PEAP with RSA question

Similar Messages

• Tacacs+ access issue with ASA firewall after integrating with RSA SecureID

  Hi,
  In my earlier post,  I raised the same question but let me rephrased it again. I have configured TACACS+ in cisco ASA firewall and able to access . But when I integrated it with RSA secure ID , I am not able to enter in enable mode. It is not accepting enable password nor RSA passcode. I have created enable_15 in ASA , ACS and RSA server but no luck.
  Did any one face similar issue with ASA access ?
  Rgds
  Siddhesh

  Hi Siddesh,
  In order to help you here, I need to know few things:
  1.] Show run | in aaa
  2.] When you enter enable password on ASA CLI, what error do you see on ACS > Monitoring and reports > AAA protocols > tacacs authentication > "look for the error message"
  3.] Turn on the debugs on ASA "debug tacacs" and "debug aaa authentication" before you duplicate the problem.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Analog Dial-up access with RSA

  I have few question about it,
  1) Is it required ACS to cisco to work with RSA ?
  2) Any link to good document ?
  Thank a lot

  Thank for your answer paddy,
  so the dial-up user will be use
  user: username
  password: rsa generated ?????
  this is only scenario ?
  Thank a lot,
  Nattawut

• PEAP with Novell NDS and LDAP?

  I was reading this Cisco Q&A doc (http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item0900aecd801764fa.shtml) that contained the following question and answer:
  Q. Can I use PEAP with LDAP or Novell NDS databases?
  A. Yes. PEAP provides interoperability with both LDAP and Novell NDS.
  I was under the impression that LDAP and Netware only supported EAP-GTC, EAP-Fast (phase 2 only), or EAP-TLS???
  Can anyone comment?

  Getting 802.1x to work with novell using PEAP w/ GTC is a slam dunk with some exceptions. I'm using Cisco ACS with Backend connection to NDS. If you have XP clients you can easily use the Cisco PEAP supplicant to allow connecting with EAP-GTC. I ran into problems with the mixture of cards and Client OS. I turned to Funk Odyssey Client to solve all my problems on the clients.

• Help with RSA Encryption using SATSA

  Hello,
  I am a new to writing code on J2ME . I am trying to encrypt data using
  RSA public key on J2ME using SATSA.
  I generated the public key using openssl in the PEM format and stored the
  key (mypublickey) as a Base64 decoded byte array in my code.
  Next, I did the following:
  X509EncodedKeySpec test - new X509EncodedKeySpec(mypublickey);
  KeyFactory kf = KeyFactory.getInstance("RSA");
  PublicKey key = kf.generatePublic(test);
  I used this key to encrypt as follows:
  cipher c = Cipher.getInstance("RSA");
  c.init(Cipher.ENCRYPT_MODE, key);
  c.doFinal(data,0,data.length,ciphertext,0);
  where byte[] data = "1234567890".getBytes();
  I get no errors during this process.
  Now, when I try to decrypt the string, I get a padding error as follows:
  javax.crypto.BadPaddingException: Data must start with zero
  The decode is done on a server.
  I tried getting an instance of the cipher with RSA/ECB/NoPadding and this time the decrypt gives junk.
  Question 2: The SATSA example online at http://java.sun.com/j2me/docs/satsa-dg/AppD.html
  has a public key embedded as a byte array. They haven't explained how
  this key is generated. Does someone know?
  Question 3: Suppose, I can get the modulus and exponent of the public key is there any way I can convert it to X509EncodedKeySpec so that I can
  use the APIs in SATSA?
  Thanks in advance for your help. I have been trying to solve this for a lot of time and any help will be greatly appreciated.

