Local radius server : one username for several devices ?
I've just installed a AP 1231g as a local radius server and I've got two devices that are authenticated by the AP with the same username/password .
is not there a problem?
Hi,
Problem ?? no there is no issues. You are using a single user name to access network devices.
Regards,
~JG
Please rate if helps
Similar Messages
-
1240AG as WDS & Local Radius Server
Have 5 1240AG's and want to use one as WDS and Local Radius Server.
Am using the following as a guide:
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml#hw
The above example uses a Cisco Secure ACS and designates both an AP and a WSLM as the WDS. I just want to use the AP as the WDS.
Isn't it possible to do the whole thing just using a 1240AG as both the WDS and Local Radius Server and not use a Cisco Secure ACS or WSLM?
Is there an online guide for such a thing? (looked, didn't find it)
Appreciate the guidance
CheersThanks, that's what I thought.
I had found the WDS setup link but wasn't sure if I was missing something.
The link you provided for the Local Radius Server setup is for "partners" only I believe? Can't access it.
But I think I should be able to find some guides/examples somewhere else in the archives. I'm starting w/ these 2 links;
https://www.cisco.com/en/US/products/ps6521/prod_configuration_examples_list.html
and
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml
Appreciated the heads up about port 1812. -
Problems w/config AP1200 - WPA Enterprise/Local RADIUS Server
I have been attempting to reconfigure a AP1200 in our lab environment from using static WEP keys to WPA/TKIP. I can make the solution work with WPA-PSK, but not enterprise. I believe I have everything configured correctly but cannot "validate identity" on the client. Below are the details to my configuration.
SSID: labssid (Open authentication with EAP)
Cipher: TKIP
Key management: Mandatory (WPA)
I have a Cisco ACS server but am attempting to get this running intially using the local RADIUS server on the Access Point. I have a user defined locally called "test" with a password of "test".
I am using an IBM ThinkPad T43 with the built-in wireless (Intel PRO/Wireless 2915ABG NIC) for testing. I have the "Use Windows to configure my wireless network settings" checked so I am using the inherant Windows configuration screens. However, I have also attempted to use the IBM NIC configuration utility and receive the same failures. I have the client device configured as follows:
1. Network authentication: WPA
2. Data encryption: TKIP
3. Authentication: Protected EAP (PEAP) (only option other than smartcard, cert.)
3a. (PROPERTIES) - AuthMethod: Secured Password (EAP-MSCHAP v2)
4. Authenticate as computer whe computer information is avail (UNCHECKED)
5. Authenticate as guest when user or computer is unavailable (UNCHECKED)
When I attempt to provide my test/test credientials the Access Point logs the following:
Station 0016.6f77.9ccd Authentication failed
When I look at the Local RADIUS server stats, for each authentication failure the following stat is recorded:
"Unknown EAP Type"
If I try to authenticate 5 times, there will be 5 Unknown EAP Type stats logged.
What am I missing?I didn't realize the local RADIUS couldn't do PEAP. That makes sense now, as in testing I decided to point the AP at my ACS server and was able to authenticate. I'm having an issue authenticating at times because it seems the AP looses it's connection TO the ACS server. The Access Point logs the following:
1. Station 0016.6f77.9ccd Authentication failed
2. RADIUS server 192.168.102.82:1645,1646 has returned.
3. RADIUS server 192.168.102.82:1645,1646 is not responding.
The "not responding" and "returned" logs are recorded at the exact same time period. In my most recent case, it was "Aug 31 18:19:36.981". Both have that time stamp. It's as if the AP looses some heartbeat to the RADIUS server and doesn't check to see if it's alive until a certain interval. When I'm not able to authenticate, if I log into the ACS and manually "restart" the services through the GUI, I authenticate right away. I'm thinking this is an ACS issue not an AP issue, but am wondering if anyone else has ever noticed this behavior. -
EAP-FAST on Local Radius Server : Can't Get It Working
Hi all
I'm using an 877w router (flash:c870-advsecurityk9-mz.124-24.T4.bin) as local radius server and have followed various config guides on CCO. LEAP works fine but I just can't get EAP-FAST to work.
