How to configure ACS to authenticate Modem with radius
Hi,
How do I configure ACS to authenticate and authorize modem users with radius. My problem is with authorization(authentication is ok in the debug). Do I need to configure specific Av pairs (006 and 007 in IETF)
Hi Dominic,
Are we have Microsoft radius server or ACS?
Yes, these attributes should be configured.
006-service-type: login
007-framed-protocol: PPP
HTH
JK
Similar Messages
-
CWMS v.2 - how to configure CWMS to authenticate user with CUCM
Hi,
I have a CUCM with no LDAP or AD integration. I already configured the directory integration with CUCM and it synchronized the user accounts to CWMS. When trying to login with end user account, password configured in CUCM doesn't work. What is the process to configure CWMS to authenticate with CUCM user database? Thanks.
-AlanHi Alan,
CUCM and LDAP integration is a prerequisite for using Directory Integration on CWMS.
http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/1_5/Administration_Guide/Administration_Guide_chapter_01011.html#task_DB0D271D6EB1459EB4DA269461E93B36
Before You Begin
You must configure AXL and LDAP directory service on CUCM before you can use the directory integration feature. CUCM is required to import users into your Cisco WebEx Meetings Server system. Use CUCM to do the following:
Enable Cisco AXL Web Service
Enable Cisco directory synchronization
Configure LDAP integration
Configure LDAP authentication
-Dejan -
How to configure wireless Cisco 1041/EAP2 with Radius
Hello,
Having trouble configuring wireless on a Cisco 1041 with a 2012 Radius Server
I have a cisco ASA 5505 and Windows server 2012 Radius with NAP and Network Security policy
Guest Test guest works, test does not, I want the users to log into test with their AD credentials
Here is the AP config:
Thanks for any help
o service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap1
logging rate-limit console 9
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap2
server x.x.x.x auth-port 1645 acct-port 1646
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone -0500 -5
clock summer-time -0400 recurring
ip domain name ser.local
dot11 syslog
dot11 ssid test
vlan 1
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa
mbssid guest-mode
dot11 ssid test guest
vlan 12
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7
dot11 priority-map avvid
dot11 phone dot11e
power inline negotiation injector 001b.8fac.990a
power inline negotiation prestandard source
class-map match-all _class_data_policy0
match ip dscp default
class-map match-all _class_voice_policy0
match ip dscp ef
policy-map voice_policy
class _class_voice_policy0
set cos 6
policy-map data_policy
class _class_data_policy0
set cos 0
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 12 mode ciphers aes-ccm
ssid ihiCorp
ssid ihiGuest
antenna gain 0
mbssid
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
service-policy input data_policy
service-policy output data_policy
interface Dot11Radio0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 12
bridge-group 12 subscriber-loop-control
bridge-group 12 block-unknown-source
no bridge-group 12 source-learning
no bridge-group 12 unicast-flooding
bridge-group 12 spanning-disabled
service-policy input data_policy
service-policy output data_policy
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 12
no bridge-group 12 source-learning
bridge-group 12 spanning-disabled
interface BVI1
ip address x.x.x.x 255.255.255.0
no ip route-cache
ip default-gateway x.x.x.x
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
endin order I get these messages;
The processing of Group Policy failed. Windows attempted to read the file \\test.local\sysvol\test.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
A LDAP connection with domain controller IHIserver01.ihi-press.local for domain TEST is established.
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 48. -
How to configure a new product type with a new operation deal?
hello, All,
I wonder to know if somebody knows, how to configure a new product type with a new operation deal with the amortization divided?, I mean in the SPRO, portfolio of securities with the characteristics mentioned.
Hope you help me.
Bests regards.Hi Prasad,
Thanks for the information, but the directions that you give me not be useful, I want that the UPDATE TYPE appears in the position cash flow in the transaction deal in the option-->operative valuation area( 2nd option) or in the report TPM13, this for two treasury ledger dates.
I mean that the update type "samxx" affect the accountant as amortization divided?, this transaction deal is a purchase.
Thanks in advanced -
How to configure ACS 5.2 for policy condition on TACACS+ Service
In https://supportforums.cisco.com/message/3953175#3953175 thread, I was able to get the ACS 5.2 work with SRX for both SSH CLI and J-Web TACACS+ accounts. However, I found the behavior is different on our production environment. I found our ACS 5.2 was configured authorization rule with condition "TACACS+ Service" = "junos-exec". I don't know how to configure this on my ACS 5.2 Please guide me how to configure this.
