Hospitality based wireless authentication

Similar Messages

• Browser based wireless authentication not renewing dhcp

  Hi, I need to renew my dhcp by hand after I authenticate to the web browser based authtication system my wireless network uses.  The IT dept. tells me this is MY problem and that I need to contact apple.  Is this a known isue and if so is there any plans for a fix?
  I've got a macbook running Snow Leopard.
  thanks,
  -tom

  Strictly speaking, that should never be necessary - they have their authentication system screwed up.
  However, to do it is straight-forward: System Preferences > Network > Advanced > Renew DHCP Lease
  Alternatively, over wireless you can simply turn Airport off then on again.
  From the command line (in Terminal or in a script):
  sudo ipconfig set en0 DHCP
  (replace 'en0' with the name of the network interface you are using; probably 'en0' for ethernet and 'en1' for wireless).

• Secure wireless authentication

  I have just been reading all the posts about secure wireless access and I am
  not happy with the direction Novell has chosen to take.
  I have been extremely pleased with Netware, GroupWise & ZenWorks but Novell
  is starting to loose it's appeal.
  Let me summarize what I have learned and see if I have made any mistakes
  with my understanding.
  1. Novell has stopped development on their Radius server and have no plans
  to resume development.
  2. Novell contributed code to the open source FreeRadius project.
  http://www.novell.com/news/press/arc...2/pr05008.html
  3. There isn't any Radius server with 802.1x authentication that runs on
  Netware (Netware kernel).
  a. Novell's Radius server (BMAS or the newer NMAS server) doesn't do
  802.1x authentication.
  b. I have contacted Funk and this is their reply. Steel-Belted Radius
  Server will run on Windows and Solaris (Linux is coming).
  http://www.funk.com/News&Events/sbr_linux_pn.asp
  c. MTG House hasn't gotten back to me about a solution for Netware. (I
  am doubtful, I didn't find anything on their website.)
  4. You need to run a Radius server that does 802.1x authentication and will
  work/integrate with eDir.
  a. FreeRadius (Linux) will integrate with Edir.
  http://www.novell.com/documentation/...ius/index.html
  http://www.novell.com/coolsolutions/feature/15383.html
  b. Funk's Steel-Belted Radius server (Windows, Solaris & Linux is in
  beta).
  http://www.funk.com/radius/default.asp
  c. Aegis Server
  http://www.mtghouse.com/products/aeg...er/index.shtml
  5. You need a 802.1x Client to authenticate to a Radius server for wireless
  authentication.
  a. Microsoft has 802.1x support in their client. (read this from other
  posts in this forum)
  b. Novell isn't planning on putting 802.1x support in the NW Client.
  (read this from other posts in this forum)
  c. There are 2 Radius clients that integrate with the NW Client for
  Radius Edir authentication.
  1. Funk's Odyssey Client ($45 - $50 per workstation depending on
  quantity) + added annual maintenance costs.
  $2281.25 for 50 Client licenses & annual maintenance.
  http://www.funk.com/radius/wlan/wlan_c_radius.asp
  2. Aegis' Client ($32 - $39.99 per workstation depending on
  quantity) + added annual maintenance costs.
  $2240.00 for 50 Client licenses & annual maintenance.
  http://www.mtghouse.com/products/aeg...nt/index.shtml
  http://www.mtghouse.com/novell_app_note_122204.pdf
  3. When FreeRadius is integrated with Edir is this separate client
  still needed?
  I didn't see anything about a separate client being needed while
  reading the Integrating FreeRadius with Edir documentation.
  6. FreeRadius support is going to be built-in to the next version of Edir.
  http://www.novell.com/news/press/arc...2/pr05008.html
  Why didn't Novell contribute code to port FreeRadius to Netware?
  At this point in time they are still giving us a choice between the Netware
  kernel and the Linux kernel. To me that says they are willing to make
  things work with both systems until they drop support for the Netware
  kernel. Ok, so give me support for 802.1x authentication in the Netware
  kernel. I don't have stray single purpose servers floating around my
  network and I don't want to have to begin that practice just to get Radius
  802.1x authentication working.
  I also won't put my district at a disadvantage by upgrading to the Linux
  kernel until I know Linux well enough to administer it properly. I am the
  IT department at this district so I don't have a great deal of extra time to
  run about learning the new things I would LOVE to learn. I'm sure I'm not
  the only person in this situation so Novell should take these things into
  concideration before they just drop support for a product they say they are
  still supporting. Obviously all of the real support is going toward the
  Linux side at Novell.
  Daniel Blake
  Milford Central School