I'm testing with win7 client using anyconnect secure mobility client, and also a mac book pro but without luck.
the router sees unknown auth type, and when I run some debugs it talks of unknown eap type 3
sh radius local-server s
Successes : 1 Unknown usernames : 0
Client blocks : 0 Invalid passwords : 0
Unknown NAS : 0 Invalid packet from NAS: 17
NAS : 172.27.44.1
Successes : 1 Unknown usernames : 0
Client blocks : 0 Invalid passwords : 0
Corrupted packet : 0 Unknown RADIUS message : 0
No username attribute : 0 Missing auth attribute : 0
Shared key mismatch : 0 Invalid state attribute: 0
Unknown EAP message : 0 Unknown EAP auth type : 17
Auto provision success : 0 Auto provision failure : 0
PAC refresh : 0 Invalid PAC received : 0
Can anyone suggest what I might be doing wrong?
Regs, TimThanks Nicolas, relevant snippets from config:
aaa new-model
aaa group server radius rad_eap
server 172.27.44.1 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local
aaa session-id common
dot11 ssid home
vlan 3
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
ip dhcp pool home
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 194.74.65.68 194.74.65.69
ip inspect name ethernetin tcp
ip inspect name ethernetin udp
ip inspect name ethernetin pop3
ip inspect name ethernetin ssh
ip inspect name ethernetin dns
ip inspect name ethernetin ftp
ip inspect name ethernetin tftp
ip inspect name ethernetin smtp
ip inspect name ethernetin icmp
ip inspect name ethernetin telnet
interface Dot11Radio0
no ip address
encryption vlan 1 mode ciphers aes-ccm tkip
encryption vlan 2 mode ciphers aes-ccm tkip
encryption vlan 3 mode ciphers aes-ccm tkip
broadcast-key vlan 1 change 30
broadcast-key vlan 2 change 30
broadcast-key vlan 3 change 30
ssid home
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface Dot11Radio0.3
encapsulation dot1Q 3
no cdp enable
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
interface Vlan3
no ip address
bridge-group 3
interface BVI3
ip address 192.168.1.1 255.255.255.0
ip inspect ethernetin in
ip nat inside
ip virtual-reassembly
radius-server local
no authentication mac
nas 172.27.44.1 key 0 123456
user test1 nthash 0 B151E8FF684B4F376C018E632A247D84
user test2 nthash 0 F2EEAE1D895645B819C9FD217D0CA1F9
user test3 nthash 0 0CB6948805F797BF2A82807973B89537
radius-server host 172.27.44.1 auth-port 1812 acct-port 1813 key 123456
radius-server vsa send accounting -
One application for Several Organizations
Hi experts,
Can we use one Application for Several Organizations? I studied in HFM Admin Document. We use only one organization in our project.
Can we use this application for another Organization?
by
kumariHi,
I can say that you can use as many.organisation as you want but there are same parameters to take into consideration.
First,what do you mean by organisation. Group or number of groups?
Second, how many entities has each organisation. Have you the necessary infrastructure (server, cpu power, RAM)to support these calculations.
Hope that I help,
Thanos -
Hello,
Is it possible to use one MDIS for several MDSs?
For example, configure mdis.ini in the following way:
[GLOBAL]
String Resource Dir=E:\PROGRA2\SAPMDM1.5\IMPORT~1\LangStrings\
Log Dir=E:\PROGRA2\SAPMDM1.5\IMPORT~1\Logs\
Server=MDS1,MDS2,MDS3
Best regards,
DaleHi Dale,
This is indeed a good question and i tried this as well but it is not possible to use more then one MDM Server with one Import Server. When you make the entry in MDIS.ini against the server attribute, it treats that as a single string hence if you specify more than one server name it will not recognize even the single.
Hope it helps.
