Computer Authentication /host/machine name using EAP on AP Problem

Similar Messages

• Not restoring machine name using ZISEDIT

  Hi
  What is the registry key to stop ISD from changing the machine name to
  the one stored in the image safe area? We have our own renaming mathod
  that works fine but sometimes ISD overwrites the name we change)
  I have struggled to understand the right key you need to create
  [HKEY_LOCAL_MACHINE\Software\Novell\Zenworks]
  "ZISWin Do Not Restore Mask"=dword:?????????
  "ZISWin Do Not Restore Mask"=dword:?????????
  what would be the value to not collect or restore the NETBios name
  (0x00000004) (?) or DNS Host name (0x00000100) (?) - not 0x00000104 by
  any chance
  my aim is to stop ziswin.exe from ever changing the machine name - either
  collecting or restoring.
  following http://support.novell.com/cgi-
  bin/search/searchtid.cgi?/10081392.htm and the documention for zen 6.5
  imaging
  Thanks in advance
  Oli

  On Tue, 09 Jan 2007 21:30:14 GMT, [email protected] wrote:
  > When I ticked the boxes in ziswin it didn't create the the registry keys I
  > expected it would... or does it and I've missed them?
  hmm.. which patchlevel?
  you can also write a script which will retrieve the asset tag from the bios
  and put it into the image save data.
  concerning the dupplicate wks, there was a bug which should have been
  fixed, but there is also a lot of other things to keep in mind, without
  knowing your setup I can't help you more
  If you have already compiled drivers or have linux.2 please put them on
  http://forge.novell.com/modules/xfmo...ect/?zfdimgdrv
  Live BootCd and USB Disk from Mike Charles
  http://forge.novell.com/modules/xfmod/project/?imagingx
  eZie http://forge.novell.com/modules/xfmod/project/?ezie
  Marcus Breiden
  If you are asked to email me information please change -- to - in my e-mail
  address.
  The content of this mail is my private and personal opinion.
  http://www.edu-magic.net

• Authenticating Host SPN using Kerberos Login module

  Hi,
  I have written an application that needs to support Java GSS based context establishment using Java's Kerberos Login module with the clients.This application is hosted in Tomcat and I have a limitation that tomcat is running as "LocalSystem" account on the host machine(Not to confuse with Administrator account on the host machine) so it is not having password.
  On the AD to which this host is connected has SPN registered for this host machine like any other computer account. But my doubt is how will I authenticate my application(Using Kerberos Login module) using that Host SPN if I do not have any password for the "LocalSystem". I am giving user name as "HOST/<machine-name", or "<machine-name>" but it fails at the application side saying no encryption key found. If I try to give some random password I get error message from AD saying that Pre Authentication failed.
  Without authentication my application to AD I am not able to get the Kerberos Key which is required for context establishment for GSS.
  Any help in this regard will be really helpful.
  Thanks.

  Thanks for your response!
  My application is just an authentication module in a bigger application which is not under my control. This application is hosted on Apache Tomcat and provide both the options to run as "LocalSystem" account and domain account. So I have to provide support for both the options.
  I am getting increasingly convinced that Java Kerberos module can't handle the authentication for "LocalSystem" account and I need to opt for some Windows Native Apis for that. If that is the case Can someone tell me how can i proceed for that. I have no idea which Windows apis to use for it.
  Thanks.
  Edited by: Java-Dev-01 on Mar 14, 2010 6:03 AM

• How to Access DATA, Physical Flash Drive from Host machine

  Hello Everyone,
  First i am sorry for My English also if i post wrong place.
  In HyperV, I created 3 VM machines, and i want each machines can access to Data or Flash Drive from Host machine.
  THanks you so much!
  Regards
  VeasnaYim

  Hi,
  The Hyper-V forum is here:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverhyperv
  But, your question is relatively simple.  You will need to use standard Windows networking to access data from the host machine.  Depending on your version of Hyper-V, connecting to it via RDP from the host machine can use the RDP client's ability
  to access the host drives also.