  Ok, I'll give them the benefit of the doubt and say fine the Netware kernel
  might as well be considered dead. So they are giving me support via
  FreeRadius if I just migrate to OES (Linux). Ok, I might/can live with that
  as a Novell decision.
  But that still doesn't explain why they don't give us some client to log in
  via 802.1x. Giving us the server but not the client is like giving us a
  locked door without a key. That's just plain stupid. I would rather stay a
  Netware - OES shop, but if Novell can't think something this simple through
  then I'm a little nervous about staying with them. What could they think up
  next?
  I guess Novell has decided to port all it's software to Windows cause it
  sucks so bad at business decisions. GroupWise & ZenWorks run completely on
  Windows now, so why do I need OES at all? Except for complexity &
  integration issues of course. I mean why would I need to purchase Edir for
  Windows if I didn't stay with OES? Or Nsure Identity Manager for that
  matter. So if we start looking deeper into this we see Marketing all over
  this thing. Novell Marketing has always done such a good job for Novell.
  Novell has given me a real choice that will work though. If I migrate
  completely to a Windows network it just works without any added costs. Heck
  it even makes my installs easier without having to install the NW Client on
  every new workstation. I can still run ZenWorks & GroupWise too.
  Now, how is Novell Marketing going to screw up and make me hate GroupWise &
  Zenworks so I migrate completely away from Novell products? Way to go
  Novell!
  Daniel Blake
  Milford Central School
  "Jim Michael" <[email protected]> wrote in message
  news:[email protected]...
  > mcsdtech wrote:
  >
  >> 1. Novell has stopped development on their Radius server and have no
  >> plans to resume development.
  >
  > Correct, so far as we know.
  >
  >> 2. Novell contributed code to the open source FreeRadius project.
  >> http://www.novell.com/news/press/arc...2/pr05008.html
  >
  > Yes. Code to allow easier integration with eDirectory.
  >
  >> 3. There isn't any Radius server with 802.1x authentication that runs on
  >> Netware (Netware kernel).
  >
  > Correct.
  >
  >> a. Novell's Radius server (BMAS or the newer NMAS server) doesn't do
  >> 802.1x authentication.
  >
  > Correct. It was developed quite a while before 802.1x even existed.
  >
  >> b. I have contacted Funk and this is their reply. Steel-Belted
  >> Radius Server will run on Windows and Solaris (Linux is coming).
  >> http://www.funk.com/News&Events/sbr_linux_pn.asp
  >
  > Correct, but Stell-Belted Radius is probably the last solution I would
  > look at. Radiator is a commercial product that runs on Linux or Windows
  > (it is Perl-based) and you will get far better support from them on
  > eDirectory issues and general Radius problems. freeRADIUS is what I would
  > run on Linux if you don't want to spend a dime on the software.
  >
  >> c. MTG House hasn't gotten back to me about a solution for Netware.
  >> (I am doubtful, I didn't find anything on their website.)
  >
  > Not familiar with them.
  >
  >> 4. You need to run a Radius server that does 802.1x authentication and
  >> will work/integrate with eDir.
  >> a. FreeRadius (Linux) will integrate with Edir.
  >> b. Funk's Steel-Belted Radius server (Windows, Solaris & Linux is
  >> in beta).
  >
  >> c. Aegis Server
  >
  > And Radiator (what I run) http://www.open.com.au This is the solution we
