Auto-Signon issue with RADIUS authentication

Similar Messages

• ASA , Cisco VPN client with RADIUS authentication

  Hi,
  I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
  All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
  Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
  Thank you.
  Kind regards,
  Alex

  Hi Alex,
  It is working as it should.
  You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
  thanks
  John

• Issue with Anonymous Authentication and updating or starting new projects

  So 2 weeks ago I had a post about Anonymous Authentication found here:
  https://social.technet.microsoft.com/Forums/office/en-US/9b0e6eec-190a-4b48-a280-6adef441659a/issue-with-anonymous-authentication-and-people-picker-and-reports?forum=sharepointgeneral&prof=required
  That issue has been resolved but has created a new issue. We have Anonymous Authentication disabled but when one of our users tries to make a new project she gets the following:
  Unexpected response from server. The status code of response is '0'. The status text of response is ''.
  When she tries to edit an existing project, she gets the following:
  The server was unable to save the form at this time. Please try again.
  If I re-enable the Anonymous Auth. everything works for her again, but then we face the issue from the original post with reports not publishing.
  Any ideas on how to make everything get along?

  #apDiv2 {
      position: absolute;
      width: 698px;
      height: 299px;
      z-index: 1;
      left:50px;
      top: 117px;
      overflow: scroll;
  Don't forget to fix your code errors.  You're still missing a <body> tag in your markup. 
  Nancy O.

• NAC guest server with RADIUS authentication for guests issue.

  Hi all,
  We have just finally successfully installed our Cisco NAC guest server. We have version 2 of the server and basically the topology consists of a wism at the core of the network and a 4402 controller at the dmz, then out the firewall, no issues with that. We do however have a few problems, how can we provide access through a proxy without using pak files obviously, and is there a way to specify different proxies for different guest traffic, based on IP or a radius attribute etc.
  The second problem is more serious; refer to the documentation below from the configuration guide for guest nac server v2. It states that hotspots can be used and the Authentication option would allow radius authentication for guests, I’ve been told otherwise by Cisco and they say it can’t be done, has anyone got radius authentication working for guests.
  https://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_hotspots.html
  -----START QUOTE-----
  Step 7 From the Operation mode dropdown menu, you can select one of the following methods of operation:
  •Payment Provider—This option allows your page to integrate with a payment providing billing system. You need to select a predefined Payment Provider from the dropdown. (Refer to Configuring Payment Providers for details.) Select the relevant payment provider and proceed to Step 8.
  •Self Service—This option allows guest self service. After selection proceed to Step 8.
  •Authentication—This option allows RADIUS authentication for guests. Proceed to Step 9.
  ----- END QUOTE-----
  Your help is much appreciated on this, I’ve been looking forward to this project for a long time and it’s a bit of an anti climax that I can’t authenticate guests with radius (We use ACS and I was hoping to hook radius into an ODBC database we have setup called open galaxy)
  Regards
  Kevin Woodhouse

  Well I will try to answer your 2nd questions.... will it work... yes.  It is like any other radius server (high end:))  But why would you do this for guest.... there is no reason to open up a port on your FW and to add guest accounts to and worse... add them in AD.  Your guest anchor can supply a web-auth, is able to have a lobby admin account to create guest acounts and if you look at it, it leaves everything in the DMZ.
  Now if you are looking at the self service.... what does that really give you.... you won't be able to controll who gets on, people will use bogus info and last but not least.... I have never gotten that to work right.  Had the BU send me codes that never worked, but again... that was like a year ago and maybe they fixed that.  That is my opinion.