• Apple macosx machine authentication with ISE using EAP-TLS

  Hello,
  On a ongoing setup we are using eap-tls authentication with account validation against AD. We have our own CA (microsoft based). ISE version 1.2.1 patch 1.
  With windows machines all is working well. We are using computer authentication only.
  Now the problem is that we wish to do the same with MAC OSX machines.
  We are using casper software suite and are able to push certificates into macosx, and are doing machine authentication.
  in ISE the certificate authentication profile is being set to look at the subject alternative name - DNS name of the machines. Whenever we set it to the UPN (hostname$) windows accounts are not found in ad.
  When MAC OSX authenticate as machines (they have a computer account in AD) they present themselves with RADIUS-Username = hostname$ instead of host/hostname.
  The consequence is that by lacking the host/, ISE considers that this is a user authentication, instead of a computer one, and when it sets off to find the account, it searches in User class instead of Computer - which obviously returns no results.
  Is anybody aware of any way to force MAC OSX to present a host/hostname RADIUS-Username when authenticating?
  Any similar experiences of authenticating MAC OSX with ISE and machine/computer authentication are welcome.
  Thanks
  Gustavo Novais

  Additional information from the above question.
  I have the following setup;
  ACS 3.2(3) built 11 appliance
  -Cisco AP1200 wireless access point
  -Novell NDS to be used as an external database
  -Windows 2003 enterprise with standalone Certificate Authorithy Services Installed
  -Windows XP SP2 Client
  My Goal is to use Windows XP Native Wlan Utility to connect to AP using EAP-TLS authentication against Novell NDS.
  Tried to connect using Cisco compatible wlaN utility and authenticate using EAP-GTC against Novell NDS for for users, it works fine and perfectly.
  When connecting using EAP-TLS, I am getting an error from ACS failed attempt "Auth type Not supported by External DB". But in the ACS documentation says that it supports EAP-TLS. How true is this? Is there anybody have the same problem? Do I need to upgrade my ACS? What should I do? What other authentication type could be used to utilize native WinXP Wlan Utility?
  Please help...
  Thanks

• 802.1x authentucation only on Virtaul machine. i want to by pass EAP authentication on Host machine

  i want to do EAP authentication (802.1x) authentication by the client installed on Virtual machine. i want to by pass EAP authentication(802.1x) on Host machine, because i wanted to test it on the client in VM not on the host machine. for wifi it works fine because i can have a USB wifi NIC which connects to VM directly and the authentication goes fine as host machine NIC does not come into the picture at all.
  but in Case of wired VM NIC has to go via Host NIC.

  Hello,
  I managed to do that with a VM and a host, both authenticating in wired, behind a phone. The host would receive an ACL limiting its traffic to just internet and the VM could access the internal network. (do not ask to discuss the use case).
  The considerations were that :
  both host and VM would need to be on the same dynamically assigned VLAN, as 2960/3750 do not support two DATA domain hosts in different vlans (3850 apparently supports or will support it), so I had to have 802.1X both on host and in VM.
  the VSwitch in VMworkstation had to be in bridge mode.
  authentication mode multiauth had to be enabled in the interface in order to cope with multiple authenticated sessions behind the same interface.
  What is exactly your question?
  Gustavo

• How to change host to just use "machine name" in URL

  I've installed WebCenter Suite on a MS Windows machine. Due to the ip setup I also had to install the Loopback adapter to get things to work. Now everything seems to run, but the URLs always have my machine name plus the domain it's on. Since I need others to be able to access this installation, that's an issue and I need the host to just be my machine name instead of the machine name and full domain. For example, right now the wiki would be accessed:
  http://MyMachineName.mydomain.com/owc_wiki
  I need the URLs (and the redirects that occur) to always work like:
  http://MyMachineName/owc_wiki
  I guess the basic question is.. how do you change the "host" within a WebCenter installation?
  Thanks in advance.

  Hi DDDDD(etc),
  Check out the Oracle Application Server Administrator's Guide section 7.2 - it details the instructions.
  http://download-uk.oracle.com/docs/cd/B32110_01/core.1013/b32196/host.htm#BHBBJEBF
  Regards,
  John