  > run.
  >
  >> 5. You need a 802.1x Client to authenticate to a Radius server for
  >> wireless authentication.
  >
  > Correct.
  >
  >> a. Microsoft has 802.1x support in their client. (read this from
  >> other posts in this forum)
  >
  > Correct. Technically, the "support" is in Windows, not the MS client.
  >
  >> b. Novell isn't planning on putting 802.1x support in the NW Client.
  >> (read this from other posts in this forum)
  >
  > Correct.
  >
  >> c. There are 2 Radius clients that integrate with the NW Client for
  >> Radius Edir authentication.
  >> 1. Funk's Odyssey Client 2. Aegis' Client ($32 - $39.99 per
  >> workstation depending on
  >
  > Correct.
  >
  >> 3. When FreeRadius is integrated with Edir is this separate
  >> client still needed?
  >
  > Yes. You ALWAYS need a 802.1x supplicant (client) on the workstation.
  > Windows has one built-in, which works FINE against eDirectory. HOWEVER,
  > because of the way it works you must log into eDirectory *after* fully
  > logging into windows. That is unacceptable to most organizations (you
  > would have to manually log in and map drives to NW, etc). This is why
  > there are third-party clients that integrate specifically with the NetWare
  > client.. they allow the 802.1x authentication to "insert" itself
  > in -between the Windows and eDirectory login, thus preserving all of the
  > normal features like dynamic local user, zen policies, etc.
  >
  >> I didn't see anything about a separate client being needed
  >> while reading the Integrating FreeRadius with Edir documentation.
  >
  > A client is always assumed.
  >
  >> Why didn't Novell contribute code to port FreeRadius to Netware?
  >
  > Because Novell's future direction is Linux, and there isn't much demand
  > for a NetWare Radius server.
  >
  >> At this point in time they are still giving us a choice between the
  >> Netware kernel and the Linux kernel. To me that says they are willing to
  >> make things work with both systems until they drop support for the
  >> Netware kernel. Ok, so give me support for 802.1x authentication in the
  >> Netware kernel. I don't have stray single purpose servers floating
  >> around my network and I don't want to have to begin that practice just to
  >> get Radius 802.1x authentication working.
  >
  > You can always make your wishes known at
  > http://support.novell.com/enhancement
  >
  >> I also won't put my district at a disadvantage by upgrading to the Linux
  >> kernel until I know Linux well enough to administer it properly. I am
  >> the IT department at this district so I don't have a great deal of extra
  >> time to run about learning the new things I would LOVE to learn. I'm
  >> sure I'm not the only person in this situation so Novell should take
  >> these things into concideration before they just drop support for a
  >> product they say they are still supporting. Obviously all of the real
  >> support is going toward the Linux side at Novell.
  >
  > I understand the frustration, but I doubt things will change. There is a
  > big difference between "supporting" existing products and adding major
  > enhancements to products to support new standards. I just don't think
  > Novell believes it is worth dedicating development resources to enhancing
  > Radius on NetWare, for those few that can't/won't run a Linux or Windows
  > box where the software already exists.
  >
  >
  > --
  > Jim
  > NSC SYsop

