MAC and Leap authentication

I am using MAC address and LEAP authehtication via ACS, MAC address is configured as user in ACS database and LEAP using external windows user database.
If this is a case, can someone use the MAC address as username and p/w to login to the network ?
If I use both the ACS secure DB and ext Windows user DB, which one will be checked first for an username from client ?

If I key in the MAC address in the username and password logon, will the MAC address passthrough both the MAC and LEAP authentiation ?
First the MAC address is verified by the ACS local user database. Secondly, when come to LEAP authentication, since I key in MAC address as username and passwaord, this entry is also found in the ACS local database as a valid user, will it be allowed ?

Similar Messages

  • EAP-TLS and LEAP on a 1200 AP

    Is it possible to have a 1200 AP use EAP-TLS and LEAP authentication simultaneously? We currently use LEAP in production and I have successfully configured a test 1200 AP to use EAP-TLS, but we would like to have it use both methods until all clients can be set up for EAP-TLS.

    You may view this link : http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/acstl_wp.htm
    Regards
    Mc

  • MacBookPro and Cisco's LEAP authentication method

    I am getting ready to get laptop in next couple of weeks.
    The Law School's wireless network standard is 802.11g. The network uses Cisco's LEAP authentication method. Only LEAP-enabled notebook computers may connect to all access points of the Law School wireless network.
    I googled this and at least last year in 2006, macbook pro's weren't working with the LEAP system because they woudln't assign an IP address. Do you know has this been resolved?
    MacG5 Mac OS X (10.4.10)

    I found this: Finder>Help>Mac Help>Search: LEAP>
    "AirPort: How to configure Mac OS X 10.4 "Tiger" clients for LEAP authentication
    If you select LEAP authentication on a Mac OS X 10.4.2 or later computer on which the AirPort 4.2 or later update has been installed, your authentication settings may be lost after restart, sleep, or location change. As a workaround, you should use the steps shown here, which will have the effect of configuring LEAP, even though you will choose WEP from the menu.
    Go to the Network pane of the System Preferences, show AirPort, and click the AirPort tab.
    Be sure the "By default, join" menu is set to "Preferred networks."
    Note: If you don't have "Preferred networks" as a choice, this means that your 10.4 system was upgraded from 10.3, and that you're still using a Location imported from 10.3 (Panther). In this situation, you experience Panther behavior instead of new Tiger features. You will need to create a new location to utilize Tiger features and complete these steps.
    Click the "+" button.
    Enter the desired network name in the window that appears.
    From the Wireless Security pop-up menu, choose WEP Password.
    Replacing username and password with actual name and password, enter them exactly as show here, including both brackets and slash:
    <username/password>
    Note: Though there will not be any visible indication, this entry format sets the client to use LEAP rather than WEP.
    Click OK. Note: The network entry will appear in the table as "WEP," but LEAP will be used.
    Click Apply Now."
    Looks like it works when you know what to do (or where to search).

  • Leap authentication and windows Logon

    Folks,
    Is it possible to login only one into windows and not login to the leap client, assuming that you are using ACS whihc is point LEAP credidentails to the WINDOWS domain controller so same password and username. Users in my company do not want to logon twice (windows and leap client) with the same credidentails.
    Thanks

    If you mean you want to still use LEAP but only want the users to have to log into WIndows to do so then the anser is yes. You just need to configure this on the ACU application. Under the profile go to Edit,Network Security. Make sure that you have LEAP selected. Click the configure button. Select Use WIndows Logon User Name and Password. That should do it. Take a look at the screen shot. Please be aware that the authenticatio will appear to be hung on the finding a Domain Controller section. Just give it about a minute or so to complete. Cisco is working on fixing this. Usually if you hit cancel once it gets to that point it still authenticates you and takes you onto your desktop.
    Please remember to rate all replies.