• Mac & 802.1x Machine Authentication to Microsoft AD using PEAP

  We are having trouble successfully connecting wirelessly our Active Directory-bound Macs to our internal 802.1x wireless network using EAP-PEAP with machine authentication. All of our Windows machines work fine. We have a network profile built out of JAMF, with some generic payloads configured, including Use Directory Authentication and the appropriate Verisign certificate attached to authenticate to the Cisco Radius Server onsite. We are able to connect to this wireless network when we also have the machine directly connected via Ethernet. Somehow this causes the Mac to pass the correct domainhost\machinename. When we aren't connected directly, the Mac attempts to authenticate with the incorrect domainhost in front of the correct \machinename. The logs from Console are attached below:
  Apr 22 13:37:28 MACHINENAME eapolclient[****]: System Mode Using AD Account '(wrongdomain)\machinenameinAD$'
  Apr 22 13:37:28 MACHINENAME eapolclient[****]: en0 PEAP: authentication failed with status 1
  Apr 22 13:37:28 MACHINENAME eapolclient[****]: peap_request: ignoring non PEAP start frame
  Apr 22 13:37:31 MACHINENAME eapolclient[****]: en0 STOP
  Apr 22 13:37:52 MACHINENAME eapolclient[****]: opened log file '/var/log/eapolclient.en0.log'
  Apr 22 13:37:52 MACHINENAME eapolclient[****]: System Mode Using AD Account '(correctdomain)\machinenameinAD$'
  Apr 22 13:37:52 MACHINENAME eapolclient[****]: en0 START
  Apr 22 13:37:53 MACHINENAME eapolclient[****]: eapmschapv2_success_request: successfully authenticated
  The first, unsuccessful attempt above is when we are attempting to authenticate and connect wirelessly without a connection to ethernet. The 2nd, successful attempt is when are also connected to Ethernet, which passes the correct domain name, properly authenticating the domain\machinename. After reboot, we have to again plug in directly to Ethernet to reauthenticate to this wirelss network. Any idea(s) why plugging into Ethernet would cause the Mac to send the correct domainhost? Thanks.

  Hi Danny. Older thread here, but I can confirm 10.8.4 did indeed resolve a very specific bug in circumstances where the netbios name did not match the domain name. We worked with Apple's engineers on resolution for this fix and can confirm that until we got our Macs to 10.8.4, we experienced similar issues with machine-based configuration profiles failing to authenticate as a result of incorrectly passing the wrong domain.
  Glad you found resolution with a later version of the OS.
  Reference: http://lists.psu.edu/cgi-bin/wa?A2=MACENTERPRISE;Zrq7fg;201303271647570400

• 802.1x EAP-PEAPv0 (MSCHAPV2) with computer authentication

  I am a network administrator at seven schools, and a few of these schools are now using 802.1x EAP-PEAPv0 (MSCHAPV2) with computer authentication  only, for wireless security. 
  We are a mixture of 2008 and 2003 (Windows Domain) servers running IAS or NPS for RADIUS.  
  I push out the wireless client’s setting via group policy, and the clients are using WZC. 
  Every now and then, a client will be unable to authenticate/validate during the authentication phase. 
  Some clients this will never happen to and a few it will happen repeatedly. 
  To fix this I have to hard wire the computer and do a gpupdate, even though the computer already had the updates applied previously, and is still part of the domain. 
  Many of our classrooms lack network drops, so wireless is the best for us. 
  Except for this one downfall, it is working great. Any help is appreciated.

