EAP-TTLS with GTC (Generic Token Card)
Greetings iPad Forum,
Our corporate wireless is currently setup to use EAP-TTLS with EAP-GTC (Generic Token Card) for inner identity. In other words, once a connection to the AP is initiated from a PC or Mac, the user is prompted for their RSA SecurID Passcode. No such luck on the iPad - it thinks that the AP is using TLS and wants a Certificate instead of a Token.
As a next step, I started playing with the iPhone Configuration Utility. It is possible to manually specify that the AP is using EAP-TTLS, but I see that EAP-GTC is not an inner identity option - only the *AP methods (PAP, CHAP, etc.).
Has anyone successfully connected to a Wifi network requiring EAP-GTC? I know that Tokens are supported for VPN, but not Wifi?
Keep playing with the iPCU. EAP-GTC with one-time password needs to be configured using a mobile configuration containing the WiFi payload. If configured on-device, iOS will continue to use the cached password causing account lockout.
For (a little) more information see: http://www.enterpriseios.com/wiki/Enterprise_Integration
Similar Messages
-
802.1x RADIUS with EAP-TLS/EAP-TTLS & Dynamic VLAN Assignment
Hello, My team is looking for switches supporting 802.1x authentication on either EAP-TTLS or EAP-TLS protocols with dynamic vlan assignment enabled for these. Looking at the data sheets of the Linksys desktop switches, I found only SLM224G4PS and SLM224G4S models to support EAP-TLS or EAP-TTLS. Am I right? Do they support Dynamic VLAN Assigment for either of those protocols? This is not explicitly mentioned in the data sheets, and I happen to find switches from other manufacturers that announce to support EAP-TLS/EAP-TTLS but no dynamic vlan assignment. Thank you for any help.
SLM switches do support 802.1x RADIUS with EAP-TLS/EAP-TTLS unlike the SRW switches which support MD5. But I don't think that they support Dynamic VLAN.
-
Configuring CAR 4.1 with EAP-TTLS
After the successful installation of the Cisco AR 4.1, we were able to verify open authentication using the "radclient". But when we started to configure AR with EAP-TTLS, we noticed that the only fields appearing under "eap-ttls-service" are
Name = eap-ttls
Description =
Type = eap-ttls
And it's missing something like 14 other parms including "AuthenticationService =" where the MSCHAPv2 is defined. Any thoughts?
Hazhir AfzaliHello Hazhir,
how exactly are you configuring the service ? Have a look at the link below, are these the procedures you follow ?
Configuring EAP-TTLS
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/4_1/users/eap.htm#wp1042234
Regards,
GNT -
Connecting myRIO to WiFi with WPA2 Enterprise EAP-TTLS
Hey guys,
I´m struggling to connect my myRIO to the eduroam wifi on campus. It worked for a time, but now it suddenly just doesn´t.
The network runs a EAP-TTLS (or PEAP) Authentification, MSCHAPv2 as an inner authentification and a GT UserTrust Global Root certificate. When I first got it working I just set it up in MAX and uploaded the certificate, when that now stopped working I´ve tried just about everything including editing the wpa_supplicant locally on the myRIO.
To put it short I´m stumped at this, and the fact that it worked for a while doesn´t help O.o
Cheers,
BjørnHi bjornsol,
I managed to connect a wireless cDAQ to eduroam by
Uploading the certificate in MAX
Entering the user name and network secret for PEAP, IP adress set to "DHCP or Link Local"
I can also confirm successfully accessing the device from a eduroam connected computer. Remember to configure a password for your device, it will otherwise be accessible to other eduroam users.
Ask the IT department at your university for a valid certificate. I downloaded this certificate from the KTH eduroam web page, not sure it will work for you if you are registered at another university.
If this doesn't work for you, please upload a screenshot from MAX when trying to connect to the network.
Best regards,
Robert P-F
Applications Engineer
National Instruments Sweden -
Hello,
Is it possible to use LEAP with Rsa Token Card to authenticate WLAN users in addition with ACS ?
Best Regards,You can use RSA SecurID with PEAP only. You will need ACS 3.2 at least with ACU 6.3/ ADU 1.0.
I have it working with limited functionality -
I'm not very familiar with the different types of wireless security out there. I'm going back to school next week and need to setup my laptop for the school's wireless. I'm currently using networkmanager (which I'm loving btw). The requirements for the schools wireless are:
SSID (aka, Network Name): psu *note that the SSID is case sensitive and must be all lower case
Network Type: Infrastructure
Security: WPA2-Enterprise (not WPA2-PSK)
Encryption: AES
Authentication Type: EAP-TTLS
Authentication Protocol: PAP
Certificate Authority: Thawte Premium Server CA
Authentication Server: radius1.aset.psu.edu
If allowed by your client program, it is also recommended that you enable options to Validate Server Certificate and Verify Server Name.
When I go to setup a new connection, the only authentication options i have are TLS, LEAP, Tunneled TLS, and Protected EAP(PEAP). Is there another package I need to install for EAP-TTLS?I don't know much about wireless, but the EAP page at wikipedia would lead me to believe that Tunneled TLS (= TTLS) is the one you want. There doesn't seem to be such a thing as 'standalone TTLS' if you get my meaning; searching wikipedia for TTLS just redirects to the EAP page.