• Using OLAP Connection for SAP BW based on authentication type Prompt

  We try to use an OLAP Connection based on authentication type Prompt. This should cause a dialog to popup where the user can enter credentials for SAP BW. This works fine for Analysis for OLAP, but not in Web Intelligence and Design Studio.
  In design studio the following message appears:
  failed to connect to "BA1CLNT100"
  Configuration of destination
  customized_guid:FnTHdVPWmQ4AMLQAAD4XL4cAAFBWmWVp is incomplete:
  Parameter user id missing: neither user nor user alias nor sso ticket nor certificate is specified.
  Does anyone know if this feature is supported and what causes this error?

  Hi,
  Can you check the option "Disallow insecure incoming RFC connections" from CMC >> SAP Authentication and see if it helps.
  -Ambarish-

• ACL on controller-based wireless

  We're trying to put an ACL on our wireless guest subnets on a controller-based wireless system. We're using 2 of the WiSMs. The ACL I used to use in WLSM allowed the guest subnet to the dhcp servers and out to the internet and dropped everything else, but I don't know where I would apply that list now for it to work with all the different vlans and addresses for the WiSMs.

  Hi Brian,
  Perhaps this doc will help;
  ACLs on Wireless LAN Controller Configuration Example
  From this doc;
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
  Hope this helps!
  Rob

• Wireless authentication to a windows network

  IF this is the wrong group please let me know and I will re-post...
  I am trying to solve some problems authenticating to a windows network using a airport card....
  I keep getting a non-trusted certificate message after/during the 802.x authentication box..We are not using certificates, at least that is what the admin tells me...so I have logged in as root, opened keychain and set the certifcates in question to trust always for all settings...I log out and then relogin as a normal network account and I still get the message which I can click continue and now I have access..
  the other problem is that my home folder will not mount...I have to mount it manually through the finder..I am assuming this is because the airport network services are not running until I authenticate locally with a cached password....Is there a way to have the login window authenticate through airport so I can have my home directory mount automatically...
  thanks for your help...

  unfortunately there are severla problems with the solution and it really doesn't address the issue. I can't mount the volume on the dock as it won't mount, probably because it is the server itself that has been mounted, not the shared home folder. Also it might create a conflict by having an alias to the home folder that would conflict with the auto mounted home folder when I use the ethernet as a connection source. What I have is a multi-purpose machine.
  1) I use a hardwired connect at my desk...
  2) If I need to go somewhere that a port in the wall is not active, I can then use a wirless connection which allows me access to everything I need....
  What I need to do is get this working so that the rest of the area can use it as well....
  So the question still remains: Does the wireless authentication not mount the home directory because it is not tied into the login window. For example, in a hardwired case I login to the system and this authenticates me and mounts my home folder. When I unplug the ethernet cable and turn on ariport and log off I login to the login window but the 802.x box comes up and asks for my password....which then brings up a not trusted certificate. Which I have tried everyhting I know to make this accepted by the system, including logging as root and going into keychain and setting it to be trusted. This DOES not work. I still get the untrusted certifcate message and the home directory does not mount. So what I need is someone who is authenticating to a windows network using wireless. I have followed all the 802.x suggestions which include using only peap to authenticate through.
  I hope someone can tell me how to stop the untrusted certificate error and how to mount the home directories. It would seem that there should be some type of setting to make airport startup prior to the login window or be hooked into the login window and pas that through to the wireless authentication. This is beyond my experience as you can see...
  thanks

• 802.1x wireless authentication with certificates

  Hi.
  I have configured and working 802.1x authentication with certificates for Wired connections. with no problem.
  when i try to authenticate the same machine with 802.1x and certificates , on Wirelss, the ACS rejects it  with:
  "12520  EAP-TLS failed SSL/TLS handshake because the client rejected the ACS local-certificate."
  the ACS is the same, the certificate the same, and the root ca is the same.
  what's hapenning????
  Antero Vasconcelos

  What supplicant are we using for wireless authentication? Do we have complete chain of certificates installed on the client machine? Can you check if we have root CA/intermediate correctly installed in client and ACS.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• 802.1x Wireless Authentication

  Hello
  I am using a MS Certificate Server and MS Radius server with 802.1x Wireless Authentication. When the macs Authenticate I get a warning so to speak and the Cert will not save or trust. I have enter it in as a 509 anchor and other and still the same thing. Is anyone out there doing this.
  The windows says
  801x Authentication
  The Server Certificate could not be validated becuase the root certificate is missing.
  Thanks

  No, CA wasn't changed with R2.
  Are you able to see the User's certificate in the Keychain app under the login keychain & My Certificates? Can you see the CA's certificate under the X509Anchors?
  In the login keychain, when looking at the Users certificate, does it show as valid?