  Just wanted to add my code:
  public class test2 {
       public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, ShortBufferException {
            // TODO Auto-generated method stub
            byte [] data = "012345678901234567890123456789ab".getBytes();
            Base64 base64 = new Base64();
  /*public key generated by
            byte [] mypublickey = base64.decode("publickey in PEM format");
            byte [] ciphertext = new byte[128];
            X509EncodedKeySpec test = new X509EncodedKeySpec(mypublickey);
            byte [] myprivatekey = base64.decode("privatekey in pkcs8format");
  KeyFactory rsakeyfac = KeyFactory.getInstance("RSA");
            PublicKey pubkey = rsakeyfac.generatePublic(test);
            Cipher c1 = Cipher.getInstance("RSA");
            c1.init(Cipher.ENCRYPT_MODE, pubkey);
            c1.doFinal(data, 0,data.length, ciphertext);
            PKCS8EncodedKeySpec pks2 = new PKCS8EncodedKeySpec(myprivatekey);
            RSAPrivateCrtKey privkey = (RSAPrivateCrtKey)rsakeyfac.generatePrivate(pks2);
            Cipher c2 = Cipher.getInstance("RSA");
            c2.init(Cipher.DECRYPT_MODE, privkey);
            byte [] decrypteddata = c2.doFinal(ciphertext);
            System.out.println("Decrypted String is:"+new String(decrypteddata).trim());
  Error that I get is:
  Exception in thread "main" javax.crypto.BadPaddingException: Data must start with zero
       at sun.security.rsa.RSAPadding.unpadV15(Unknown Source)
       at sun.security.rsa.RSAPadding.unpad(Unknown Source)
       at com.sun.crypto.provider.RSACipher.a(DashoA13*..)
       at com.sun.crypto.provider.RSACipher.engineDoFinal(DashoA13*..)
       at javax.crypto.Cipher.doFinal(DashoA13*..)

• I still have this "SHA1 with RSA" problem in Java (Sun, are you listening?)

  I posted this (in bold) a few days ago:
  I obtained a CSR from GoDaddy. The only cipher suite GoDaddy supports is "SHA1 with RSA", which is not in the list of Java 1.6.0_01 supported ciphers.
  Can I get "SHA1 with RSA" for Java somewhere?
  Should I revoke my CSR from GoDaddy and get a CSR from somebody who can provide me with a Java-supported cipher?
  If the answer to the above question is "yes", to whom should I go for the CSR?
  Thanks.
  It was suggested that I try another certificate provider. I tried Thawte. Here is the response I got from Thawte (in bold):
  Unfortunately all Certificate Authorities will have their certificates on SHA1
  with RSA as that is the latest in encryption technology. We have a product
  that you can use to sign your Java files, which is called the JavaSoft code
  signing certificate.
  For the setup that you are attempting, our SSL certificates will not work. I recommend
  that you attempt to update the Java version that you are using in order to ascertain
  if this will resolve the issue that you are experiencing.
  I am running JRE 1.6.0_01. That is the latest version of Java, to my knowledge. And yet it does not support "SHA1 with RSA".
  What can I do to get Java to support "SHA1 with RSA".
  Thanks.

  Blimey, everybody is crazy?
  Can I suggest you post this issue to the java-security mailing list. You will definitely get a response from Sun there. [email protected]:
  http://archives.java.sun.com/archives/java-security.html

• Webaccess integrated with rsa

  Hi,
  How do I integrate webaccess with RSA authentication?
  I really need a double authentication for security reasons.
  regards,
  Marcel