-
Please do let me know if this is possible:
The client-browsers need to access the oracle 9i AS and then 9i DB using SecurID
Token Cards over ssl. The ssl layer is between the browser and the 9iAS. So do I need ASO to use the SecurID
Token Cards.
Our applications are written in jsp and servlets/html forms etc.
Appreciate if you could provide me with the details... The Oracle 9i security admin manual is not very clear on this:Hello,
I have the same problem. Is any solution ?
Thank for advice. -
Support for EAP-TTLS-PAP (as used by Eduroam) in N...
When it will be available a solution to the lack of support for EAP-TTLS-PAP (as used by Eduroam) in Nokia N86 8MP throught a new firmware?
To many years waiting... Must we go to another solution?
Thx.I have succeed to import the local certificate using the instructions in
http://www.jacco2.dds.nl/networking/symbian_cert_import.html
then the description in
http://www.reading.ac.uk/internal/its/eduroam/its-eduroam-config-nokia-n95.aspx
works with the given certificate. -
Hi,
I try to use EAP-TTLS on one of my wireless networks and the 802.1x authentification fails at this moment:
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.800: 00:16:cb:66:29:bc Processing Access-Accept for mobile 00:16:cb:06:09:bc
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.801: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 2
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.801: 00:16:cb:66:29:bc Resetting web acl from 255 to 255
*Dot1x_NW_MsgTask_0: Apr 19 16:04:52.802: 00:16:cb:66:29:bc apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 20, reasonCode 2
Do you have any idea where I can find what are deleteReason 20 and reasonCode 2?
Thanks.can you increase the EAP timers and try
(Cisco Controller) >config advanced eap ?
eapol-key-timeout Configures EAPOL-Key Timeout in milliseconds.
eapol-key-retries Configures EAPOL-Key Max Retries.
identity-request-timeout Configures EAP-Identity-Request Timeout in seconds.
identity-request-retries Configures EAP-Identity-Request Max Retries.
key-index Configure the key index used for dynamic WEP (802.1x) unicast key (PTK).
max-login-ignore-identity-response Configure to ignore the same username count reaching max in the EAP identity response
request-timeout Configures EAP-Request Timeout in seconds.
request-retries Configures EAP-Request Max Retries.
(Cisco Controller) >config advanced eap -
With the plethora of encryption options available on the N95 I was highly surprised to notice that PAP was not an option. My University network (UPenn) requires EAP TTLS PAP. Does anybody know if this will be incorporated in the future via firmware or other (possibly third party) software?
Thanks!I've just made Eduroam work on my N95 in Oxford University thus (I'm on firmware 11.0.026 date 17-04-07):
1. Make sure the root certificate for the authority that signed your radius servers' certificate is in the root store of your phone. Oxford uses Globalsign which is not there by standard.
2. Choose WPA/WPA2 for the WLAN Security Mode
3. Choose EAP as the WPA/WPA2 type
4. Choose WPA2 only mode and make sure it is off
5. In the EAP plug-in settings enable only EAP-TTLS and choose that. Set the Authority Certificate to match the one that signed your radius server's certificate.
6. Set your username and realm both to be user-defined and put them in the right boxes (my realm is ox.ac.uk).
7. Use the right of the centre button to move on the EAPs tab and enable "EAP-MSCHAPv2" ONLY. DO NOT ENABLE "MSCHAPv2".
8. In the settings for EAP-MSCHAPv2 provide your username (and password if you wish, or set it to prompt for it).
As we say in England, Robert is then your parent's brother.
You should now be able to use that network connection for web browsing, email, SIP and anything else you might choose. -
Connecting EAP-TTLS-PAP network on 5800
I am studying at RMIT University and we have both eduroam as well as the university's own WPA network. I was trying to connect to it (V50) and was unable to connect. I was using the help of this guide http://sites.google.com/site/pramudi/connecting-to-eduroam-on-nokia-5800-symbian-s60v5 before I found out that RMIT uses 802.11x security mode with PAP encryption. Can anyone help me? Here's a link to their setup guide for Linux: http://mams.rmit.edu.au/ua7mgpk79jzez.pdf
I set it up and then it says TTLS authentication failed.I've just made Eduroam work on my N95 in Oxford University thus (I'm on firmware 11.0.026 date 17-04-07):
1. Make sure the root certificate for the authority that signed your radius servers' certificate is in the root store of your phone. Oxford uses Globalsign which is not there by standard.
2. Choose WPA/WPA2 for the WLAN Security Mode
3. Choose EAP as the WPA/WPA2 type
4. Choose WPA2 only mode and make sure it is off
5. In the EAP plug-in settings enable only EAP-TTLS and choose that. Set the Authority Certificate to match the one that signed your radius server's certificate.