  • WPA Enterprise Problem Windows 7;  Macs and iPhones working good

    Dear Apple Discussions,
    I have a strange problem within my corpoarte network. I have successfully setup airport base stations with wpa/wpa2 enterprise authentication against an open directory master on apple snow leopard server. Macs and iPhones can connect through this very easily and without problems. Windows Machines seem to have some trouble with this. I have a self signed certificate and a trusted certificate for the server, both are resulting in the same issues. The Windows clients cannot connect. There is no error message on the windows boxes. Here is a snippet from the logfile on the OSX Server radius.log:
    Thu Aug 19 12:49:45 2010 : Error: TLS Alert read:fatal:unknown CA
    Thu Aug 19 12:49:45 2010 : Error: TLS_accept:failed in SSLv3 read client certificate A
    Thu Aug 19 12:49:45 2010 : Error: rlm_eap: SSL error error:14094418:SSL routines:SSL3READBYTES:tlsv1 alert unknown ca
    Thu Aug 19 12:49:45 2010 : Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails.
    This happens everytime and I did not find any possible solution within google search. Do you have any idea?
    Thank you for any help!!
    Nico

    Nico,
    I have run into this problem as well. One additional piece is that in addition to Macs and iPhones, we also have Android phones connecting with no problem.
    The only solution we came up with was to force the windows machine, in this case Vista, to use only our network and eliminate all others. Of course for our windows user that was a problem when he went home because he could not connect to his own home network any longer.
    Unfortunately, that resulted in giving up on the issue for us and forcing the windows guy to plug in via ethernet.
    -Erich

  • E6-00 and Belle update : Cannot use Wifi and LEAP ...

    Upgraded the E6-00 yesterday. First issues arise and even after a full reset, it still does not work.
    - Wifi connection using LEAP authentication
    Network is found, popup to enter username and password, all is good. Except the phone keep trying to connect while I type the password and each time, it re-ask the username. In short I cannot use connect at all as I don't have time to enter both username and password before it loop.... No more wifi connection possible as it use this LEAP authentication. Any way to increase the connection retry timeout ?
    - IMAP folder not found
    Same config as under Anna, but under Belle, it does not find any folder for IMAP account (and yes, the mail root folder is right), refreshing the folder list, just do nothing.
    - MAPS
    Say that it's empty and need maps. Give few options:
       * use OVI on the PC : OVI doesn't find MAP on the phone
       * use wifi to download map : .... if wifi would work, why not
    Anybody else got the same issue ? Or found solution ?
    L.\
    Solved!
    Go to Solution.

    Upgraded the E6-00 yesterday. First issues arise and even after a full reset, it still does not work.
    - Wifi connection using LEAP authentication
    Network is found, popup to enter username and password, all is good. Except the phone keep trying to connect while I type the password and each time, it re-ask the username. In short I cannot use connect at all as I don't have time to enter both username and password before it loop.... No more wifi connection possible as it use this LEAP authentication. Any way to increase the connection retry timeout ?
    Ok try to delete your apn, reset the device and resintall the OS. Don't restore any backup ans configure the WLAN apn: settings> connectivity> settings>destinations. Into the WLAN settings go to WI-fi security settings> in the fifrst field select EAP> in the second field EAP plugin settings > select EAP-LEAP.
    This way the apn will work again
    - IMAP folder not found
    Same config as under Anna, but under Belle, it does not find any folder for IMAP account (and yes, the mail root folder is right), refreshing the folder list, just do nothing.
    Please delete your mailboxes and configure them as you want. To create a IMAP access mailbox , for example Nokia Mail (outside of Messaging server) select Other. Put you credentials and choose Standard. You will see into Settings> your mailbox > sync content > Folder subscriptions> choose which folder to sync and it's done
    - MAPS
    Say that it's empty and need maps. Give few options:
       * use OVI on the PC : OVI doesn't find MAP on the phone
       * use wifi to download map : .... if wifi would work, why not
    Anybody else got the same issue ? Or found solution ?
    Please delete on mass memory the folder Cities and the file Qf, then open Maps and close the application. Verify that the folder Cities and the file Qf are again in E. Connect your device to Nokia Suite and redownload the cartography. 