Regards,
Jitesh Talreja -
Hi Gurus: I am trying to create one payment for several vendors. I tried F-58 and it works fine. I also created a unique payment method to map to a specific account. The business requirement is "How can we pay one check to American Express" for several invoices from several vendors". So I added American Express as an alternative payee to each of the vendors. All works fine except that the client wants the record on the FCHX file that is sent to the bank as well as one check for that vendor. FCHX means that we would need to use F110 & not F-58. However in F110 I cannot group several vendors to be paid by one payee...correct?
Any help with be GREATLY Appreciated!
thanks
BrianHi,
I'm afraid I don't have an answer but I'd like to highlight the question/thread since we have the same issue.
We have several cases of invoice documents that needs to be posted to different vendors, because we need to report the Accounts Payable on the different vendors' VAT numbers for legal purposes. The payments for several documents might, however, be going to the same payee. I.e. we might have ten invoices booked on ten different vendors but with only one payee.
We are using the alternative payee/permitted payee functionality but the problem is that F110 generates one payment document per vendor. We would like to have one document per payee. This is possible in F-53 or F-58 (where I can manually select several vendors in the same clearing) but we need to use F110 since we are generating both check printouts and DMEE files for these payments. The bank charges us a fee for each payment, so in the example mentioned they would charge us ten fees instead of one. So it is very costly if this cannot be solved.
Any suggestions? The setting mentioned previously in this thread does not help.
Many thanks in advance for your input!
/Michael -
The error below makes absolutely no sense! I'm using Enterprise Core...yet I'm being told I can't use remote data sources:
w3wp!library!8!03/05/2015-19:08:48:: i INFO: Catalog SQL Server Edition = EnterpriseCore
w3wp!library!8!03/05/2015-19:08:48:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.OperationNotSupportedException: , Microsoft.ReportingServices.Diagnostics.Utilities.OperationNotSupportedException: The feature: "The edition of Reporting
Services that you are using requires that you use local SQL Server relational databases for report data sources and the report server database." is not supported in this edition of Reporting Services.;
Really? This totally contradicts the documentation found here:
https://msdn.microsoft.com/en-us/library/ms157285(v=sql.110).aspx
That article says remote connections are completely supported.
ARGH! Why does this have to be so difficult to setup?!?Hi jeffoliver1000,
According to your description, you are using Enterprise Core edition and you are prompted that you can’t use remote data sources.
In your scenario, we neither ignore your point nor be doubt with what you say. But actually we have met the case before that even though the SQL Server engine is Enterprise but the reporting services is still standard. So I would recommend you to find the
actual edition of reporting services you are using. You can find Reporting Services starting SKU in the Reporting Service logs ( default location: C:\Program Files\Microsoft SQL Server\<instance name>\Reporting Services\LogFiles). For more information,
please refer to the similar thread below:
https://social.technet.microsoft.com/Forums/en-US/f98c2f3e-1a30-4993-ab41-acbc5014f92e/data-driven-subscription-button-not-displayed?forum=sqlreportingservices
By the way, have you installed the other SQL Server edition before?
Best regards,
Qiuyun Yu
Qiuyun Yu
TechNet Community Support -
I have a MacBook that is synced with my ipad. My daughter has an Iphone4 and no computer. How can we use the one computer for both devices that are unique and keep them separate. thank you for your help!
This should help:
How to use multiple iPods, iPads, or iPhones with one computer
Regards. -
1100 with Local Radius Server problems Atheros Client
I have Local authentication turned on for the 1100 and am using the Atheros Client Utility configuring LEAP with username/password and it is failing, here is the debug from the 1100.Any help much appreciated.