I found there was NO TACACS+ "Authorization Request" when access via J-Web in our production SRX and ACS. However, there were TACACS+ "Authorzation Request" when access via J-Web in our production SRX and ACS. The difference between my lab ACS and production ACS is the authorization rule condition. In my condition, I configure with all "SRX" Device Type. but in our production ACS 5.2, it was configure to TACACS+ Service=junos-exec. so I like to test it in our lab to find out the difference. Thanks.I would suggest you to go through the below two link.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/migration/guide/Migration_Configure.html
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/common_scenarios.html -
PLZ. HELP !!! --- HOW TO Configure my "Internal PCI MODEM" in Sol9-X86.
Hi Folks!!
I am Karthi from India and have recently purchased Solaris 9 for X86 Platform.
I am really at a loss as to how to configure my Connexant-based Internal PCI MODEM.
Will Solaris 9 recognise my Connexant-based MODEM from an Indian company or do I have to purchase any other "Solaris 9 supported MODEM Chipsets"?
Can you please help me out by giving any weblink or brief steps to go about it.
I will be grateful to you and advance thanks to whoever is willing to help this helpless amateur.
Bye and have a nice day!!!
Karthi Shanmugam
[email protected]Ok here is a brief answer to your question if it is a Linux HCL modem then you can search on google or check out http://www.linuxant.com/drivers/ for information.
If it is a winmodem then you pretty much have a worthless modem for running any type of Unix/Linux. However you should be able to buy a Serial Modem for around $30-$50 USD that is compatible with almost anything since they have been around forever and use a different communication scheme than PCI. -
How to configure qpopper to authenticate against LDAP server
Hi,
This is re-post of my question:
I have directory server 6.0 set up on Solaris 9 system. Also, I have set up Solaris 9 system native LDAP client. The qpopper daemon is running on that client. I have re-compiled the qpopper to use PAM authentication, then 'kill -HUP' inetd. But when I try to connect to qpopper with PAM authentication, I got an error:
-ERR [AUTH] PAM authentication failed for user "nsr": No account present for user (13)
I do have user's account and I am able to retrieve the user's account information by 'ldaplist -l passwd nsr'. I guess it is related pam configuration problem, but I don't know how to configure pam for qpopper. The information provided by qpopper manual is listed below:
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so nullok
use_authtok md5 shadow
session required /lib/security/pam_pwdb.so
Obviously, the example configuration is for Linux. So how I can configure Solaris pam.conf to have qpopper authenticate through pam?
My current pam.conf is listed here also:
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_dial_auth.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth binding pam_unix_auth.so.1 server_policy
rsh auth required pam_ldap.so.1
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1
passwd auth binding pam_passwd_auth.so.1 server_policy
passwd auth required pam_ldap.so.1
cron account required pam_unix_account.so.1
other account requisite pam_roles.so.1
other account binding pam_unix_account.so.1 server_policy
other account required pam_ldap.so.1
other session required pam_unix_session.so.1
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1 server_policy
Thanks,
--xinhuaniAS 6.0 sp4 officially does only support iPlanet Directory Server 5.0 sp1 and 4.13.
For more details visit: http://docs.iplanet.com/docs/manuals/ias/60/sp4/ig/prep.htm#42084
I guess, you can specify the directory server during the time of installation.
Thanks,
Rakesh. -
How to configure GlobeSurfer II umts modem router to act as just a modem
Sorry if this has been asked before but after three days of searching I haven't been able to find an answer.
I'd like to know how to configure a GlobeSurfer II umts modem router to act as just a modem allowing my TC to provide all the remaining wireless services.
I know the combination can easily be made to work with the TC as in bridge mode but doing that loses features of the TC that I'd like retain.
I've found a fairly comprehensive manual on line but it doesn't address my specific needs and I'm not techie enough to interpret the information that's provided into a work around.
ThanksHi Bob,
many thanks for answering. GlobeSurfer suggested the following
"the easiest is to use the Ethernet to connect the GlobeSurfer to your Capsule. Make sure that you have the 2 routers having difference IP address ranges and they don't overlap each other."
That pretty much contradicted everthing I've read in discussions so I've asked for information on how to
1. stop the GlobeSurfer from acting as DHCP and stop it providing IP addresses
2. make the GlobeSurfer a client of the Time Capsule
I was already using an e cable between the two but in the mean time I did the rest of what they sggested. The only warning I got on the TC was a "Double Nat" for which I clicked "ignore".
As a result I have the two networks that I wanted, (one protected with private HDDs and printer attached and one guest), I can connect to the internet through both, I've been able to extend the main using an Extreme in bridge mode and there's no sign of a third network being produced by the GSII. I'm delighted and I'm stunned to say that it worked.
It'll be interesting to hear what they come back with.
