choose from the Authentication Sources shown.
  Then choose that Identity Source Sequence by going to Administration > Web Portal Management > Settings.  Double-click Sponsor from the Left Menu and click Authentication Source.  Choose the Identity Source Sequence.  Click Save.
  I hope this helps.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• Can we still use PEAP-MSCHAPV2 for authenticating to a WPA2-Enterprise network?

  L.S,
  For authenticating to a BYOD wireless network a lot of companies use WPA2-Enterprise connected to a Microsoft IAS/NPS server to authenticate against Active Directory. There seems to be a way to intercept this wireless traffic using a roque accesspoint using the same (company) SSID-name and tools like freeradius-WPE and cloudcracker.
  If the BYOD client doesn't check the certificate provided by the fake radius server, the MSCHAPv2-negotiation can be discovered and the hacker will get the username AND hashed password which can be lookup'd by rainbow tables sites like cloudcracker.
  Is there still a safe way to deploy AD-authentication to BYOD clients?
  Kind Regards,
  Arjen

  I have tested the WPA2-enterprise/PEAP-MSCHAPv2 exploit this week placing a laptop in my car on the company parking lot with a Kali image, using hostap and freeradius-wpe configured with the company SSID. It was very easy to find out the mschapv2 challenge/responses of a number of android/windows phones that there just walking past my car. Also iPhone has a bad WPA2-enterprise implementation (see: http://research.edm.uhasselt.be/~bbonne/docs/robyns14wpa2enterprise.pdf), so bye bye WPA2-enterprise/PEAP-MSCHAPv2.
  Wonder what other (large) companies are using for their BYOD wireless networks! EAP-TLS using certificate sounds like the only feasible option, however, we are afraid that the enrolment of certificates to the BYOD-clients will be a total disaster. I heard stories that some android phones lose their client certificate after a reboot :(

• Can anybody explain what is support for ADF Project and to solve the Issues

  Hi,
  I am new to ADF and i am currently associated to ADF Support Project.
  Can anybody explain what is support for ADF Project and to solve the Issues when the ADF Project is in Live.
  we are getting the Tickets for the Issues.
  Thanks in advance.

  I agree with Timo.
  It depends on the size of the project, user base, technologies, etc. We use lot of technologies in fusion middleware stack. We get tickets in many areas.
  In your case, it could be anything like user training issues (user may not know how to use the some system features), browser issues like blank screen, bugs in code like JBO errors (failed to validate, another user has changed row, failed to lock the record, NullPointerException, IllegalArgumentException etc), business logic issues, page may not render properly, performance issues, partial commit issues, application server issues, authentication issues. If you use web services you might get web services related problems.

• EAP-TLS for Wireless network and PEAP for wired network

  Hello,
  it is possible to use EAP-TLS for Wireless network and PEAP for wired network on the same laptop (Windows 7).
  Thank you in advance.
  Thibault

  Yes, this is possible. You just need to properly configure each interface to use the EAP type you want.
  HTH,
  Steve
  Sent from Cisco Technical Support iPad App

• Support for WPA2 and TKIP in WiFi

  Is there support for this type of authentication or are there plans to support it in the near future? thanks

  Lumia 920 and 820 do support wpa2 tkip.

• How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?

  Hi,
  How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?
  /SaiTech

  Hi SaiTech,
  Kerberos will be selected by default in an AD domain, The default (assuming the client is in a domain, and is not connecting to itself via 127.0.0.1 or ::1 addresses) is to use Kerberos authentication, and not to fall back to NTLM.
  Please also Note that you may have to take some other steps as well to get non-Kerberos authentication working.  Specifically, you'd have to set up an HTTPS listener on the remote host, or modify the client's TrustedHosts list.
  Refer to:
  WINRM kerberos & Negotiate
  Authentication for Remote Connections
  In addition, you can also use Network Monitor to check the authentication method.
  If there is anything else regarding this issue, please feel free to post back.
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Lack of support for Canon G7 and G9. Alternatives?

  I am really disappointed about the lack of support for the Canon G9, and looking at the list of compatible cameras (http://docs.info.apple.com/article.html?artnum=306835) I notice that Canon G7 - even if it does not have a RAW format, is not supported either.
  I am thinking that the purchase of the G9 may have been premature and that I may need to sell it and get another cam that is supported by Apple/Aperture.
  What would you guys do? Is there a cam out there similar to the G9 at the moment that has a Apple-supported RAW format?
  Best regards,
  Kjell Are Refsvik

  I think the camera closest to the G9 that has RAW support from Apple are the Panasonic DMC-LX2/Leica D-Lux 3 twins. Don't know where you are, but in the US, the Panasonic costs about $400. 10MP, 28-112mm (35mm equivalent) Leica lens, very compact body, and RAW output. The Leica costs $599, and has that classic look.
  I don't know much about that cameras, but you may want to investigate.
  Message was edited by: rkkwan
  Message was edited by: rkkwan