• Cisco PI 1.3 - Internal Server Error with RADIUS-authentication

  Hi,
  I have a problem with a Cisco Prime Infrastructure 1.3 (Appliance, fully patched) that I'm trying to authenticate against a Radiator RADIUS-server.
  From the RADIUS-server's point of view it looks fine, but I just get an HTTP Status 500 internal error (see attached image) when trying to log in.
  I'm not the one managing the RADIUS-server but I got the following debug sent from them:
  Wed Oct 30 08:52:06 2013: DEBUG: Packet dump:
  *** Received from 10.36.0.132 port 17235 ....
  Code:       Access-Request
  Identifier: 102
  Authentic:  REMOVED
  Attributes:
          User-Name = "test-user"
          User-Password = REMOVED
          NAS-IP-Address = 10.36.0.132
          Message-Authenticator = REMOVED
  Wed Oct 30 08:52:06 2013: DEBUG: Handling request with Handler 'Client-Identifier=/^prime[.]net[.]REMOVED[.]se$/', Identifier 'Network-Prime-AAA'
  Wed Oct 30 08:52:06 2013: DEBUG:  Deleting session for test-user, 10.36.0.132,
  Wed Oct 30 08:52:06 2013: DEBUG: Handling with Radius::AuthUNIX:
  Wed Oct 30 08:52:06 2013: DEBUG: Radius::AuthUNIX looks for match with test-user [test-user]
  Wed Oct 30 08:52:06 2013: DEBUG: Radius::AuthUNIX ACCEPT: : test-user [test-user]
  Wed Oct 30 08:52:06 2013: DEBUG: AuthBy UNIX result: ACCEPT,
  Wed Oct 30 08:52:06 2013: DEBUG: Handling with Radius::AuthFILE:
  Wed Oct 30 08:52:06 2013: DEBUG: Radius::AuthFILE looks for match with test-user [test-user]
  Wed Oct 30 08:52:06 2013: DEBUG: Radius::AuthFILE ACCEPT: : test-user [test-user]
  Wed Oct 30 08:52:06 2013: DEBUG: AuthBy FILE result: ACCEPT,
  Wed Oct 30 08:52:06 2013: DEBUG: Access accepted for test-user
  Wed Oct 30 08:52:06 2013: DEBUG: Packet dump:
  *** Sending to 10.36.0.132 port 17235 ....
  Code:       Access-Accept
  Identifier: 102
  Authentic:  REMOVED
  Attributes:
          cisco-avpair = "NCS:virtual-domain0=ROOT-DOMAIN"
          cisco-avpair = "NCS:role0=Admin"
          cisco-avpair = "NCS:task0=View Alerts and Events"
          cisco-avpair = "NCS:task1=Device Reports"
  ..the rest of the AV-pairs removed
  Does anyone have any idea on what the the problem is, or some tips on how to troubleshoot? (rebooting and ncs stop/start has no impact on the issue)
  //Charlie

  I ran into a similar issue this morning in my lab.  After I issued ncs status - the database service came back as not running.  I stop/started the Prime services and it came up.  Once all the services were running my WLC imported with no issues.  I also deployed another server for another lab and it had issues with the clocking being out of sync. 

• Auto Size issue with Media Gallery .AS files

  First off, thanks for taking a look!
  I came across this Adobe devnet article the other day while
  looking for info on creating Flash web based image galleries
  here.
  In summary, it's an introduction on modifying the .XML files to
  personalize your galleries created with Adobe Photoshop Elements 5.
  Also in this article, there is a link to download source files
  including gallery templates and a working .FLA file, which is
  really the point of my post.
  So. I've gone through the .AS, Javascript, and .XML files
  looking for variables and parameters for controlling the
  stage/auto/scale of the clip. I've read through each several times
  making adjustments here and there and I've been able to change most
  of what I want, but for the life of me I can not seem to get
  control over the scaling of the clip when the user resizes the
  browser. I have been able to load the clip at a set width and
  height, with a minimum width and height, but again once the user
  pulls the browser out, the entire screen scales with it.
  My ideal goal is to embed a modified version of the .SWF with
  set dimensions into a parent .SWF. On first load everything looks
  great for about half a second - until the .AS files are loaded. At
  this point the size of the gallery .SWF expands to fill the width
  of the host browser. Actually, it expands beyond the browser frame
  but that's neither here nor there. I'll admit the amount of code is
  beyond me, but I can usually pick things apart enough to butcher it
  to into what I need ;P If that can't happen, then I'm perfectly
  happy to stick with the HTML gallery so it's no big deal really.
  I'm just curious to know if any of you have experience with this
  particular file and might suggest a direction?
  I'll keep digging around, but at the moment I think i've
  found about all I can translate or I'm missing something horribly
  obvious. If you've played with this file, I would love some
  insight. If not, and you're looking for a starting point for a
  flash photo gallery, then take a look at the article. The
  supporting files seem a bit heavy, but maybe that's just me. =]
  Thanks again!
  - noel.