  Hi,
  I know this questions is 2 years old, but we like to do the same and searching for a solution.
  When someone have a solution for this, please post.
  Here our setup:
  GWIA 8.0.2hp2 is on Netware 6.5sp6
  GWWEB 8.0.2hp2 is on SLES11sp1
  regards,
  Dirk
  >>> Marcel Krai<[email protected]> schrieb am Samstag, 31. Januar 2009 um 16:16 in Nachricht <CXZgl.5153$[email protected]>:
  Hi,
  Gw8 running on netware 6.5sp7
  Webaccess running on linux (sles10 x86-64)
  regards,
  Marcel
  "gerdesj" <[email protected]> wrote in message
  news:[email protected]..
  >
  > Marcel Krai;1725547 Wrote:
  >> Hi,
  >>
  >> How do I integrate webaccess with RSA authentication?
  >> I really need a double authentication for security reasons.
  >>
  >> regards,
  >> Marcel
  >
  > GWWA is a web application ie it is hosted in Tomcat and generally front
  > ended via Apache. So your question probably becomes:
  >
  > "How do I integrate a web application accessed through Apache with RSA
  > authentication?"
  >
  > This should be covered by a support call to your RSA vendor. Failing
  > that some hunting around with a search engine.
  >
  > Your platform (NetWare/Linux/Windows etc) and versions (GW/OS etc)
  > would be useful to anyone wishing to provide advice.
  >
  >
  > --
  > gerdesj
  > ------------------------------------------------------------------------
  > gerdesj's Profile: http://forums.novell.com/member.php?userid=4527
  > View this thread: http://forums.novell.com/showthread.php?t=358578
  >

• I got a flashing folder with a question mark. I got a new hard drive and upgraded to 4 gigs and can't open anything or reload the operating system? Help?

  I got a flashing folder with a question mark. I got a new hard drive and upgraded to 4 gigs and can't open anything or reload the operating system? Help? FYI: I have been using boot camp with windows 7 and started getting a kernal_data_Page_error and it would reboot windows, i was trying to do a chkdsk on the next reboot, but thats when i started getting this issue. I have put in a new hard drive and went from 2 gigs to 4. I can not get the computer to do anything, even the monitor does not show anything now????

  Prep your new drive:
  Drive Preparation
  1. Boot from your OS X Installer Disc. After the installer loads select your language and click on the Continue button.  When the menu bar appears select Disk Utility from the Utilities menu.
  2. After DU loads select your hard drive (this is the entry with the mfgr.'s ID and size) from the left side list. Note the SMART status of the drive in DU's status area.  If it does not say "Verified" then the drive is failing or has failed and will need replacing.  SMART info will not be reported  on external drives. Otherwise, click on the Partition tab in the DU main window.
  3. Under the Volume Scheme heading set the number of partitions from the drop down menu to one. Click on the Options button, set the partition scheme to GUID (for Intel Macs) or APM (for PPC Macs,) then click on the OK button. Set the format type to Mac OS Extended (Journaled.) Click on the Partition button and wait until the process has completed.
  4. Select the volume you just created (this is the sub-entry under the drive entry) from the left side list. Click on the Erase tab in the DU main window.
  5. Set the format type to Mac OS Extended (Journaled.) Click on the Security button, check the button for Zero Data and click on OK to return to the Erase window.
  6. Click on the Erase button. The format process can take up to several hours depending upon the drive size.
  After formatting has completed quit DU and return to the installer. Install OS X.

• White Macbook has folder with a question mark inside when powered on.

  My brother has a white macbook given to him from a friend and when it is powered on it shows a folder icon with a question mark in the inside flashing and it doesn't boot. He has sent me on a quest to get a power adapter and a new hard drive, He thinks the hard drive is fried. Does anyone know for sure if thats the case, I just don't want to buy all that stuff to figure out that the logic board is dead or something else irreplaceable. There is no backup disks, all I have is a replacement leopard disk from apple used for my mac mini.

  If it is a retail Leopard disc--black with a giant purple X on it--then yes, you could use them, with a couple of caveats. One, it would technically be a violation of the license to use that install of Leopard on more than one computer, and terms of use on this forum forbid me from encouraging such an action. And two, depending on how old this used MacBook is, your install of Leopard may pre-date manufacture of the MacBook and, as a result, not be able to boot the MacBook anyway. However, judging by the info in your signature, that is probably not a problem.
  If the disc for your Mini is gray and shipped with or was meant to ship with the Mini, then no, the disc will not work.
  I still encourage you to get the system discs that came with the MacBook originally, as they have the Apple Hardware Test included, and, as I suggested above, running any OS (or other Apple software) on a Mac without the discs means technically it's an unlicensed copy.