Xcon-ap1100#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Xcon-ap1100(config)#radius
Xcon-ap1100(config)#radius-server local
Xcon-ap1100(config-radsrv)#no nas 10.201.1.5
Xcon-ap1100(config-radsrv)#nas 10.201.1.5 key thiskey
Xcon-ap1100(config-radsrv)#end
Xcon-ap1100#debug radius
Radius protocol debugging is on
Radius protocol brief debugging is off
Radius protocol verbose debugging is off
Radius packet hex dump debugging is off
Radius packet protocol debugging is on
Radius packet retransmission debugging is off
Radius server fail-over debugging is off
Xcon-ap1100#term mon
Xcon-ap1100#
*Apr 3 16:26:26.961: RADIUS: AAA Unsupported [248] 10
*Apr 3 16:26:26.961: RADIUS: 43 61 72 64 69 66 66 4E [CardiffN]
*Apr 3 16:26:26.962: RADIUS: AAA Unsupported [150] 3
*Apr 3 16:26:26.962: RADIUS: 32 [2]
*Apr 3 16:26:26.962: RADIUS(000000FC): Storing nasport 246 in rad_db
*Apr 3 16:26:26.962: RADIUS(000000FC): Config NAS IP: 10.201.1.5
*Apr 3 16:26:26.963: RADIUS/ENCODE(000000FC): acct_session_id: 251
*Apr 3 16:26:26.963: RADIUS(000000FC): Config NAS IP: 10.201.1.5
*Apr 3 16:26:26.963: RADIUS(000000FC): sending
*Apr 3 16:26:26.963: RADIUS(000000FC): Send Access-Request to 10.201.1.5:1645 id 21645/158, len 130
*Apr 3 16:26:26.963: RADIUS: authenticator 74 20 7D 86 32 7B 1A 65 - 88 DE A7 58 51 91 FA 5D
*Apr 3 16:26:26.963: RADIUS: User-Name [1] 6 "test"
*Apr 3 16:26:26.964: RADIUS: Framed-MTU [12] 6 1400
*Apr 3 16:26:26.964: RADIUS: Called-Station-Id [30] 16 "000f.f751.7970"
*Apr 3 16:26:26.964: RADIUS: Calling-Station-Id [31] 16 "0090.963d.7bf6"
*Apr 3 16:26:26.964: RADIUS: Service-Type [6] 6 Login [1]
*Apr 3 16:26:26.965: RADIUS: Message-Authenticato[80] 18 *
*Apr 3 16:26:26.965: RADIUS: EAP-Message [79] 11
*Apr 3 16:26:26.965: RADIUS: 02 02 00 09 01 74 65 73 74 [?????test]
*Apr 3 16:26:26.965: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
*Apr 3 16:26:26.965: RADIUS: NAS-Port [5] 6 246
*Apr 3 16:26:26.965: RADIUS: NAS-IP-Address [4] 6 10.201.1.5
*Apr 3 16:26:26.965: RADIUS: Nas-Identifier [32] 13 "Xcon-ap1100"
*Apr 3 16:26:31.966: RADIUS: Retransmit to (10.201.1.5:1645,1646) for id 21645/158
*Apr 3 16:26:36.966: RADIUS: Retransmit to (10.201.1.5:1645,1646) for id 21645/158
*Apr 3 16:26:41.966: RADIUS: Retransmit to (10.201.1.5:1645,1646) for id 21645/158
*Apr 3 16:26:46.965: RADIUS: No response from (10.201.1.5:1645,1646) for id 21645/158
*Apr 3 16:26:46.965: RADIUS/DECODE: parse response no app start; FAIL
*Apr 3 16:26:46.965: RADIUS/DECODE: parse response; FAIL
*Apr 3 16:26:46.966: %DOT11-7-AUTH_FAILED: Station 0090.963d.7bf6 Authentication failed
*Apr 3 16:26:50.070: RADIUS: AAA Unsupported [248] 10
*Apr 3 16:26:50.070: RADIUS: 43 61 72 64 69 66 66 4E [CardiffN]
*Apr 3 16:26:50.071: RADIUS: AAA Unsupported [150] 3
*Apr 3 16:26:50.071: RADIUS: 32 [2]
*Apr 3 16:26:50.071: RADIUS(000000FD): Storing nasport 247 in rad_db
*Apr 3 16:26:50.072: RADIUS(000000FD): Config NAS IP: 10.201.1.5
*Apr 3 16:29:29.041: %DOT11-7-AUTH_FAILED: Station 0090.963d.7bf6 Authentication failed
*Apr 3 16:29:52.253: %DOT11-7-AUTH_FAILED: Station 0090.963d.7bf6 Authentication failedI have a very similar situation here. Took me a while to figure out why existing user certificates are OK but no new users can enroll. I checked all certificates for expiry. No go. It was not the expiry ("Valid to") time, but rather the "Valid From" time that is messed up.