  Hi Ryan,
  Thanks for posting here.
  Could you discuss the situation that you mentioned “a client will be unable to authenticate/validate during the authentication phase. 
  Some clients this will never happen to and a few it will happen repeatedly. ”
    in detail ? Can you verify if there is any error or warring that relate with this authentication issue recorded in event log on client and radius server ?
  Only certain computers are facing this issue or all?
  What’s OS running on these client computers?
  According the situation right now , I’d like to share some suggections with you:
  1. An 802.1x client may fail to connect to an Radius server if the Trusted Root CA certificate that issued the Radius server certificate is not installed on
  the client computer. Either verify that the trusted root authority is installed on the client computer or disable certificate validation on the client. To disable certificate validation, access the properties of the connection, and on the Authentication tab,
  click Properties. Click to clear the Validate server certificate check box. EAP-TLS requires the installation of a computer certificate on each RADIUS server and a computer or user certificate, or smart card on all clients. PEAP-MS-CHAPv2 requires the installation
  of a computer certificate on each RADIUS server and the root CA certificates of the issuing CAs of the RADIUS server certificate on each of the client computers.
  2. Verify that Radius is configured for the logging of rejected authentication attempts to the event log. Try the connection again, and then check the system
  event log for an IAS event for the failed connection attempt. Use the information in the log to determine the reason the connection attempt was either rejected or discarded. Logging options are configured on the General tab of the Radius server Properties
  dialog.
  3. Any rejected or discarded connection attempt recorded should identify the Connection Request Policy used. A RADIUS request message is processed only if the
  settings of the incoming RADIUS request message match at least one of the connection request policies. Examine the conditions of the policy identified to see where the request fails.
  4. Determine from the IAS system event log entries whether the authentication failure is for computer auth, user auth, or both. By default, Windows performs
  an 802.1x authentication with computer credentials before displaying the Windows logon screen. Another authentication with user credentials is performed after the user has logged on, and if this fails the machine will be disconnected from the network. Similarly,
  if computer authentication fails but user auth is successful, symptoms will include failure to process login scripts or apply group policies and machine password expiration will not be updated since the user will only be able to logon with cached credentials.
  If you use a smart card for authentication, you can only perform user authentication because smart card usage requires manual entry of a personal identification number (PIN). There is no way to provide the PIN to unlock the smart card certificate during computer
  authentication.
  5. Examine the wireless trace logs captured and search for keywords error, failed, failure, or rejected. This should give an indication as to what point in the
  authentication process the failure occurs.
  Meanwhile, I ‘d like suggest you may start troubleshooting with following the guides below and see if it will help:
  Windows Server 2003 Wireless Troubleshooting
  http://technet.microsoft.com/en-us/library/cc773359(WS.10).aspx
  Troubleshooting Windows Vista 802.11 Wireless Connections
  http://technet.microsoft.com/en-us/library/cc766215(WS.10).aspx
  Thanks.
  Tiger Li
  TechNet Subscriber Support in forum
  If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Random computers running Windows XP have this problem.  It does not happen to all of them at once. 
  It is very random.  A computer that has been connecting to the secure network for weeks will all of a sudden not be able to connect. The message is “attempting to authenticate” and it never makes the connection. 
  I checked if logging is turned on and I can see successful events from computers that are working. 
  I can also see failed events from computers that are not ours that tried to connect to our wireless. 
  However for the computers that are having this problem there are no logged events. 
  It is as if they don’t even communicate with the server. 
  Other clients on the same AP are working fine.  I rebooted the IAS service, and RADIUS clients, but this did not help. 
  I also checked all the settings and they are correct, using PEAP, and validating the server certificate is disabled. 
  I did notice that the firewall is also turned on through group policy when the domain is not available.
     Do you think the firewall is blocking the communication? 
  I added an exception to port 1812 UDP and this did not make a difference.

• How to use "machine name" in new report vi?

  I have a computer on a network that has Microsoft excel installed. On another computer I have an application that will take an excel file and stuff a bunch of data from a database into specific cells to generate a report. The vi works fine on my computer (where excel is loaded locally) but when I try and run the VI and access excel remotely I get an error message as follows:
  Error -41106 occurred at NI_Excel.lvclass:new report subVI.vi -> NI_report.lvclass:New Report.vi -> printTestSheet.vi
  Possible reason(s):
  Report Generation Toolkit: Microsoft Word or Excel did not open. Make sure Microsoft Word or Excel is installed.
  Error -41106 occurred at NI_Excel.lvclass:new report subVI.vi -> NI_report.lvclass:New Report.vi -> printTestSheet.vi
  Possible reason(s):
  Report Generation Toolkit: Microsoft Word or Excel did not open. Make sure Microsoft Word or Excel is installed.
  I have included the ip address of the remote machine to the "machine name" input of the "New Report" vi.
  Any suggestions/solutions?
  Gerry Thompson

  Hi Gerry,
  One reason that you may get this error is if Distributed COM wasn't enabled on the remote machine. See this Microsoft KB for how to check or enable that functionality.
  If that doesn't help; let me know, and I'll try to setup a similar test case on my end. The process isn't well documented, and I haven't seen any existing examples, so I'd like to see what it takes to get it running.
  All the best,
  Fred V -- Product Support Engineer -- LabVIEW R&D -- National Instruments

• I have Lightroom 6 (not CC) on a Windows machine.  I'm prompted to log into Creative Cloud when I restart my computer (I don't have, use, or pay for Creative Cloud), and then when I launch Lightroom, it tells me to use the application I have to log into m

  I have Lightroom 6 (not CC) on a Windows machine.  I'm prompted to log into Creative Cloud when I restart my computer (I don't have, use, or pay for Creative Cloud), and then when I launch Lightroom, it tells me to use the application I have to log into my Adobe account...AGAIN!  And then to further add insult to injury, I'm prompted to enter in the license number of my product.  I've gone through this process a dozen times now...SCREAM!!!