• When I boot up my I get a grey screen with a flashing folder with a question mark

  I was trying to set up a bootable Linux flash drive for another computer using UNetbootin and I accidentally selected an empty partition on my hard drive instead of the USB I was trying to use. It went through the install process, and I didn't realize it was on my computer rather than the USB. The computer worked fine, so I thought nothing of it.
  Today, I go to mess with my computer and it is frozen at the login screen. I restart it, and now I just get a blinking folder with a question mark. I try to go into recovery, but it isn't there. Internet Recovery works fine, but when I go to use Disk Utility or to reinstall the OS it cannot find the internal Hard Disk.
  What am I supposed to do here? I don't want to lose all my data.

  greenbil1
  You can contact AppleCare to buy a replacement set of the oringinal Install discs for a nominal cost. You will need the serial number and a credit card to place the order.

• ACS 5.3 Integration With RSA

  Hi People,
  I have Integrated the ACS 5.3 with AD.
  Now my next goal is to Integrate ACS with RSA in such a way that all my Cisco devices should use the username and password from the AD.
  The enable privilege level should come from the RSA Token OTP.
  Is it possible to do such a thing with ACS 5.3???
  If so how could i do it???
  Thanks,
  Manoj

  I think that can try and make a rule in the identity policy based on the Service attribute in the TACACS+ dictionary
  (this is not tested and based on my recollection so would need your verification)
  1) Create a custom condition for the service attribute in TACACS+ dictionary
  Policy Elements > Session Conditions > Custom
  Create: Dictionary: TACACS+ ; Attribute:Service
  2) Utilize in a rule in Device Admin identity policy
  Access Policies > Access Services > Default Device Admin > Identity
  Sselect a rule based
  Customize based on condition in 1
  Create a rule for when Service is "Enable". Select identity source as RSA in this case

• So i have a 2011 MacBook Pro and when i turned it on this morning a flashing folder came on with a question mark in the middle of it and it keeps flashing. So i tried googling any solutions and up so far nothing has worked. Please Help ?

  I tried googling several solutions, but so far nothing seems to work. Everytime i start up my laptop i press CMND+R to make it go to the repair disk utility but instead it takes me as if i have to install lion when i had Snow Leopard 10.6.8. When i do go to the repair disk utility, on the eft hand side shows two hardrives one is Untitled and another is Hitachi, i tried downloading snow leopard 10.6.8 onto a Re-writable disc  using my windows computer. When i insterted it onto the disc drive it came out under SUPER DRIVE and everytime i double click on the CD it says something about attaching images/ I also forgot to mention that the MAC OSX 10.6.8 Update shows on the left hand side on the bottom in DMG format. I dont know what else to do, please help?

  DestroyGalaxies wrote:
  a flashing folder came on with a question mark in the middle of it
  This is the firmware telling you it can't find a bootable OS X volume.
  Usually to solve this all you do is hold the option key down on the built in keyboard while booting the computer, this enters Startup Manager and then you choose OS X to boot, then in System Preferences > Startup Disk you change it to the boot volume and it tells the firmware.
  Everytime i start up my laptop i press CMND+R to make it go to the repair disk utility but instead it takes me as if i have to install lion when i had Snow Leopard 10.6.8.
  What you have is a 10.7 or 10.8 Recovery HD from when 10.7 or 10. was on the machine previously.
  The Macintosh HD partition only was erased and 10.6 installed on it, without erasing the entire drive like what should have occured to remove the Recovery HD partition.
  So you have a mucked up machine.
  i tried downloading snow leopard 10.6.8 onto a Re-writable disc  using my windows computer.
  Well there goes your problem there, your downloading illegal copies of Snow Leopard from a untrusted location.
  10.6 is not available for download, except from pirate sites. You likely have malware or a compromised system.
  I dont know what else to do, please help?
  What you need to do is call Apple via phone, tell them the make of your machine and order the appropriate 10.6 disks, they are inexpensive now. Some machines that came with 10.6.3+ origianlly need machine specific disks, other wise pre-10.6.3 Intel Macs can use the 10.6.3 white retail disks.
  Once you have the disks, you need to backup your personal information off the computer to a external storage drive using the emergency quick copy method, then disconnect it to prevent mistakes.
  Most commonly used backup methods
  Next follow this proceedure and make sure to select the ENTIRE drive on the far left with the drive makers name and size, this will erase the entire drive, then install 10.6 from the disk
  How to erase and install Snow Leopard 10.6
  When finished setup the machine and log onto the Internet and use Software Update to get current on 10.6.8
  Don't use pirated software, it's likely been compromised in some fashion.