  • Is following message due to 'Java' setting left unchecked? Mac OSX supportsUser Authentication Mechanism (UAM) plug - ins from other manufacturers to control access to servers.To use a UAM, copy the plug - in to: Library/ Filesystems/ AppleShare/ Authenti

    Is following message due to 'Java' setting left unchecked?
    Mac OSX supportsUser Authentication Mechanism (UAM) plug - ins from other manufacturers to control access to servers.To use a UAM, copy the plug - in to: Library/ Filesystems/ AppleShare/ Authenti

    Man that is an ancient message.
    The last time I saw that was using Mac clients connected to a Microsoft (Windows) Server running 'Services for Macintosh' which included the ability to act as an AppleShare compatible file server. Because Microsoft have a different security system for defining accounts which includes the 'domain' as well as username, the standard Mac AFP client did not know how to send that information.
    Therefore Apple made it possible to installed a plugin in the form of a UAM or User Authentication Mechanism which added the ability to send this information to login to the fileserver.
    See http://support.microsoft.com/kb/101747
    However Microsoft have long discontinued 'Services for Macintosh' and now the only way for a Mac to connect to a standard Windows Server is via SMB not AFP. I don't believe this plugin is available to download anymore.

  • OS-X - 802.1x and machine authentication

    Hi all
    I have a customer with a large installed base of MacBooks Pro running MAC OS-X, connected via WLAN to a centralized Cisco WLC 5508. He also has installed a Cisco ACS 5.x as RADIUS server and Open LDAP as directory services.
    The customer wants to do machine authentication based on cthe lients MAC addresses, which means that the ACS 5.x has to check the clients MAC address against the LDAP.
    Obviously MACs are not able to send "host/" to differentiate between client- and user-authentication, which by the way works perfect.
    - Does anybody have made the same experiences ?
    - Has anyone managed to get this running ?
    - Can anyone provide me config examples, hint or tipps ?
    Everything is very much appreciated since this is an urgent request.
    Many thanks in advance
    Best regards
    Roman

    Hi Danny. Older thread here, but I can confirm 10.8.4 did indeed resolve a very specific bug in circumstances where the netbios name did not match the domain name. We worked with Apple's engineers on resolution for this fix and can confirm that until we got our Macs to 10.8.4, we experienced similar issues with machine-based configuration profiles failing to authenticate as a result of incorrectly passing the wrong domain.
    Glad you found resolution with a later version of the OS.
    Reference: http://lists.psu.edu/cgi-bin/wa?A2=MACENTERPRISE;Zrq7fg;201303271647570400

  • Xgrid server admin controller tab won't create password entries for client and agent authentication.

    I am trying to set up password-based access for my OSX Server 10.7.3 running on a mac mini.  When I try to enter passwords into the Client Authentication and Agent Authentication fields from the Controller tab and click Save, the fields empty out.  When I then try to start the Xgrid service, it fails with an error in the log file controller missing password file "/etc/xgrid/controller/agent-password".  Can someone help?
    Thanks,
    Chris

    Thanks for the pointer to createhomedir - that did indeed do the trick. (How on earth do people find these little nuggets).
    I hesitate to mark this as solved however - it's a functioning workaround, but does nothing to explain why on earth the GUI suddenly stopped functioning.
    But in the (likely) event that that question never gets answered, thanks again for letting me get on with working!

  • Simple network: Windows 7 file server & several Macs and Linux machines- SAMBA bombing out?

    Hi guys, i know this is really more of a windows support question, but here goes:
    Windows 7 Ultimate 64bit acting as a file server, turned off all the usual MS authentication stuff so Macs and Linux systems connect with password without issues..
    except when i start copying certain files/file types/names to the system, it will break the network connection, then refuse any more connections, all macs and linux machines on the network are booted, from the PC however i can still access the Macs shares volumes.. (the macs still see the windows machine & pinging is still there, but if i try to connect i get 'check the name/ip address' error
    im no expert, but its as if the Samba service on the windows machine gets killed and im not sure what to do to get it to re-connect other then restarting the system, but as the system is also a terminal server users always have apps/documents open and its 'never a good time' to do it..
    if there was an alternate Samba to install, or a buffer patch, or even a 'goto this service, stop and restart' etc.
    Trying to get help from the 'windows' community comes down to 'well your on a mac what do expect etc etc' *sigh*
    any help is appreciated
    Richard

    Hi, just thought id update my finding regarding this, and it maybe directly affected by my only system, but in case anyone else has this issue?
    I thought it may be due to the file name thats causing the lockups, but I found while trying to backup my collection of install images and updates that sure enough a simple named file 'osx10.6.3.DMG' going to the server, 850MB in it stalls and fails, now im not able to connect.
    but form the PC, without changing the name or location etc, i copied the SAME from the Macs hard drive through to the windows system, all 5.7GB.
    so it is something to do with my windows 7 system, but maybe more related to the size of the file then the name or non-standard characters as first thought.
    as suggested by Grant above i will check on the server boards as well.
    thanks

  • Will mac and pc software work together?