This is what happens: The rollover gets created and replaces the original one (which remains in memory, no flash) But the new one is valid from the expiry of the old one - in my case TOMORROW and after a power-outage the day before yesterday (the most definitive way to get a reboot!) I only have the new NOT YET VALID certificate.
OK, I can wait until tomorrow and see if it works. But the design is far from intelligent. The industry standard is that when you renew a certificate, the validity of the new one is immediate - even if it means it runs for a few days longer than the designated lifetime.
So much for the overlap period of 30 days (as you can see from your own post) if the old certificate goes away after a reboot and the new one is not yet valid! (The CA certificate expiration timer gets reset to some Unix time-zero ( 01:00:00 CEST Jan 1 1970) which I take to mean "not valid yet".)
I only have a few days of trouble - and just one to go after finally working it out, but it could have been up to 30 days if I for any reason had rebooted after the roll-over certificate got created.
Cheers
Bernhard -
One username for two tunnel in IPSec remote access vpn + ACS for authentication
Hi all,
I want to set up a username which can be used for two different IPSec tunnel (i.e. username USER1 can be used in tunnel TUN1 and TUN2). Can anyone help me how to do this? My current configuration is that I tied the username to tunnel group using group-lock (RADIUS property) so a username can only be used for a particular remote access vpn tunnel (USER1 can only be used for TUN1). I have already tried to enable multiple entry for group lock in ACS (by manipulating the dictionaru setting in ACS), but it seems that authentication still takes the first group and can not take the second group.You'd have to create a new AAA server group pointing to servers in the new domain for authentication.
Then make a new connection profile that uses that AAA server group.
Your users would have to choose the connection profile (absent some more advanced tricks like issuing them user certificates that can be checked for attributes which map to one profile or another).
This could also be done with ISE 1.3 which can act as the RADIUS server and join to multiple AD domains on the backend as identity stores. (or even with ISE 1.2 if you use one of the AD directories as an LDAP store vs. native AD). -
One spool for several archivelink object
Hello,
I would like to create a single pool to print several archivelink object ?
THanks
Best regardsHi Aurélien :
Could you explain your solution?.
I have to create one spool for each document linked to a specific invoice and don't know how to do it.
Best Regards,
Carlos. -
One order for several maintenance equipment
Hi
Is it possible on SAP-PM to create an order for several equipment
Thinkshi
The object list is a central part of the order. You use it to assign technical objects, notifications or objects, which are identified by a combination of material and serial numbers, to the order.
When you make entries in the object list for an order, you are linking it to the objects you enter. When you make entries in the object list for an order, you are linking it to the objects you enter.
Even if no reference object has been entered for the order on the header data screen, you can still assign technical objects, notifications or objects, which are identified by a combination of material and serial numbers, to the order in the object list
Two features are available for the object list:
An object list, in which you can enter technical objects (equipment, functional locations, assemblies) and notifications
An object list, in which you can enter objects, which are identified by a combination of material and serial numbers, and notifications
Which of these two versions is used in the order depends on:
The choice of reference object in the notification/order
The view setting for the Reference object frame in the notification/order
If you create the order with reference to a notification, for which a reference object has been entered, the system copies the reference object from the notification as the reference object for the order. The system writes the notification number in the order header and in the object list for the order.
You can group together several notifications that can be processed together using a "worklist for notifications" for a maintenance or service order. In this case, the notifications are also included in the object list of the order
check
http://help.sap.com/saphelp_erp2005/helpdata/en/5b/ae2ed74b8611d182ba0000e829fbfe/content.htm
-ashok -
Lenovo 11s backup one backup for multiple devices
Hi, have bought 28 devices...
on first acitivation, 800MB win 8 update, then 3.62 GB to update to Win 8.1, , then another 1GB for win8.1 updates. 2.5 hours ++
Microsoft and Lenovo seems to have got rid of the concept of ISO image backup disks purchase as an option..