  Paulou12 what type of a Creative Cloud Membership do you have?  You can find details on how to update Lightroom using the Creative Cloud Desktop application at Install and update apps - https://helpx.adobe.com/creative-cloud/help/install-apps.html.
  Finally if you are in a managed environment then please work with your I.T. department to apply the update.

• I am out of space on my Macbook Air and have a Time Machine Backup. I want to complete reset my mac, but wonder if I can pick and choose what I restore to my computer? Can I also use my time machine backup and external storage as well?

  I am out of space on my Macbook Air and have a Time Machine Backup. I want to complete reset my mac, but wonder if I can pick and choose what I restore to my computer? Can I also use my time machine backup as external storage as well for the files I don't need everyday?

  If you are using "Restore from Time Machine Backup" option from OS X Recovery, you can only choose from the broad categories presented.
  ... Can I also use my time machine backup as external storage as well for the files I don't need everyday?
  To be clear, if you are asking if you can use the volume containing your Time Machine backup to store additional, non-Time Machine files, the short answer is yes.
  It's not a good idea though, since the Time Machine backup will eventually fill all available space, after which it begins to remove old, "expired" backups to make room for newer ones. The presence of additional files doesn't change that fact, and Time Machine will not erase them, but you will encounter a dilemma should you want to store additional files on that volume when there is no remaining space. You will have to make room for them on your own, by deleting existing files. Furthermore, since Time Machine cannot back up its own volume, those additional files will not be backed up by Time Machine.
  The easy solution for what you describe is to purchase additional external storage. External USB hard disk drives have become very inexpensive; about $55 will buy a perfectly suitable 1 TB drive.
  You can also choose to replace your MacBook Air's internal storage with a larger capacity one. Look for a suitable replacement from OWC / MacSales:
  http://eshop.macsales.com/shop/SSD/OWC/Air-Retina
  That gets a little more expensive but it is the optimum solution.

• Long story short....I restored my computer to an earlier point using time machine and now all of the previous back-ups are gone. My question has to do with itunes...is it possible to restore my itunes library to the most recent backup because the restore

  Long story short....I restored my computer to an earlier point using time machine and now all of the previous back-ups are gone. My question has to do with itunes...is it possible to restore my itunes library to the most recent backup because the restore that I did was in march and the latest backup was in may....the reason being is that there were app that i had downloaded that are in my most recent back-up, that were not in the backup I restored to. Is it possible to just restore one application ie)itunes?

  See this post.
  tt2

• I have Photoshop Elements 10 on a new Mac, using Yosemite 10.1.1 - PE locks up every time I try to sign in. This software was restored to this computer from Time Machine after a theft of my old Mac. How can I fix this?

  I have Photoshop Elements 10 on a new Mac, using Yosemite 10.1.1 - PE locks up every time I try to sign in. This software was restored to this computer from Time Machine after a theft of my old Mac. How can I fix this? It keeps telling me that there are missing files, too. If I upgrade to Elements 12 or beyond, will this fix the problem?

  You can't sign in because there is nothing to sign in to. For PSE 10 the only sign in was to photoshop.com, which has been dead and gone for a year and half. Just skip the sign in. Reinstalling will not change this.
  PSE 8, 9, 10 Can’t Sign In, Error 404 | Barbara's Sort-of-Tech Blog
  PSE is locking up because it's looking interminably for the non-existent photoshop.com server.

• I have created a PDF with mp3 audio clips, the file works on PC's with audio playback (WIndows 7, 8 ) however the audio does not play when hosted on a website or an ipad/tablet computer or smart phone when used with PDF reader

  I have created a PDF with mp3 audio clips, the file works on PC's with audio playback (WIndows 7, 8 ) however the audio does not play when hosted on a website or an ipad/tablet computer or smart phone when used with PDF reader

  adobe42135678 wrote:
  the audio does not play when hosted on a website...
  When viewing in what browser?