6. Set your username and realm both to be user-defined and put them in the right boxes (my realm is ox.ac.uk).
7. Use the right of the centre button to move on the EAPs tab and enable "EAP-MSCHAPv2" ONLY. DO NOT ENABLE "MSCHAPv2".
8. In the settings for EAP-MSCHAPv2 provide your username (and password if you wish, or set it to prompt for it).
As we say in England, Robert is then your parent's brother.
You should now be able to use that network connection for web browsing, email, SIP and anything else you might choose. -
Hi,
Does anyone know if there are any support for EAP-TTLS in the upcoming release 4 of ACS? We have invested heavilly in ACS but now we really need EAP-TTLS support (both auth and proxing).
Cheers
Anders Nilsson
UMDACHi,
EAP-TTLS along with PEAP is one of the prefered EAP:s used for EduRoam (www.eduroam.org) which is gaining more and more acceptance around the educational community. I'm really suprized that Cisco isn't up to date on whats going on around the many Universities. I estimate the only in Europe there will be more than 1000 universities using Radius servers and proxies. Australia is online and soon the US will join in. Here in Sweden (SUNET) we are now locking at but ACS product but if EAP-TTLS and Radius Proxing of all the protocols (PEAP, EAP-TLS, EAP-TTLS) are not supported we will have to look elseware (Freeraduis or Radiator). :(
We here in Sweden strongly suggest that Cisco implements EAP-TTLS and better Raduis Proxy functionallity. (Version 4.1 maybe? ;) )
Best Regards
Anders Nilsson
UMDAC -
I got an iphone from Hong Kong which is locked one. Can anyone explain me what does a locked iphone means. How do I use it in India now, with my own sim card. How do I unlock it???
If your iPhone is locked to a wireless provider, only that wireless provider
can unlock it. Contact the wireless provider in Hong Kong to see if they
offer unlocking and if you qualify.
If your iPhone is locked to an AppleID that you do not know, return it for
a refund as it is useless. Only the person whose AppleID was used for
activation can remove the lock. There is no workaround for Activation Lock.
If neither of the above is what you are facing, provide more detail so someone
may offer a solution. -
I HAVE AN OLD 3G IPHONE , HOW DO I USE IT IN ANOTHER COUNTRY WITH A NEW SIM CARD
I HAVE AN OLD 3G IPHONE , HOW DO I USE IT IN ANOTHER COUNTRY WITH A NEW SIM CARD ?
it has to be unlocked by your carrier. give them a call
-
Audigy 2 will not work with my PCI wireless card......causes freezing mouse ......HELP,!
Hi All,
I am just about beat with my Audigy2 Plat. card !!!!! .
IT WORKS A TREAT ON IT'S OWN . but when I attatch my wireless PCI Card all hell breaks loose.
My wireless card works great with a SoundBlaster Li've card,,,,,,,,,,,,,,,,,,,,,but not the Audigy 2.
Device manager can't see any conflics.................... I have updated all drivers , but no luck.
I have had "looking for ctgame.sys " messages ...................managed to find that file on the Installation Disk, but still it won't give me a break.....................just when you think you might be getting some where the mouse freezes and you have to reboot !!!!! What is it about the Audigy 2 ?
I have a feeling it might be something to do with the Game Port ................... I don't wan't to play games !
Please help.........
Cheers
BlackbobBlackbob wrote:
Hi All,I am just about beat with my Audigy2 Plat. card !!!!! . IT WORKS A TREAT ON IT'S OWN . but when I attatch my wireless PCI Card all hell breaks loose.My wireless card works great with a SoundBlaster Li've card,,,,,,,,,,,,,,,,,,,,,but not the Audigy 2.Device manager can't see any conflics.................... I have updated all drivers , but no luck. I have had "looking for ctgame.sys " messages ...................managed to find that file on the Installation Disk, but still it won't give me a break.....................just when you think you might be getting some where the mouse freezes and you have to reboot !!!!! What is it about the Audigy 2 ?I have a feeling it might be something to do with the Game Port ................... I don't wan't to play games !Please help.........CheersBlackbob
Just disable the gameport on "Device Manager" to see if it's the culprit.
Have you also played with mouse settings (acceleration and saple rate)?
.jtp
Maybe you are looking for
-
How do I use one of my photos for the desktop background?
I have a photo which I would like to have as my desktop background. How do I accomplish this?
-
Regarding Internal Exception: java.sql.SQLException
While deploying the application we are encounter a following error, Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: FATAL: sorry, too many clients already Error Code: 0 De
-
Power Mac G5 DP 1.8, won't to enter in Open Firmware, and no OF comm. exec.
Hi Guys, It seems to strange but my Power Mac G5 DP 1.8 Ghz, cannot enter in the OF and no commands are accepted by the OF (like boot from cd pressing C, or reset Pram, or everything else) I'm not sure but probably after the last upgrade ( november 2
-
Opening balance differs with closing balance
Hi I have a scenario where opening and closing balance (Previous period/year)of g/l accounts are different (for differernt currencies except company code currencies) .It is a customized report where the system is taking the value of recently maintai
-
Can't open password protected xls or pdf
I can't open a password protected xls or pdf file attachment in my yahoo email inbox. I don't get an option to enter the password. Any workaround for this?