• How to implement OData based BASIC Authentication using HTML, JavaScript for Mobile Apps using Apache Cordova/PhoneGap and datajs-1.1.1.js library

  Hello,
  I have an issue with OData based BASIC authentication for iOS App created using HTML, JavaScript, SAP UI5, OData and Apache Cordova/PhoneGap.
  Please check the post here http://scn.sap.com/thread/3527245
  Request you to kindly reply on the above given link.
  Thanks and Regards,
  Suraj Kumar

  Hello Prathik,
  The code which I am using for OData based BASIC Authentication, for my Mobile App is as below.
     var onSuccess = function(data) {
     alert("We are Through"); //Just to check that the OData request was sucessful
     var onError = function(err) {
     switch(err.response.statusCode) {  
     case 403 : {
     window.alert("Error Code - 403, Service unreachable ");
     break;
     case 401 : {
     window.alert("The credentials are incorrect or missing!");
     break;  
  // dataUserName and dataPassword are the two variables, in which I am storing my Username and Password, respectively.
     var connectionRequest = {
     requestUri: "ODATA SERVICE URL GOES HERE/",
     headers: { Authorization : 'Basic ' + Base64.encode(dataUsername + ":" + dataPassword) },
     method: "POST"
     OData.request( connectionRequest, onSuccess, onError);

• Wireless Authentication

  Hello
  I am using a MS Certificate Server and MS Radius server with 802.1x Wireless Authentication. When the macs Authenticate I get a warning so to speak and the Cert will not save or trust. I have enter it in as a 509 anchor and other and still the same thing. Is anyone out there doing this.
  The windows says
  801x Authentication
  The Server Certificate could not be validated becuase the root certificate is missing.
  Thanks

  You've posted in the wrong forum. This is Feedback about Discussions. Try Networking and the Web maybe.

• Certificate-Based Client authentication slowness (DSEE 6.3.1)?

  I seem to be seeing very slow operations involving certain certificate-based client interactions.
  I have a user with an application that connects via LDAPS (port 636), does an anonymous bind, and then binds as a specific user. This application is written using .Net (System.DirectoryServices.Protocols library) and housed on an IIS web server that has a certificate signed by Equifax.
  The application performs relatively quickly (operations take an elapsed time of less than 1 second) if:
  1. "Client Authentication" is set to "Allow Certificate-Based Client authentication" and there is no Equifax CA cert in the list of CA Certificates.
  or 2. "Client Authentication" is set to "Do Not Allow Certificate-BAsed Client authentication".
  If I have "Allow Certificate-Based Client authentication" and the Equifax CA cert installed, all operations by the application succeed but show an elapsed time of about 13-14 seconds.
  The Equifax CA cert should be trusted (certutil shows flags: CT,, )
  Has anyone seen anything like this? I've not been able to successfully figure out how to get additional logging RE: the certificate exchange other than grabbing the raw data from ssltap (which I'm not sure I correctly understand). I turned up the infolog levels to include connection managment and packets, but that didn't provide what I was looking for.
  Additional troubleshooting info:
  dsadm -V[dsadm]
  dsadm : 6.3.1 B2008.1121.0308 NAT
  [slapd 32-bit]
  Sun Microsystems, Inc.
  Sun-Java(tm)-System-Directory/6.3.1_RME_6915746 B2010.0112.1626 32-bit
  ns-slapd : 6.3.1 B2008.1121.0308 NAT
  Slapd Library : 6.3.1_RME_6915746 B2010.0112.1626
  Front-End Library : 6.3.1 B2008.1121.0308
  [slapd 64-bit]
  Sun Microsystems, Inc.
  Sun-Java(tm)-System-Directory/6.3.1_RME_6915746 B2010.0112.1631 64-bit
  ns-slapd : 6.3.1 B2008.1121.0308 NAT
  Slapd Library : 6.3.1_RME_6915746 B2010.0112.1631
  Front-End Library : 6.3.1 B2008.1121.0308

  The only thing I can think of off the top of my head is if the server is doing a callout to an external site for something like a CRL. Even though the traffic is encrypted, you should be able to see something like that in a packet trace even so.

• Open Wireless authentication concept.