Now if i were to follow the tortuous create system recovery route and create a back up image.
Could i use that image to install the update/restore on all the other devices... or is that "backup" linked to a windows activation code for the device it was created on?
Windows 8 and 8.1 a proverbial mess.....
Searched online in Lenovo . no answers
Welcome for forum wisdom.
Mark
Solved!
Go to Solution.The best way to do what you want to do is to use Microsoft Deployment Toolkit. There is a learning curve; however, it is the tool Microsoft intends to be used for image capture and deployment in a an environment where you do not already have something like SCCM in place to manage and deploy systems. With it you can capture an image from a donor machine and you can create deployment media (a usb key) which allows you to deploy that captured image to other machines.
Using the method you described, all of the machines would have the same exact SID's (security IDs). The MDT process uses sysprep so that every machine can be initialized with their own unique SIDs. -
How to use one URL for several Oracle AS?
Hi folks,
how do I use one URL to access several application servers (i.e. for different applications).
Example:
We have one URL:
www.test.com
In our DMZ, wie have three application servers and one web cache:
test1.intranet.com:7777
test2.intranet.com:7777
test3.intranet.com:7777
webcache.intranet.com:8000
One application server is no problem. In Web Cache, i just map site www.test.com:443 to AS test1.intranet.com:7777.
But what is the correct setting, to access all three Oracle AS over one URL? I tried URL PATH Prefix. Then i am able to access all three Oracle AS, but the application server does not know the Path.
Example for mapping:
www.test.com:443/server2 -> test2.intranet.com:7777
When I access www.test.com:443/server2, I get redirected to the correct AS (test2.intranet.com:7777), but the Oracle AS does not know the path /server2.
How do I have to configure the Oracle AS?
Thanks in advance and best regards.I setted up a proxy and at first glance,
it works fine. The problem are internal links. Some links redirect to the
machine name, which is of course not accessible from outside our dmz.
My httpd.conf entries:
ProxyPass /test1infra/ http://test1.intranet.com:7777/
ProxyPassReverse /test1infra/ http://test1.intranet.com:7777/
ProxyPass /test1mid/ http://test1.intranet.com:7778/
ProxyPassReverse /test1mid/ http://test1.intranet.com:7778/
When I now access (for example) www.test.com/test1infra/pls/orasso I get
redirected to www.test.com/pls/orasso, which is another Oracle AS!
How can I prevent my OracleAS doing this? It has to "know" that all its internal urls need a url path prefix.
Maybe you are looking for
-
Back up iTunes purchases to external hard drive
Can someone please tell me how to back up just my iTunes purchases to an external hard drive? I don't want to save my whole iTunes library.
-
MaC*MiNi's*Super*Secret*Expansion*Port?
Hi there, planning to get an Intel Mac Mini soon, but I could not test this out yet - I was wondering if anyone could answer my questions: The Intel Mac Mini, as I've read on some documents, has a new wireless card from the old PowerPc Mac Minis (whi
-
IMacs almost always refuse to shut down
Hi, I have at home 2 iMacs and a MacBookPro, all running the latest OS. My 2 imacs have big trouble shutting down. Sometimes they do, but mostly they don't. Especially the most recent one (ALU) causes problems. I shut down, nothing really happens and
-
Segmentation fault in upirtrc() using oopen()
Hi, I am trying to open an OCI cursor using oopen() in Oracle 11gR1 and I get this error program received signal SIGSEGV, segmentation fault in upirtrc() from /u02/app/oracle/product/11.1.0/db1/lib/libclntsh.so.11.1. I am using SuSe Linux 10 and i586
-
How do i uninstall Safari 5.1.5?
Finally discovered WHY I can no longer access the USGS Map Locator. I update Safari a couple of weeks ago to 5.1.5 and just now found out it REQUIRES OS X Security Update 2012.001 which I CANNOT install. This security update KILLS all capability of