Thanks again -
How to Configure Oracle Management Server (OMS) with Dataguard Broker
Dear Experts,
i have a production DB (192.168.200.9) 9.2.0.1.0 on Server 2003
i have a standby DB (192.168.200.19) 9.2.0.1.0 on Server 2003
Archive logs are shipped to standby database and applied there. *(Datagauard is configured).*
Now i want that Graphically i want to see that archivelogs are shipping to standby database and applied there ( i want to configure Dataguard Broker in graphical mode (*dataguard manager*) isnt it ( bcz i anm bit confused with this).............?
*1.* For this purpose to achieve i take some seperate machine install on it Server 2003.
*2.* and then Install oracle db 9.2.0.1.0 ( here i will install FULL DATABASE, CUSTOM installation ( then createsome repository).
*3*. can i configure this repository for OMS on my already running production or standby DB............?
*4.* After this OMS is configured or not..........?
*5.* how i will configure datagauard broker
what i know regarding this is on primary and standby db *( DG_BROKER_START = TRUE)* and after
this we have to create some configuration wizards but how
i think i have to go with this sequence if somebody has different sequence tellm e
wait for replies
thanks in advance
regards rehan
faisalabad pakistanDoes anybody dont know anything about this.................?
-
How to configure BODS in network environment with NAT ?
Hi Team,
Now we are working on POC of BO Data Services 4.0 with SI partner and they reported us that a communication error (error code:BODI-1241023) occurred when they started a job from Designer.
They can do it without any problems in the following two cases.
1. from Designer which is installed in the CMS/JobServer machine
2. from Designer which is installed in local PC within internal network (without firewall / NAT)
That is, the cause is Firewall with NAT(Network Address Translation) between Designer and JobServer/CMS.
And, they can log on to CMS/JobServer with NAT environment, however, cann't start a job from Designer.
The port #3500 for JobServer is open. They confirmed that they could log on to the JobServer in the event log
of the JobServer.
That is, Designer -> CMS/JobServer communication is OK, but JobServer -> Designer communication must be NG.
Could you advise us how to configure BODS both client and server sides in the network environment with NAT ?
Thanks and best regards,HI Buddy,
You can achieve this by $FLEX$, create first value set, and assign it to first field. Create second value set based on first value set using $FLEX$.
follow steps mentioned in the bellow link
http://erpschools.com/articles/usage-of-flex -
How to configure MySQL to be used with J2EE 1.3.1 -- Very Very URGENT.
Hi All,
I have downloaded Sun's J2EE reference implementation 1.3.1. I want to use MySQL as my database instead of the default database Cloudscape that comes with J2EE SDK 1.3.1. Can any one help me configuring in doing the same.
Thanks and regards,
Venky.Hi! I had the same problem, too. I�m Brazilian and I�ve been learning the English language yet, but I�ll try to describe how to configure J2EE with MySQL.
I am using MySQL version 4.1.7 with J2EE version 1.3 on Windows XP Professional. The driver version of MySQL is 3.0.16.
You have to configure the following two files:
- <J2EE_HOME>\bin\setenv.bat
- <J2EE_HOME>\config\resource.properties
Do the following steps:
1) Copy the JAR file of MySQL driver (mysql-connector-java-3.0.16-ga-bin.jar) to <J2EE_HOME>\lib directory.
2) In <J2EE_HOME>\bin directory open the setenv.bat file and analize the code. It is not hard to understand the code, it is just the classpath configuration of J2EE. After understand it, add a reference of MySQL driver (mysql-connector-java-3.0.16-ga-bin.jar), that was copied to <J2EE_HOME>\lib directory.
3) Run the <J2EE_HOME>\bin\j2eeadmin.bat to configure the resource.properties file.There are two command lines to be executed, as below:
- j2eeadmin.bat -addJdbcDriver <CLASS NAME OF THE DRIVER>
- j2eeadmin.bat -addJdbcDatasource <JNDI NAME> <URL>
For example:
- j2eeadmin.bat -addJdbcDriver "com.mysql.jdbc.Driver"
- j2eeadmin.bat -addJdbcDatasource "jdbc/mysql/test" "jdbc:mysql://localhost/test?user=username&password=pass"
4) After run j2eeadmin.bat, the resource.properties file will be modified. But when I did it and when I executed the verbose command to start J2EE, some error messages was exhibited. So I decided to open the resource.properties file and I noticed that the character "\" was added erroneously in a lot of places of the code. It did not seem correct, so I decided to remove these characters replacing them. Bingo!!! After I did it, I run verbose again and no more message error ocurred. I think it is a bug of J2EE.
Finish! I modified the datasource JNDI to access MySQL and then I run my EAR application. No problems occurred. My application is running succesfully.
Good luck! -
How to configure Oracle 8 to work with Weblogic portal4.0
Hi! I'm trying to configure my portal to work with oracle8i using thin driver.I've set classes12.zip in the classpath.But if I set the DATABASE=ORACLE_OCI value inthe set-environment.sh file the server does not start.Pls help.