    I have Protools that I like with mac, but on my pc, I have a quantum leap program that will only work on windows. Can I operate protools on mac and have the pc program talk to it?

    You should probably contact the makers of ProTools and ask them.

  • Difference between Spilt Mac and Local Mac architecture

    Hi,
    Can someone explain to me the difference between Split mac and Local Mac architecture.
    And of course if you have some documentation on it, I'll take with pleasure.
    Thank you.
    Jonathan.

    http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-3/wireless_lan_switches.html
    Two types of MAC implementations are possible with Fit APs, known as the Local MAC and the Split MAC architectures. Local MAC is where all the wireless MAC functions are performed at the AP. The  complete 802.11 MAC functions, including management and control frame  processing, are resident on the APs. These functions include time-sensitive functions (also  known as Real Time MAC functions).
    The Split MAC architecture divides the implementation of the  MAC functions between the AP and the controller. The real-time MAC  functions include functions such as beacon generation, probe transmission and  response, control frame processing (for example Request to Send and Clear to        Send—RTS and CTS), retransmission, and so on. The non-real  time functions include authentication and deauthentication; association  and reassociation; bridging between Ethernet and Wireless LAN; fragmentation; and so  on.
    Vendors differ in the type of functions that are split between  the AP and the controller, and in some cases, even about what  constitutes real time. One common implementation of a Fit AP involves local MAC at the AP and  control and management functions at the AP.
    split mac
    http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob30dg/TechArch.html#wp999574
    CAPWAP Protocol
    http://www.cse.wustl.edu/~jain/cse574-10/ftp/capwap/index.html

  • File sharing between Macs and PCs

    I'm not able to properly network a Mac and a PC laptop in my office. The Mac is running 10.4.9, the PC is running XP Service Pack 2. Here's what I'm doing:
    I right-click on a Windows folder. On the "Sharing" tab I click on "Share this folder on the network."
    I go over to the Mac. I try to browse the network; the PC doesn't show up. I type command-K, type in smb://[my PC name] into the box. A dialog box pops up indicating that it's trying to connect, but nothing happens.
    Similarly, if I turn on Windows File Sharing on the Mac and try to go the other way (access the Mac from the PC), that doesn't work either.
    What am I doing wrong?
    Thanks very much.
    G5 Dual 2.5 GHz   Mac OS X (10.4.8)  

    I am having a similar problem getting onto a Windows network with my Mac.
    I select Finder/Go/Connect to server...
    I then enter my server's address, and click on the "connect" button. I get the "connecting to server" dialog box. Then I get the "SMB/CIFS File System Authentication" dialog box. The "Workgroup or Domain" box already is filed in with the proper name, so it appears to me that I have made contact with the server. The "name" box shows up filled in with my .mac name, so I delete it and type in my Windows user name. I then fill in my Windows password, and click on the "OK" button.
    Then the "connecting to server" dialog box reads "could not connect to the server because the name or password is incorrect."
    I am using the same name and password that I use when I get on the netowrk with my Dell. In fact, I will plug the ethernet cable into my Dell and get onto the network. I then log off, switch the cable to my MacBook Pro, and I cannot get on.
    Any thoughts on why the server is sending my MacBook Pro the "wrong name or password" message, but letting my Dell on?
    MacBook Pro   Mac OS X (10.4.9)  

  • New to Mac and Airport

    I just got a macbook pro and now i'm trying to move from my linksys wireless router to a AEB 802.11n (and one airport express station). I had my mac and one windows laptop running through the AEB and then my desktop dell pc would not find the network i created anywhere? Any suggestions on that?
    Also, now I can't even get the AEB to allow my mac to connect to the internet. It finds the AEB but doesn't go out to the web. Any ideas? I'm looking for some beginner's basics on networking with mac/pc environment.
    Thanks a lot.

