Radius authentication for the browser-based webtop

Similar Messages

• Radius authentication for the enable password

  Dear Sir
  I have an ACS and I have many switches in the network. I used to secure the telnet and
  enable access to these switches with tacacas+ authentication protocol. so the username and
  password is taken form the ACS internal database. Also the enable password is taken from
  the ACS. Today we changed the tacacas+ to Radius because we use the 802.1x framework on
  the wired network. Dot1x authentication worked fine and when you try to telnet to the
  switch the username and password is taken but the enable password isnot taken from the
  ACS. When I check the configuration on the ACS under the user page I found a checkmark to
  use the enable password as the PAP password of the user but this is only under tacacs+
  settings how can I make this for Radius This is my question. Please answer me asap. It is
  urgent.
  Thanks,

  Dear iqambhir
  Thank you very much for your help.
  I already did that but this makes the enable pasword shared with all users and we don't want that.
  I want the enable password to be taken as the PAP password of the user who tries to login but I didn't find that with radius. This option is there with tacacas+.
  I want to know why the router or the switch sends that user " $enab15$ ". Is this bug on the system?
  Pleae, If there is any other way to authenticate the enable password with the radius submit it.
  Thanks alot,

• RADIUS Authentication for Guest users

  Hi,
  I currently use a 4402 WLC located in our DMZ to authenticate Guest users - local authentication is in place.  I would not like to setup RADIUS authentication via a Cisco NAC server.  In order not to affect current guest users, I created a new WLAN and configured with RADIUS server details under WLANs->Edit->Security.  I can associate to new WLAN and obtain a DHCP address no problem, but when I browse to an external website, I do not get prompted for authentication from the RADIUS server.  I don't see any auth requests hitting our firewal, so am assuming the problem is with the WLC config.
  Can anyone provide any details of what config is required?
  Security Policy - Web-Auth
  Security-> L2 - None
  Security-> L3 - Authentication
  Security-> AAA Servers - Auth and Acc server set
  Many thanks
  Liam

  your setup sounds pretty okay. have you got local user accounts set up on the WLC for the test WLAN? if you do, check to see that the priority order for web authentication for the test WLAN prefers the AAA account. you will have to do it directly on your controller as i do not think you have that option in WCS.
  hope that helps

• NAC guest server with RADIUS authentication for guests issue.

  Hi all,
  We have just finally successfully installed our Cisco NAC guest server. We have version 2 of the server and basically the topology consists of a wism at the core of the network and a 4402 controller at the dmz, then out the firewall, no issues with that. We do however have a few problems, how can we provide access through a proxy without using pak files obviously, and is there a way to specify different proxies for different guest traffic, based on IP or a radius attribute etc.
  The second problem is more serious; refer to the documentation below from the configuration guide for guest nac server v2. It states that hotspots can be used and the Authentication option would allow radius authentication for guests, I’ve been told otherwise by Cisco and they say it can’t be done, has anyone got radius authentication working for guests.
  https://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_hotspots.html
  -----START QUOTE-----
  Step 7 From the Operation mode dropdown menu, you can select one of the following methods of operation:
  •Payment Provider—This option allows your page to integrate with a payment providing billing system. You need to select a predefined Payment Provider from the dropdown. (Refer to Configuring Payment Providers for details.) Select the relevant payment provider and proceed to Step 8.
  •Self Service—This option allows guest self service. After selection proceed to Step 8.
  •Authentication—This option allows RADIUS authentication for guests. Proceed to Step 9.
  ----- END QUOTE-----
  Your help is much appreciated on this, I’ve been looking forward to this project for a long time and it’s a bit of an anti climax that I can’t authenticate guests with radius (We use ACS and I was hoping to hook radius into an ODBC database we have setup called open galaxy)
  Regards
  Kevin Woodhouse

  Well I will try to answer your 2nd questions.... will it work... yes.  It is like any other radius server (high end:))  But why would you do this for guest.... there is no reason to open up a port on your FW and to add guest accounts to and worse... add them in AD.  Your guest anchor can supply a web-auth, is able to have a lobby admin account to create guest acounts and if you look at it, it leaves everything in the DMZ.
  Now if you are looking at the self service.... what does that really give you.... you won't be able to controll who gets on, people will use bogus info and last but not least.... I have never gotten that to work right.  Had the BU send me codes that never worked, but again... that was like a year ago and maybe they fixed that.  That is my opinion.

• RADIUS Authentication for Enable PW

  Hi Everyone,
  I have my RADIUS authentication working for login passwords but not for the enable password. My config is below;
  aaa new-model
  aaa authentication login default group radius local
  aaa accounting network default start-stop group radius
  When I add the command;
  aaa authentication enable default group radius enable
  I would expect it to allow me to enter my RADIUS pw for the enable one to, but it doesnt. Nor does it allow me to enter the locally configured one?
  Any help would be great,
  Thanks,
  Dan

  Thanks for your reply Rick,
  The debug output is below;
  L2-SW01>
  00:03:02: RADIUS: Authenticating using $enab15$
  00:03:02: RADIUS: ustruct sharecount=1
  00:03:02: RADIUS: Initial Transmit tty0 id 3 x.x.x.x:1812, Access-Request,
  len 72
  00:03:02: Attribute 4 6 AC14024F
  00:03:02: Attribute 5 6 00000000
  00:03:02: Attribute 61 6 00000000
  00:03:02: Attribute 1 10 24656E61
  00:03:02: Attribute 2 18 524FB069
  00:03:02: Attribute 6 6 00000006
  00:03:02: RADIUS: Received from id 3
  x.x.x.x:1812, Access-Reject, len 20
  00:03:02: RADIUS: saved authorization data for user E49424 at 93C6DC
  L2-SW01>
  L2-SW01>
  I am using IAS for RADIUS authentication and I cannot find any option to say "allow enable access".
  Any ideas?
  Cheers,
  Dan

• Radius authentication for privileged access

  Hello,
            I have configured Cisco 6513 for radius authentication with following commands.
  aaa new-model
  aaa authentication login authradius group radius line
  aaa accounting exec acctradius start-stop group radius
  radius-server host <radius-ip> auth-port 1812 acct-port 1646 key 6912911
  line vty 0 4
  accounting exec acctradius
  login authentication authradius
       This is working pretty fine. I want to configure radius authentication for priviledged access / for enable access.
       I am using TeKRadius as Radius server.
       Please help.
  Thanks and Regards,
  Pratik

  Hi Pratik
  Sorry I mostly use only TACACS+ for AAA as it provides better granularity of access controls.
  You'll need to make some specific changes to your RADIUS config so that nominated users ( the ones you want to be able to go to enable mode ) get put straight into enable mode upon login.
  There's a guide here http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/ which details the steps if you're using the Microsoft IAS radius server - you should be able to figure out that changes you need to make to your own server from there.
  Nick
  Message was edited by: NickNac79 - Spelt the OP's name wrong, sorry.

• Any fix for the PC based network printer communication issue with Mavericks?

  Any fix for the PC based network printer communication issue with Mavericks?

  I just signed up for FIOS and am not experiencing your problem (had enough other ones instead).
  Go to mail preferences ~ click on a mail account ~ click on the advanced tab. The only settings that worked for me were: port 110 SSL OFF, authentication: Authenticated POP (APOP). If I remember correctly when I first set this up another window opened and I typed in my password and never had to do that again.
  Hope this helps.

• I cannot add a Wi-Fi guest network. Gone to Utilities Airport Utilities and all get is an image/browser of my Airport Extreme. Looking for the browser which has the title Wireless but cannot find anywhere. I need help?

  I cannot add a Wi-Fi guest network. