Ironport S170 and Microsoft RADIUS

I'm trying to setup management logins for the IronPort S170 using RADIUS.  I have the Windows server configured and the server information is in the S170, but I'm having trouble with the Group Mapping.  Under the RADIUS Class Attribute, what is an example of something that would go there?  Is it an AD group?  If not, is it some attribute number that I need to configure on the AD user object?  If so, where?  TAC has no idea how to do this. 

This error occurs when the user’s account is not stored in reversible encryption.
CHAP requires that the secret be available in plaintext form. CHAP cannot use irreversibly encrypted password databases that are commonly available. If the RADIUS server does not have access to the plaintext password, it cannot perform the one-way hash to verify the user and the authentication will fail. By default, Microsoft Active Directory does not store user accounts with reversible encryption.
Reversible encryption is a user class attribute and is not enabled by default in the Active Directory. You must enable this setting manually on each account or through Group Policy Objects when dealing with multiple users.
~BR
Jatin Katyal
**Do rate helpful posts**

Similar Messages

  • IPad 802.1x and Microsoft RADIUS

    Is anyone running iPad 2's in the enterprise using Microsoft RADIUS server? Now I understand that you can't use device certs because iPads cannot be joined to the domain, but I can use user certs. Now I read that iOS support PKCS#1 and #12, but I do not have this option on my CA for a cert request? Can someone share some tips on how they deployed these devices on the enterprise network? I could really use some help here. Thanks.

    > [email protected] wrote:
    >
    > > You can do 802.1x authentication in Windows XP and 2000 with service
    pack
    > > 3 or above withou the Odyssey client. You can see this when you right
    > > click on your network card, choos properties and you should see an
    > > authentication tab if you have XP or 2000 with the right service
    pack.
    > > This is built into Windows and will use the users login name and
    password
    > > for authentication.
    >
    > Yes, I'm quite aware of that. I just didn't understand what you meant
    by
    > "override" in this context. The bottom line is that yes, you can use
    OK. As long as I can use the Novell Client and Windows for
    authentication. The testing that we are doing is using Direct XML on the
    Novell Server and Remote Loader on an AD server with IAS. The user names
    and groups are synchronized to AD. THe authentication with then happend
    at the AD server with IAS.
    > the Windows client to authenticate against 802.1x compliant RADIUS
    > servers, and NO, Novell's is not 802.1x compliant, and never will be.
    > It's *possible* (but not confirmed) that Novell may be providing
    > detailed and supported steps to get freeRADIUS working for such tasks,
    > though. That's all I can tell you as that's all I know.
    >
    > --
    > Jim
    > NSC SYsop

  • WLC 5508 and Microsoft Radius Server 2008

    Hi, I am trying to setup WLC 5508 for a customer who want to use MS NPS for Radius authentication, however there aren't many good documents showing how to configure the MS NPS.
    I have couple of questions:
    1, Does WLC 5508 support MS NPS on Server 2008 R2?
    2, Are there any good document showing how to configure this?
    Thanks

    Hadisharifi,
    There is no single document that we can pick for configuring WLC and NPS. However, you may visit the below listed document for NPS  and WLC side configuration:
    Configure the WLC for RADIUS Authentication through an External RADIUS Server
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml#c2
    Fo the NPS side configuration, you may consider the attached document.
    Regds,
    JK
    Do rate helpful posts-

  • Integration between WLC 5508 and Microsoft NPS 2008

    Hi guys,
    Any of you, have working guidance for WLC 5508 and Microsoft NPS 2008 integration?
    I managed to configure Wireless 802.1x feature (PEAP) but it failed. I'm running software ver. 7.0.116.0.
    Is there any bug related 802.1x on this software version?
    thanks in advance.
    BR
    shendy

    Hi Shendy,
    I am not aware about any bug related to this. I think you better check all configuration and make sure it is fine.
    Logs from NPS and WLC (and possibly from the supplicant) may guide you where the problem resides.
    What does the NPS logs tell about the reason of the authentication failure?
    What does the WLC logs say about the failure (check show msglog and show traplog).
    - Make sure the Radius server added correctly with correct IP and correct shared secret on WLC.
    - Make sure that the radius is configured correctly to allow PEAP-MSCHAPv2.
    - Make sure WLC is added successfully to WLC with correct IP address and correct shared secret.
    - Make sure the clients are correctly configured and the server's (NPS) certificate is trusted on the clients.
    HTH
    Amjad

  • Connection refused error showing in ironport s170 - WSA

    Connection refused error showing in ironport s170 -  WSA
    I am getting “Connection refused” error while I connect ironport s170 through console cable. also i am not able to connect it through HTTP and SSH. Complete output is given below.
    Last login: Thu Sep 11 07:16:59 on cuad0
    Copyright (c) 2001-2011, Cisco Systems, Inc.
    AsyncOS 7.5.2 for Web build 303
    Welcome to the Cisco IronPort S170 Web Security Appliance
    Traceback (most recent call last):
      File "/usr/build/iproot/ap/ipoe/ipoe/bootstrap.py", line 55, in <module>
      File "/data/lib/python2.6_7_i386_nothr/runpy.py", line 128, in _run_module_as_
    main
        "__main__", fname, loader, pkg_name)
      File "/data/lib/python2.6_7_i386_nothr/runpy.py", line 34, in _run_code
        exec code in run_globals
      File "build/bdist.freebsd-7.2-RELEASE-p2-i386/egg/cli.py", line 426, in <modul
    e>
      File "build/bdist.freebsd-7.2-RELEASE-p2-i386/egg/external_auth/__init__.py",
    line 212, in initialize
      File "build/bdist.freebsd-7.2-RELEASE-p2-i386/egg/external_auth/__init__.py",
    line 118, in _setup_old_authentication
      File "build/bdist.freebsd-7.2-RELEASE-p2-i386/egg/command_client.py", line 674
    , in quick_read_var
      File "build/bdist.freebsd-7.2-RELEASE-p2-i386/egg/command_client.py", line 133
    , in connect
    Commandment.CommunicationError: <host name>: Network communication error
    : Connection refused
    AsyncOS <host name> (cuad0)
    login:

    Hi,
    You can upgrade to 7.7+ but if you require a root cause analysis I suggest you to open a TAC case.
    Regards,
    Luis Silva

  • Microsoft Radius Server vs ACS/Radius

    Hi,
    Is there any differences between Microsoft Radius Server and the Radius in ACS.
    Thanks
    Ali

    I have used both with pretty good success. The one thing I do not like about ACS is the fact that a user can only belong to one group. The documentation for ACS is pretty good and configuring ACS is pretty simple. I was able to import my AP's from a file which was nice since I had around 100 to setup/install. That was really quick and simple.
    The isn't a lot of documentation around for configuring IAS with Cisco Wireless equipment, but there are hints in these forums if you search. I had IAS configured to assign VLANS to certain wireless users (actually groups) and it works fine. There were a few bugs (differences between VxWorks and IOS) that have been corrected I believe. If you run into problems make sure your AP's software is up to date.
    Aside from the fact that a user can belong to only one group, I like ACS. I haven't had much time to finish my configuration as far as Wireless goes, but so far things have been pretty simple to configure.
    If you have any more questions feel free to ask...
    Don Hickey

  • IronPort S170 WSA - Max file download size

    Hello,
    we're using an IronPort S170 WSA. Downloading big .iso (maybe other files, too) files fails. As far as I can find out, files of 2300MB or less can be downloaded, files of 3300MB or bigger fail to download (I haven't been able to try files with sizes between 2300MB - 3300MB). Using the same client without using the IronPort as a proxy, the download of the big files succeed.
    The web page error message indicates:
    Blocked by [companyname] Web Proxy
    Category = Allowed%20URL%208080
    WBRS Value = -
    DVS Verdict = -
    DVS Threat = -
    So, I assume there is a setting in the IronPort that prevents the download of files exceeding a size limit. But I cannot find any config item that controls this. Does anyone know where this setting can be found?
    Description: Cisco IronPort S170
    Product: Cisco IronPort S170 Web Security Appliance
    Model: S170
    Version: 7.7.0-500

    Do you get an instant block for large files?  Or does it try to download for a while, and then fails?
    If it is an instant block, it should be under Web Security Manager > Access Policies.  Look in the object types section.
    If you are downloading for about an hour and the downloads stop, it may be authentication related.
    -Vance

  • Switch Cisco and Microsoft NPS

    Hi,
    I configure 802.1x wich Cisco Switch and Microsoft NPS Radius but the client cannot connect. I debug radius on switch and receive the debug attached.
    Whats the problem??
    Thanks

    Hi,
    Looks like that switch ip address is 192.168.233.250
    Please add this nas-ip-address 192.168.233.250 in the condition on the NPS server.
    Also, could you please provide me a error message from the event viewer?
    Attached is the document to configure NPS with cisco devices.
    HTH
    JK
    Plz rate helpful posts-

  • Cisco IronPort S170 Access Logs are filling up the HDD

    We have a Cisco IronPort S170.
    The access logs have filled the HDD to 91%
    The device is taking a serious performance hit.
    It now takes 5 minutes per click if I'm lucky.
    I have accessed the device via FTP and am about to copy off all of our AccessLogs.
    Once this is completed is there a way to wipe only the accesslogs from the device?
    Via FTP the transactions seemed to be read only
    I was looking through the CLI, but wasn't sure which command to use.
    Thanks,
    Brian

    When you FTP to the device, and CD to the appropriate directory path - are you not able to mdel the files?  Are you accessing the appliance via FTP as an admin level user?
    -Robert

  • I use Windows Vista and Microsoft Outlook. After migrating to iCloud, the calendar of iCloud tranferred only part of my past Calendar items to the folder iCloud Calendar in my Outlook. How can I transfer all the entries?

    I use Windows Vista and Microsoft Outlook. After migrating to iCloud, the calendar of iCloud tranferred only part of my past Calendar items to the folder iCloud Calendar in my Outlook. How can I transfer all the entries? In iCloud's site all are there.

    If the calendar is on iCoud.com, all you would need to do to get it on your phone is go to Settings>iCloud on your phone, sign into your iCoud account and turn Calendars on.  The iCloud calendars will then download to your phone.

  • MAJOR PROBLEMS WITH IPHONE 3G AND MICROSOFT EXCHANGE!!!! PLEASE HELP!!!!

    Ok,
    My exchange server at work was synced to my iphone and has worked with no issues. I then exchanged my phone because there were issues with my bluetooth not syncing properly. So with this new phone, it prompts me to enter in my exchange server password every few days. I contacted my IT department as well and microsoft to get this issue resolved because I assume that there were issues with the exchange server. They were both able to see an event viewer and it showed that my iphone was attempting to log in numerous amounts of times, which locks out my account after 3 incorrect log ins. Even when I erased the exchange account from my phone, it still showed that the phone in the event viewer was trying to log in over and over again. I then did a master clear and restore and the process was removed in the event viewer. So then I called my IT department to unlock my account after I cleared everything. I was able to sync everything again with it working properly. Now its a day later and the my exchanger server prompts me to enter in the password AGAIN and my exchange account is locked AGAIN because the event viewer at work is showing the same issues. Is my Iphone not saving the password correctly? What do I do? My IT department even created a dummy account to see if a new account would fix the issues but yet no cigar! HELP!!

    The iPhone you returned is still syncing against your server and locking out your account. Someone possibly has access to your mail data. I'd recommend having your Exchange Administrator install the Microsoft Exchange Server ActiveSync Web Administration Tool (http://www.microsoft.com/downloads/details.aspx?FamilyID=E6851D23-D145-4DBF-A2CC -E0B4C6301453&displaylang=en) and attempt to wipe/delete/block that other iPhone.
    Message was edited by: ethanm

  • I have updated to ios 7 and Microsoft outlook web access for work emails no longer works nor my remote access can you help

    I have updated to ios 7 and Microsoft outlook web access for work emails no longer works nor my remote access can you help

    This happened to me as well. I read somewhere else that resetting the network settings (General, Reset, Reset Network Settings) would help and it partially did. I get half (the folders) of the Web Access screen rather than a blank screen. I tried tihs a few more times and got the right half (the messages) on occasion but never the whole web page.

  • WIN 8.1 and MICROSOFT LIFECAM HD-3000 compatibilty - Preview screen "blacked-out"

    It seems that there are hundreds of Users with Webcam issues since WIN 8.1 has been downloaded. I have trawled sites and Forums for procedures to ensure that my LIFECAM HD-3000 will work otherwise it a waste of £14.99. No solution has worked. Drivers and
    software have been re-loaded from official MS site, and/or Safe Starts undertaken, and/or uninstalling and then re-installing and nothing works.
    I think that the problem is that the CAMERA APP built-in with WINS 8 or 8.1 is "always on" in the background and stops other programs/programmes using the webcam output. Is one definitive answer to get webcams working in WINS8.1. Even the MANYCAM
    software fails to work with WIN8.1.
    Help. Thank you.

    Hi,
    This could be driver issue. Please contact the manufacturer to ask for the latest driver for your Webcam in Windows 8.1, and reinstall it to check the results. If there is not, we need wait for the updates from manufacturer.
    Meanwhile, to use webcam, we need to get it properly set.
    Set Windows 8.1 Apps that May Use the Webcam, Microphone & other devices
    http://www.7tutorials.com/set-windows-81-apps-may-use-webcam-microphone-other-devices
    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore,
    Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you
    completely understand the risk before retrieving any software from the Internet.
    Hope these could be helpful.
    Kate Li
    TechNet Community Support

  • Windows 7 on Bootcamp I am locked into a DOS screen and it is not installing.  I have been on line with Apple and microsoft and they can't help.  I have lated versions of Lion and bootcamp. HELP

    I ran bootcamp and tried to install Windows 7.  I end up with a DOS screen and an unresponsive keyboard. 
    I have been on line with Apple and microsoft and they can't help.  I have lated versions of Lion and bootcamp. HELP!
    My Lion is up to date.
    I used the 64-bit windows disc.
    Should I try parallels?

    Do you have a DOS screen with a command prompt or just a blank screen?
    Is your Windows 7 x64 an original MS Full Version Installation DVD?
    Did Windows 7 Install Disc start?
    If it did you would have had to choose the location of where to install Windows 7.
    Did you select the Partition named BOOTCAMP that corresponded to the Partition Size you created in BootCamp?
    Were you asked to format the Partition?
    Did you format the partition to NTFS and then get an option to click NEXT and actually start the Windows 7 installation?
    Do you have a wired USB keyboard and wired USB mouse?
    If you actual went through the installation and restarted then here are some things to try:
    First try doing a CONTROL-ALT-DELETE and see if a Windows Option Screen appears.
    If you get the Screen you will have some options displayed.
    You want to highlight and click TASK MANAGER which should be the bottom choice I beleive.
    If Task Manager runs you will get a window showing all the processes running.
    See if you can find EXPLORER.
    If EXPLORER is running highlight it and go to the bottom right and click the END TASK button.
    Now go to the Top Left Menu Bar.
    Click FILE
    In the sub menu that opens select RUN  or RUN NEW TASK (Not sure which it is in Windoes 7 as I am running Windows 8)
    Once RUN is selected a new window will open to CREATE NEW TASK
    Type in EXPLORER and then the OK button.
    If Windows 7 installed properly the Desktop should appear after a bit of time.
    Your first concern is to get your keyboard running so you may have to remove and reinstall Windows using Boot Camp on the Mac Side.
    Let us know how it goes..

  • I am using a verizon email address and microsoft office for mac outlook program to manage my emails.   Does any one know if  the apple outlook version offers the ability to save emails as a pdf so that I can save it to my hard drive and how to access?

    I am using a verizon email address and microsoft office for mac outlook program to manage my emails.   Does any one know if  the apple outlook version offers the ability to save emails as a pdf so that I can save it to my hard drive and how to access?

    This is the Microsoft forum site that parallels what Apple has:
    Office for Mac forums
    It's not uncommon for MS employees who work with the Mac side of the business to help there. All in all a useful resource for Office:Mac

Maybe you are looking for

  • In the second leg STO GR and IR created without doing Goods issue and IV

    Hi Guru's Please can anyone tell us user is created second leg STO without doing good issue and Intercompany invoice, but he has been done GR and IR it is causing problem in MR11 report still outstanding. i asked user to do GR cancelation or reversal

  • Re adobe acrobat 9 pro - are you supposed to be able to open this exact program from "utilities" or how do you access it?

    I installed this program earlier, obviously.  I would think that you would be able to open the program through utilities, but that isn't the case.  Do you just open adobe reader and then try to do things, like editing and combining documents?

  • Last active time values is NA in prime infrastructure

    hi all my bro!! first, i'm so sorry. i can't speak english very well. but i need some feedback and i'll do my best for you.  please understand, even a little bit clumsy expression. ^^ now, let discussing with my problem.! i have my prime infrastructu

  • Drag and drop mailbox recipients

    I have a mailbox folder within Mail which contains emails I have sent to about 100 recipients. Let's say this mailbox is called 'Golf Club Contacts'. These recipients are not in my address book. I have composed a new email that I wish to send to all

  • Meaning of DP in Plant Maintenance

    Hello Gurus; What is DP in the definition given by SAP(PSB)? Thanks & Regards Hemant "Technical Objects (CS-BD/PM-EQM) Purpose If DP-supported maintenance is to be set up properly at a company, it is necessary to structure the existing technical syst