  For single sign on using NTLM on a webVPN set up, you need to ensure you configure it through the command line. Did you use the ASDM for this single sign on? To configure auto-signon for all WebVPN users to servers with IP addresses ranging from
  10.1.1.0 to 10.1.1.255 using NTLM authentication, for example, enter the following
  commands:
  hostname(config)# webvpn
  hostname(config-webvpn)# auto-signon allow ip 10.1.1.1 255.255.255.0 auth-type ntlm
  http://www.cisco.com/en/US/docs/security/asa/asa71/asdm51/selected_procedures/asdmsso.html

• Slowness Issues with Windows Authentication in SharePoint Foundation 2010 sites

  All, 
  We are having a strange issue with SharePoint Foundation 2010 sites where sites are very slowly loading when accessed via windows based authentication where as the extended sites in  forms authentication are loading normally.
  There were no error logs or even SharePoint logs also except the images load time is showing with different load times.
  Attached are the patches that were updated to the server that may be issue but not sure. Can some one please share your thoughts.
  SQL connectivity b/w the server is good.there are no n/w issues except that the users are using the sites with a different domain other than the domain in which the servers were hosted.
  There is a trust b/w the two domains.This was never changed and there were no issues in the last 2 years.
  Thanks keshav,Share point Developer

  we do have trusted domains
  Inder : It would be better if you run that command again now.
  Inder: How many AD server do you have
  Inder: Do you notice the login request go to nearest AD server. 
  and https sites. Please share your thoughts.
  Inder: All the certificate have intermedite certificates. You need to logon to each SP server, and install
  these certificates on trusted root authority 
  If this helped you resolve your issue, please mark it Answered