Here's the error log it throws for the problem:
: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.R
DBMSException: An error occured creating a database connection for the realm.]
java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.RDBMSExcepti
on: An error occured creating a database connection for the realm.]
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:258)
at weblogic.security.SecurityService.initialize(SecurityService.java:115
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:390)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
'> -
How to configure dbconsole on R12.1 with 11g database on RHEL AS 5(64-bit)
Hi Dear
I want to configure dbcosnole on R12.1 with 11g database. When i start it by executing the command emctl start dbconsole it does not start. It shows the following error:
OC4J Configuration issue. /u01/oracle/PROD/db/tech_st/11.1.0/oc4j/j2ee/OC4J_DBConsole_dg.orientpower.com.pk_PROD not found.
I will highly appreciate, if anybody could help me to resolve this issue.
Thnx
JabbarYou might want to checkout
http://download.oracle.com/docs/cd/E11882_01/install.112/e10813/dbcacrea.htm#sthref287
Oracle® Real Application Clusters Installation Guide
11g Release 2 (11.2) for Linux and UNIX -
How to configure and deploy OAM 11g with DB setup using silent mode
Hello all,
I am trying to create automation process to install and configure OAM 11g on WLS. This task involves three stages
1. Install WLS
2. Install OAM 11g
3. Create DB schema using RCU
4. Configure and deploy OAM 11g
I have done first 3 stages in silent mode using scripts and response files. I am stuck at 4th stage. I know how to configure and deploy OAM 11g using config.sh via GUI installer as well as console mode. But I would like to run config.sh in silent mode something like
./config.sh -mode=silent -silent_script=<script_location>
I have searched a lot, but could not find any resource on how to do it? I tried passing the parameters via a text file. But that has not worked. I have also explored WLST, but it also does not work. Given that first 3 things are relatively very simple, the 4th step is becoming complex. I would be very thankful if someone can please point me in the right direction.
Thanks!Have a look at your software directory : <sofware directory>/Disk1/stage/Response
Here you will find 2 rsp files which you can use to install and then configure it all.
Good luck.
Filip -
How to configure airport extreme to work with Actiontec gt701d modem
I have been trying to set up a new Actiontec modem to work with a new Airport Extreme with no luck. I don't know what the right settings are to get it to work correctly. So far the only way I have been able to get the two to work together is to have the AE connect with ethernet and bridge mode. However with this configuration I can't setup a guest network which I would like to be able to do. I have read some past posts and have tried other configurations but end up either losing internet connection or getting a very slow connection. If anyone has some idea how to get this modem to work with the AE i would really appreciate some advice
Thank youWelcome to the discussion area, Meagan!
The Actiontec "modem" that you mention is really a gateway...a combination modem/router, so with this device and the AirPort Extreme, you have two routers on the network.
Whenever you have two routers on a network, the first router must be configured to handle the main routing chores and any other routers must be configured in Bridge Mode to function correctly. So, Bridge Mode is the correct setting for the AirPort Extreme when used with the Actiontec gt701d gateway.
In order for the AirPort Extreme to provide a Guest Network, it must be configured as the "main" router on a network. This won't be possible unless you can re-configure the Actiontec device to act as a simple modem, not a router. You might want to check with Actiontec support to see whether this might be possible.
Message was edited by: Bob Timmons
Maybe you are looking for
-
Iphone 3GS ONLY powers on with AC not with computer and unable to restore
Hi, So I have an Iphone 3GS 16GB. This is my uncle’s iphone. He updated it to 5.0.1 just last week and was using it fine but he just dropped his phone and thats when all these problems started. The only way I can get the iphone to turn on/show the sc
-
Transferring all music from ipod to new computer with Windows Vista
I need help!!! I recently bought a new computer that has windows vista, and I do not have access to my old computer. I have tried following the online help but I cannot figure out how to transfer all of my music files from my nano to this new compute
-
Can't Install Quicktime for Firefox under W2K
I am unable to install Quicktime with Firefox. I am running W2K. The current version doesn't support Quicktime. I'm not able to find a version that does. Any suggestions? Fred
-
How to improve sql perfomance/access speed by altering session parameters
Dear friends how to improve sql perfomance/access speed by altering the session parameters? without altering indexes & sql expression regrads Edited by: sak on Mar 14, 2011 2:10 PM Edited by: sak on Mar 14, 2011 2:43 PM
-
To pick Parental org unit ( Root Org Unit)
Is there any Function Module which can pick the employee root organization unit. In my code: *zhrint02_itab-status = 'X'.* MODIFY zhrint02_itab TRANSPORTING status WHERE otype EQ wa_adompernr-otype