    I just got a macbook pro and now i'm trying to move
    from my linksys wireless router to a AEB 802.11n (and
    one airport express station). I had my mac and one
    windows laptop running through the AEB and then my
    desktop dell pc would not find the network i created
    anywhere? Any suggestions on that?
    Also, now I can't even get the AEB to allow my mac to
    connect to the internet. It finds the AEB but doesn't
    go out to the web. Any ideas? I'm looking for some
    beginner's basics on networking with mac/pc
    environment.
    Turns off your cable/dsl modem for at least 8 hours and/or call your ISP and ask them to "reset MAC authentication". The MAC address of the machine you originally had connected to the internet is "cached" by the ISP, and unless reset, is the only one allowed to access the internet.

  • How do you file share between mac and pc?

    i need to know how one can share files between a mac and a pc. my MBP is running os x 10.5.2 and my PC is running vista.
    thanks!

    Mac/Windows Networking in Leopard
    The following articles outline how to set up networking between Macs using Leopard and Windows PCs:
    Setting up a Windows computer to share files with Mac users
    Setting up a Mac computer to share files with Windows users
    Sharing with Windows computers
    If you can’t connect to your Mac from a Windows computer
    Sharing your computer with others on your network
    More information is also available by selecting Mac Help from the Finder's Help menu and searching for the relevant terms such as "windows", "networking", "sharing", etc.
    Also read:
    Simple guide to Leopard/Windows Home Networking
    Written by Intercepter121 and originally posted on the Apple Discussions here.
    If your network complies to the minimum requirements described below you should be able to share resources without any need to enter commands in the terminal to modify configuration files in your mac.
    Requirements
    1. A decent router
    2. Mac Os x 10.5.1 installed on your macs
    3. Windows XP or Vista
    4. Number of network devices <10
    5. Some network printers or drives (NAS)
    6. A decent ISP offering a good DNS service
    <u>General Settings
    If your router offers DHCP and any of the device has power saving features there is a risk that the IP addresses are renewed. This can be problematic as the devices keep changing IP addresses. As this is your network is strongly recommended to reserve IP addresses to the MAC (Machine Address Code) of the various devices so that they can power on and off and still keep the same IP.This simple suggestion will greatly improve the browsing of the local network.
    Accessing Windows Resources from Leopard with no authentication
    Windows
    1. Check the settings of the PC and ensure the IP addresses on the local LAN are trusted
    2. Activate sharing on the desired devices ensuring the shares are read and write. If you use Vista ensure password protected sharing is disabled.
    3. Try to access the windows share from another windows computer if available to confirm no authentication is required
    MAC
    1. Go into system preferences->security-Firewall check that the setting is not on allow only essential services. Recommended settings is allow access to specific
    2. Go back into system preferences network. On the tab location click edit locations. Duplicate Automatic and call the new location Home. Now select the Home location and go into Advanced-WINS. In the workgroup field enter the same value that is on the other windows computers for example HOME. Now press enter then go back to the main screen. Select Edit locations and delete the location automatic. Now edit your location Home and rename it Automatic. This workaround is a leopard bug described here.
    3. Give 5 minutes to allow all the other machines to broadcast their IP address and the other computers should appear on the left side of your finder window. You can now select the shares you want to connect. As no authentication is active if you are prompted with a user name just press OK.
    The procedure to access a NAS is the same as above, just ensure permissions are set to files are read/write for anyone to avoid confusion.
    NOTE: There is no need to activate SMB sharing if you don't want to allow the PC to read folders on your MAC
    Troubleshooting
    After you have followed all the steps you don't see any windows PC.
    Identify the IP address of the machine you want to connect. In finder select Option+K and enter SMB://IPADDRESS. If you can connect you have a name resolution problem. Go into your router configuration and ensure that the option DNS assigned by ISP is selected and you don't have services like Open DNS in use and fixed IP addresses in that field. Apply the changes and reboot the router. You should start seeing windows PC in finder shortly after.
    Your ISP DNS service is poor and you must use Open DNS or similar
    If you are forced to use services like open dns you have the risk that the router propagates the DNS servers to your machines. As the implementation of SAMBA in Leopard effectively blocks the MAC to be a master browser for performance reasons you end in a situation in which tiger machines connect and leopard ones don't see a single share. Let's fix it.