• SCCM 2012 R2 ADR issue with proxy authentication

  Hi,
  We're migrating SCCM 2007 to SCCM 2012 R2.
  In SCCM 2007, the proxy server is configured with user authentication, and this works.
  In SCCM 2012 R2, the Software Update Point is installed locally and connected with a local WSUS 4.0 (Server 2012)
  We use a proxy with user authentication for Update Deployment. (This user is the same as configured in SCCM 2007.)
  The Proxy Server is Blue Coat SG.
  The proxy account is used for:
  The Synchronization works, but Automatic Deployment Rule (ADR) doesn't work.
  When an Automatic Deployment Rule is started, it tries to authenticate 3 times.
  The Patchdownloader.log shows:
  Trying to connect to the root\SMS namespace on the <servername> machine.        Software Updates Patch Downloader        11/8/2013
  12:19:06        3608 (0x0E18)
  Connected to
  \\<servername>\root\SMS        Software Updates Patch Downloader        11/8/2013 12:19:06        3608
  (0x0E18)
  Trying to connect to the
  \\<servername.domain>\root\sms\site_ECM namespace on the <servername.domain> machine.        Software Updates Patch Downloader        11/8/2013
  12:19:06        3608 (0x0E18)
  Connected to
  \\<servername.domain>\root\sms\site_ECM        Software Updates Patch Downloader        11/8/2013 12:19:06        3608
  (0x0E18)
  Download destination =
  \\<servername.domain>\dp_wks_ms_updates$\3208bb5e-bcd9-4389-a0c9-02ef33ccb998.1\XPSEPSC-x86-en-US.exe .        Software Updates Patch Downloader        11/8/2013 12:19:07        3608
  (0x0E18)
  Contentsource =
  http://wsus.ds.www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/xpsepsc-x86-en-us_7ae70ca1330a099080c6c41c4d5b7f19b30dc0cd.exe .        Software Updates Patch Downloader        11/8/2013
  12:19:07        3608 (0x0E18)
  Downloading content for ContentID = 16819067, 
  FileName = XPSEPSC-x86-en-US.exe.        Software Updates Patch Downloader        11/8/2013 12:19:07        3608 (0x0E18)
  Try username <domain\ProxyAccount>        Software Updates Patch Downloader        11/8/2013 12:19:07        8364
  (0x20AC)
  Proxy enabled proxy server <proxyserver>:8080        Software Updates Patch Downloader        11/8/2013
  12:19:07        8364 (0x20AC)
  HttpSendRequest failed HTTP_STATUS_PROXY_AUTH_REQ        Software Updates Patch Downloader        11/8/2013
  12:19:07        8364 (0x20AC)
  Download
  http://wsus.ds.www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/xpsepsc-x86-en-us_7ae70ca1330a099080c6c41c4d5b7f19b30dc0cd.exe to C:\Windows\TEMP\CAB6FD2.tmp returns 407        Software Updates
  Patch Downloader        11/8/2013 12:19:07        8364 (0x20AC)
  ERROR: DownloadContentFiles() failed with hr=0x80070197        Software Updates Patch Downloader        11/8/2013
  12:19:07        3608 (0x0E18)
  Then the proxy user account is locked:
  Trying to connect to the root\SMS namespace on the <servername> machine.        Software Updates Patch Downloader        11/8/2013
  12:20:11        3608 (0x0E18)
  Connected to \\ <servername>\root\SMS        Software Updates Patch Downloader        11/8/2013
  12:20:11        3608 (0x0E18)
  Trying to connect to the
  \\<servername.domain>\root\sms\site_ECM namespace on the <servername.domain> machine.        Software Updates Patch Downloader        11/8/2013
  12:20:11        3608 (0x0E18)
  Connected to
  \\<servername.domain>\root\sms\site_ECM        Software Updates Patch Downloader        11/8/2013 12:20:11        3608
  (0x0E18)
  Download destination =
  \\<servername.domain>\dp_wks_ms_updates$\e0a54221-3ff2-4129-b7cf-89bf5cd1f726.1\Windows-KB943729-x86-ENU.exe .        Software Updates Patch Downloader        11/8/2013
  12:20:12        3608 (0x0E18)
  Contentsource =
  http://wsus.ds.download.windowsupdate.com/msdownload/update/software/updt/2009/10/windows-kb943729-x86-enu_e174c41ce3dcbd5c8922d6d1c39df1be425a70e0.exe .        Software Updates Patch Downloader        11/8/2013
  12:20:12        3608 (0x0E18)
  Downloading content for ContentID = 16824262, 
  FileName = Windows-KB943729-x86-ENU.exe.        Software Updates Patch Downloader        11/8/2013 12:20:12        3608 (0x0E18)
  Try username <domain\ProxyAccount>        Software Updates Patch Downloader        11/8/2013 12:20:12        12480
  (0x30C0)
  Proxy enabled proxy server <proxyserver>:8080        Software Updates Patch Downloader        11/8/2013
  12:20:12        12480 (0x30C0)
  HttpSendRequest failed HTTP_STATUS_FORBIDDEN or HTTP_STATUS_DENIED        Software Updates Patch Downloader        11/8/2013
  12:20:12        12480 (0x30C0)
  Download
  http://wsus.ds.download.windowsupdate.com/msdownload/update/software/updt/2009/10/windows-kb943729-x86-enu_e174c41ce3dcbd5c8922d6d1c39df1be425a70e0.exe to C:\Windows\TEMP\CAB6E4B.tmp returns 403        Software Updates
  Patch Downloader        11/8/2013 12:20:12        12480 (0x30C0)
  ERROR: DownloadContentFiles() failed with hr=0x80070193        Software Updates Patch Downloader        11/8/2013
  12:20:12        3608 (0x0E18)
  The RuleEngine.log shows:
  Failed to download the update from internet. Error = 403 SMS_RULE_ENGINE 11/8/2013 16:18:25 3608 (0x0E18)
  Failed to download ContentID 16824467 for UpdateID 16819978. Error code = 403 SMS_RULE_ENGINE 11/8/2013 16:18:25 3608 (0x0E18)
  It seems that the ADR uses a wrong password when authenticating with the proxy, but this same user works when synchronizing with WSUS.
  We performed the following actions with no result:
  run the ADR manually and automatic,
  reinstalled WSUS and SUP,
  changed proxy user account.
  Regards,
  Matthias