• Since upgrading to Mavericks, 10.9.1, pictures that come attached to emails no longer display.  There is only a blank space that after about 1 minute, has a small box with a question mark.  How can I go back to attached images?

  Since upgrading to Mavericks, 10.9.1, pictures that come attached to emails no longer display.  There is only a blank space that after about 1 minute, has a small box with a question mark.  Double clicking on the box will open the image in a separate window.  It's very slow and tedious for multiple images.  How can I go back to attached and displayed  images?  If I click on "Forward", the images appear instantly in the email to be forwarded.

  Scott,
  My problem seemed to fix itself.  Or, by shutting down the computer one night, instead of putting it to sleep, may have reset something.  Since updating to Mavericks, I always (or usually) let the computer sleep overnight or anytime I'm walking away from it.  A few days ago, I was updating notes for my kids about how to find all my stuff and how to turn on my computer, so I wanted to rewrite the start-up procedures for the iMac, just in case they ever need to.  Well, I shut it down one night so the following morning, I could write down each step.  Lo and behold, the images, etc. are all there again!  Solved, but I'm not sure why.
  Tom

• I keep getting the little blue box with the question mark

  Hi
  I have 10.6.7 system software and my safari is 5.0.4
  I have called apple twice with this problem already but nothing has helped except for short times.
  I have reset safari about one dozen times and when I do I reset the top 7 items and I've emptied the cache in addition just in case. I've also taken my safari preference plist out of my library and trashed it.
  And I've run disk utilities many times and restarted my computer. Each thing I do will solve the problem for a short time, even up to a day or more (or less) but then it comes back. For instance on Facebook maybe 1/8th of the thumbnail images have the little blue boxes with the question marks but most don't. I can't figure it out. Sometimes even the iPAD safari gets them too but my firefox doesn't show them and neither does Safari on my eMac.
  Yesterday the question marks even showed up in ONE mailing on all 3 computers with the question marks in the blue boxes (meaning my iMac, my eMac and my iPad) but then it just all resolved after a few hours. This does sound like possibly a server problem except today it's happening (in Safari again) only on this iMac in Safari (not firefox) and not on the other two devices.
  One more thing, since they changed my radio on the roof for my wireless internet, the 5.8 phone cuts out the internet when I use it. The problem has gotten worse since they changed the radio to the same frequency as the phone, it's a much faster service than the 2.4 radio. I don't know if this is related or not.
  Thank you,
  Martha

  <Contact your ISP.
  Is it possible, Carolyn, that this would mainly and almost always be only affecting the iMac and Safari in the iMac if it were a server issue? Right now Safari has more blue boxes with question marks than ever and the eMac and iPad have none. Firefox on the iMac has none also.
  I should try a direct connection and by pass the router and see if that makes a difference.
  I will contact them tomorrow but I want to get clear in my head first all the facts and possibilities.
  Thanks!
  Martha

• HT204088 Dear sirs,  Could you please help me on my problem with my apple ID  I create new account with security questions, and when I try to purchase paid application,it ask me for answers the questions but it's not working,  My account have 50$ and stil

  Dear sirs,
  Could you please help me on my problem with my apple ID
  I create new account with security questions, and when I try to purchase paid application,it ask me for answers the questions but it's not working,
  My account have 50$ and still didn't buy anything

  You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
  (100546)