    1. Go into System Preferences->Network then advanced DNS if you see here the IP addresses of the open dns servers this is the case. Unfortunately you will be forced to change the hosts file.
    2.Ensure you have reserved IP addresses to all your machines so that they always get the same IP.
    3. Now login into your mac as administrator and go into utilities=>terminal.
    4. Issue the following command sudo pico /etc/hosts
    5. Now scroll down and enter all the IP addresses and computer names of any device you want to browse
    6. Reboot your MAC
    The windows devices will now appear in finder and you will be able to connect with Option+K.
    You cannot access shares even entering the IP address
    You have not reserved IP addresses to each machine. Go into your router LAN set up and make sure that is the case.
    Accessing Leopard resources from Windows
    1. Go into system preferences->security-Firewall check that the setting is not on allow only essential services. Recommended settings is allow access to specific
    2. Go into System preferences->accounts and click on Guest flag the option Enable guest account to access shared folders
    3. Now into System preferences->sharing select file sharing and then options here flag SMB and select the user that has to be logged into the computer when the share has to be accessed. Ensure that the folder you want to share has read/write or whatever permissions you like it to have set for Everyone
    You should now be able to see your MAC in the windows network resources and access the shared folder with a double click without any password request.
    Troubleshooting
    You don't see any MACs from Windows
    Check the firewall settings at the start of this post. Then go back to the Network configuration hit advanced and then TCPIP check is using DHCP and not a fixed address. Then check the sharing is set as above with SMB clicked. If SMB is not set you won't even see your mac from windows.
    You see the MAC and the shared folders but you can't read or write on it
    Ensure you have set the guest account to access shared folders. Then check on the sharing preferences that there is at least one folder with read permission for everyone. The classic case here is Dropbox that leopard sets as read and write for the user of the MAC but no access for other users. You try to click on drop box and receive an error but when you actually try to write a file you can do it. Check the permissions on the subfolders of the share as those permissions will prevail on the home shared folders
    FAQ
    You may want to do more complicated things, but first ensure you can actually share files without security in place so you can identify the root cause of your possible problems
    I want to password protect my windows shares: once you have done the relative set up in windows vista and ensured you can connect from another windows machine you will need to use user name and password of the Vista user to connect.
    I want to password protect my MAC shared folders: Go into user account and disable guest access to shared folders is no shared folder has to be accessed without password otherwise leave it checked. Create a new user for sharing (better than giving away your password) so that this user only accesses the folders you want to share. In System preferences network select file sharing SMB and flag only the new user you have defined. Then go back to the folder section and set the permissions you like on the folder you want to share for this newly defined user.
    Good Luck

Maybe you are looking for

  • ITunes on XP unsupport Vunerable?

    Hello Friends, I am on an XP machine and now unsupported, what can I use for a calendar that iTunes will sync with? I had thought of trying to use iCloud, (in the clouds), meaning not on my machine, but how can that work? For instance I have always t

  • ALV grid display in a particular format

    Hi, Could you please tell me how do i display the alv grid in this particular format : col1           |         col2               |           col3          |       col4             | abc1          |         def1               | - |---- |           

  • Bitlocker, Windows 8 and self encrypting drives

    I am trying to install a Seagate Constellation.2 self-encrypting drive with Windows 8 for use with Bitlocker. Articles that I've read imply that Bitlocker will recognise the SED. There's no problem with the installation but there is no indication tha

  • SetHeader problem when user downloads a file from a server

    Hi everyone, I have a question about the way to let a user download a file. A created a jsp that handles the download. This is the code: <%@ page import="java.io.*" %><%     response.setHeader("Content-Disposition", "attachment; filename=" + session.

  • Have imovie 6.0.3 problem

    I am using imovie 6.0.3- altho I have imovie 8 on the laptop as well. I am still not used to the newer version. In the older version-- I am having a glitch. When i put photos into the movie pane, the cursor goes over each one, but the pictures do not