  Currently, the command shows:
  Current WinHTTP proxy settings:
      Direct access (no proxy server).
  We've been testing with:
  upddwnldcfg.exe /s:<proxyserver>:<port> /u:<user> /allusers
  psexec -i -s iexplore.exe, set Internet Explorer proxy manually
  All with same result, proxy user getting locked when ADR runs.
  (These settings have been removed after the test.)
  I think dekac99 would suggest netsh winhttp set proxy or import proxy.
  then turn off proxy use on the role SUP (this way not SCCM will send auth but all winhttp will use proxy)
  the problems with that for me are:
  - if MS implemented role-based proxy usage, why set at http layer - of course this might work as a workaround for the time being so it might be a good idea but I'm just not sure what unwanted issues it may cause
  - the other thing is where I'm not sure, with set proxy you cannot define authentication account. if you use import from IE and the IE prompted for proxy auth, the stored credential will be used on winhttp layer (though I'm not 100% sure of that) - so this
  is just too uncontrolled for me
  - upddwnldcfg.exe will need to run in the name of system account (it stores credentials under HKCU so far I know it will be a per user based setting)
  --> what confuses me, the catalog synch works which should use the same configured proxy and account(?), only ADR does not work. shouldn't they both use the same process for sending account auth info?

• Lightroom 5 auto import issues with nikon d90

  Hoping someone can help answer my question - I am wondering if Lightroom 5 has any issues with the auto import or tethering feature using a Nikon d90? I was using Lightroom 2 and the auto import feature has no issues with my d90. After I installed Lightroom 5 (Cloud App) and ran it for the first time, the first thing I used was the tethering feature and it worked great for 4 shots. I turned my camera off and then back on again and LR would not recognize my camera any longer for tethering. What's strange is that it will detect it for "Importing from Device" option. So, I went to plan two which was to auto import and that wasn't working at all. I am at a loss. I have a shoot coming up this weekend and need for one of these options to work. Any help is appreciated!!!

  I use a D90, but I have never tried tethered shooting with it. Other users might have some suggestions for you, but looking at the list of supported cameras for tethered shooting the D90 is not "officially" supported in Lightroom. So you're probably on your own to find solutions. I know this isn't a lot of help.

• WLC issue with RADIUS

  Hello,
  I have the following strange behavior:
  my WLCs connects to RADIUS server using the IP address of a dynamic interface instead of using the management interface's IP address.
  Tha dynamic interface is on the same subnet/vlan of the RADIUS server.
  which is the best interface to use for RADIUS authentications?
  And how can I decide which interface shuold be the IP radius-source interface for connecting with my radius servers?
  Thanks everybody
  Johnny

  If you have the Radius server on a subnet in which you have any interface on the wlc on, you will see the wlc using that interface ip address. The AAA client ip address you should use is the dynamic interface ip address. The only time you will see the wlc use its management interface is when your wired and wireless (dynamic interfaces) are on different subnets.

• Issue with Anonymous Authentication and People Picker and reports

  Hello,
  We are having an issue with sharepoint 2013 where we have reports that get published to sharepoint via visual studio and we use the people picker for different list.
  The overall issue is SSRS does not work if Anonymous Authentication is enabled which caused this error when trying to publish a report:
  The permissions granted to user 'NT AUTHORITY\ANONYMOUS LOGON' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException:
  The permissions granted to user 'NT AUTHORITY\ANONYMOUS LOGON' are insufficient for performing this operation
  However, if we disable Anonymous Authentication, the people picker search option does not work and we get there error:
  Sorry, we're having trouble reaching the server.
  I found this web blog on a solution, https://blog.karstein-consulting.com/2014/02/18/sharepoint-2013-people-picker-error-sorry-were-having-trouble-reaching-the-server/
  however this did not work.
  Does anyone have ant other suggestions?