  Folks,
  We have been asked to explore the possibilities of getting an open wireless setup going for guests. This essentially means that guests coming in should get Internet access without having to feed in a username/password. Connecting to this SSID should take them to a portal page which mentions some policies about internet access. On accepting that the users must get Internet access.
  Can this be achieved on the Cisco Wireless controllers? Has anyone heard about the industry using such Wireless authentication? Is there any know setup that uses this kind of configuration?
  Thanks,
  N.

  Web Passthrough on Wireless LAN Controllers
  Web passthrough is a solution that is typically used for guest access. The process of web passthrough is similiar to that of web authentication, except that no authentication credentials are required for web passthrough.
  In web passthrough, wireless users are redirected to the usage policy page when they try to use the Internet for the first time. Once the users accept the policy, they can browse the Internet. This redirection to the policy page is handled by the WLC.
  In this example, a VLAN interface is created on a separate subnet on the WLC. Then, a separate Wireless LAN (WLAN)/Service Set Identifier (SSID) is created and configured with web passthrough, and it is mapped to this VLAN interface.
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116879-configure-wlc-00.html

• User Name- and Password-Based Mutual Authentication

  Hi,
  The J2EE 1.4 Tutorial Update 1 shows an example of Client-Certificate Authentication over HTTP/SSL with JAX-RPC, but no User Name- and Password-Based Mutual Authentication example.
  Does this work the same? Does the client need a certificate for User Name- and Password-Based Mutual Authentication?
  I created my own self-signed certificate and imported it using the keytool. When I use my client to connect to my JAX-RPC web service, I get the following error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found.
  It seems that no trusted certificate is found... on the client side?! How do I specify the client certificate at the client side? I created a client certificate and added it to the keystore in the application server...
  If somebody should have an example of User Name- and Password-Based Mutual Authentication, I'd really apreciate it.
  Thanks, d3m0.

  Hi,
  I've almost the same problem.In an application based on Java Web Start, i try to attack a web service through HTTPS. Before the call of the web services, the client have discussed with the server through HTTPS, so the user have already accept the certificate (i use self-signed certificate too), i get the same exception.
  At the begining i've used classes from axis. I've found that axis doesn't want to support non trusted certificate. Some workaround were that the client access the private key of the server ... not really secure. So i've tried to use the JAX-RPC classes, always the exception.
  For the moment , we don't want to use trusted certificate and don't want to install on each user workstation the server certificate. I continue to investigate, if someone have some solution ? What i don't understand is why i've this exception altough i'm in a secure environment (JWS + user accepts the untrusted certificate).
  Sorry, i've never work on User Name- and Password-Based Mutual Authentication, but i think your exception come because of self-signed certificate.
  Regard,
  Pierre.

• Wireless authentication through AD

  I have a 2106 LAN controller with 1250 AP. I need to authenticate via my Active Directory users. Can this be done and how? I am also looking to get better range from my antennas, what the best omni or Bi antenna I can use with my 1250 AP
  Thank you in advance.

  Hi Tabish:
  Unfortunately, there is no specific document for wireless authentication with ACS 5.x
  If you wish you can check the below listed sections from acs 5.1 user guide:
  You can configure AD on Windows to use as external database, you can use the following link to integrate your AD
  http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1053213
  For authorization using TACACS+
  http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/pol_elem.html#wp1074366
  For configuring managing access
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/access_policies.html
  HTH
  Regards,
  JK
  Plz rate helpful posts-

• SAML-based claims authentication in SharePoint: how to show Display Name instead of email address?

  Hello,
  I followed the following step by step guide for SAML-based claims authentication with ADFS:
  http://technet.microsoft.com/en-us/library/hh305235.aspx
  The authentication works well; however, Sharepoint shows the users’ email everywhere including at the top right suite-bar. I rather to see users’ display name instead of email. Is there any way to have SharePoint shows user’s display name instead of email
  address when the primary SAML claim is email address?
  Thank you,

  You need to be able to import the identity store into the UPA. See http://sharepointobservations.wordpress.com/2013/08/06/sharepoint-2013-configure-user-profile-service-for-adfs-provider/ for
  a good step-by-step on how this is configured.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.