  Hi JCrescenzo,
  Please try to get the property of the people picker, perhaps there is a rule that implemented on your environment:
  stsadm -o getproperty -propertyname peoplepicker-searchadcustomfilter -url 
  http://site_collection_url
  If yes, clear it by running:
  stsadm -o setproperty -propertyname peoplepicker-searchadcustomfilter -propertyvalue " " -url
  http://site_collection
  There are two similar posts, please check if they are useful for you:
  https://social.technet.microsoft.com/Forums/en-US/621d439b-f2eb-4dc2-8797-eb7f2f3996e4/people-picker-returning-search-filter-is-invalid-in-uls-log-when-searching-for-users?forum=sharepointgeneralprevious
  https://gavinmckay.wordpress.com/2011/07/15/troubleshooting-sharepoint-2010-claims-based-authentication-with-active-directory-lightweight-directory-services-ad-lds/
  Best Regards,
  Wendy
  Wendy Li
  TechNet Community Support

• Apple Support admitted an Issue with WEP authentication and some Routers

  After reading many posts here and other places I logged a service call to Apple support. With the particulars: AT&T U-verse 2 Wire router would not connect with WEP would connect with Security disabled. I wanted a call logged before I went past the return time
  I got a call back immediately after a few basic questions I was passed to a product manager for ipads, it seems connectivity issues are taken seriously.
  The upper level support said there were known issues with some routers and WEP security we steeped through changing the security and it works fine now.
  Bottom Line:
  Apple knows there is an issue with some routers
  They were very helpful and acknowledged the issue.
  He even stayed on the line while I reconfigured one of my Windows PC to make sure it connected to the new settings
  I suggest to all to log a call and get a tech support involved before taking the iPad to the local store
  They certainly new their are some connectivity issues. If that does not work you can always return it.
  He did not admit it was a Apple issue and did not commit that Apple was working on it but it is something they are aware of.
  So skip the Apple store got right to tech support.
  Just my 2 cents.

  "But folks need to go straight to tech support. I live in oz, so it will be interesting to see if they help me.. or not.. but if support gets inundated they will fix it or have a massive recall (not likely on the latter)."
  Can't agree more. I used to manage a tech support department and it is all about the numbers. No matter how many forum entries the issues that get addressed are dictated by the reports.
  So for those that are buying new routers contact Tech Support first even if you end up getting a new router the call is logged that will get Apple's attention.
  People that are not familiar with post launch processes have no idea how things that need to get corrected and enhanced are dictated by support requests

• Freaky Issue With Radius In Cisco 7206

  yesterday I faced a weird issue in 7200 router. It was configured as LNS using its loopback for radius authnetication. But when I checked the logs on radius it is getting the physical interface ip. After that I configured my source as physical interface authentication process completed.
  Can anyone tell me why it is not getting source as loopback. On other routers it is working fine.
  regards
  shivlu jain

  Shivlu,
  Glad it is now working. I think it could be related to CSCsq32625, which is a duplicate of CSCse02550, which was indeed fixed in 12.2(31)S13.
  CSCsq32625
  ip radius source-int not working inside aaa group server config
  Symptom: Only Global setting for the AAA Radius server source interface is functioning. Setting the source-interface in the AAA Group configuration has no effect. Conditions: This condition is visible when a router must use more than one source-interface designation for communicating with the RADIUS servers serving it. For example, if there are two groups of servers, and one group uses a Loopback for the source interface, and second group uses the management FastEthernet interface as the source interface. Workaround: All radius servers need to be able to respond to a single source interface, as multiple sources distinguished by AAA Groups are not functioning. Further Problem Description: None
  Regards

• Auto Restart Issue with Mac Book AIR

  Have been using a Macbook PRO for sometime, no problem with Parallel installed. Due to frequent traveling, light and compact is my priority now, so I bought another AIR (11" i7 chip w/ Parallel installed as well). It was working flawlessly for few weeks, used it to download a couple of updates when I was in China (approx. 4Mbit/sec line speed) still no issues. UNTIL when I get back to my office and using WIFI updated another few stuffs, the AIR started to behave strangely with "your computer needs to restart due to problem ..."  the last few days it happened at least 10 times daily, so I did what I know with the usual Mac way,  reset PRAM, repair permissions blah blah blah ..problems persists so I called the service centre and the technician I talked to suggested the issue could be from 'your moderate internet speed causing incomplete system updated files.' ;  half convinced but I followed / reinstalled ...with no CD, it has to press option to select  to reinstall -- only then I realized a big problem, originally it states requires 27 hours to reinstall a fresh LION in my AIR but finally it completed and restated in still about MASSIVE 7-1/2 hours time. 
  As I have bought a USB network connector now (a convenient gadget when stays at hotels with different levels of facilities offered), this is not so troublesome and I think fellow users should consider using network and avoid using WIFI for this purpose. I notice once the left USB once was used (without turning off the WIFI)  it keeps breaking the connections, as I read some articles from this forum the left USB could has some stability issues.  After all the time spent, the computer freezes at times and auto restarts again. What the heck has this causes the AIR to behave this way ?
  NEXT, I also read on the Power issues, I bought it without realizing one of the technical highlight is on high performance battery management but you can chop my head off and sit on mine if the AIR can last 3 hours (probably the suggested time is with computer power on but without using it at all). I don't want to sound un-nice as I have been using Mac for many many years:  1) if AIR is entirely basing on internet (VERY HIGH SPEED) for support is not a really very friendly method for users if there is reliability issues via internet line support, says what if we are caught in remote area with 30k/sec line speed then we are totally dead ... ; 2)  the recent scare makes me dare not using the software updates now, as technician suggested, write down what is required to update, find it from apple and do it manually ...Goohs, my Mac Book Pro using side by side doesn't has this issue.   Since when was the last time I have to suffer maintaining a Mac myself ? ...  @%#&@*!(!
  Anyone has clue to these or simply return to service centre to handle for me ?
  Thanks in advance (first time user in this community).

  Hello!
  I´m sorry it took so long to reply, but I´m new to these blogs; and I´ve been travelling a lot... Anyway, I was able to configure Airport Express, but I was told I could use it to expand my wireless network inside my house; which I found it´s not possible.
  So, I´m returning my Airport Express to the store tomorrow and try to figure out a way to extend my wireless in any other way.
  Any sugestion? Big houses are a problem...
  Best regards, and once again thank you!
  Antonio

• Exchange Server 2013 with RADIUS authentication

  Hello,
  I am a student and doing an internship. I have to test Microsoft Exchange Server 2013.
  I am using Windows Server 2012, I already installed Exchange Server 2013 on it and everything works as intended.
  But I couldn't find out how to configure my Windows Server 2012 in order to authenticate my mailbox users from Exchange Server 2013 with a RADIUS server which is not on my Windows Server 2012. I have to use their RADIUS server, the RADIUS server from the
  company where I am doing my internship.
  I already created a NPS and added the RADIUS Client + Remote RADIUS Server Groups. I created a Connection Request Policies with the condition:
  User Name *
  I forwarded the Connection Request to the Remote RADIUS server that I created in Remote RADIUS Server Groups and then I registered the NPS in th AD. But it's still not working. 
  Maybe I did something wrong or I misunderstood something or does this even work with Exchange Server 2013? To authenticate mailbox users with a RADIUS server before they can login into their mailbox and use their mailbox?
  Thanks in advance.

  On Wed, 26 Mar 2014 09:21:25 +0000, DavidIntern wrote:
  I already put the NPS as a RADIUS proxy. I followed this check list http://technet.microsoft.com/en-us/library/cc772591.aspx
  But the things is I want to make it work with our freeRADIUS2 that we have in place here. Without changing our freeRADIUS2. But I found out this is not possible since we are not using any Active Directory with it. Since I am still a newbie in this environment,
  I am not sure if it is possible.
  But my main question was if it was possible to use freeRADIUS2 and that my NPS would be the RADIUS proxy. So my question is answered, if I understood right, without making any changes to our freeRADIUS2 this is not going to be possible right? Because we have
  no AD?
  Our setup is freeRADIUS2 + MySQL database where all the users are stored.
  As I mentioned in my previous response this really isn't the right place
  for this question but why would you want to try to use a MySQL store for
  authenticating against Exchange in the first place when you've already got
  an authentication store (Active Directory) that is tightly integrated with
  Exchange?
  I still really don't understand what it is you're trying to accomplish nor
  why you're trying to use such a complicated, convoluted method to
  authenticate Exchange users.
  Paul Adare - FIM CM MVP
  Any sufficiently advanced bug is indistinguishable from a feature.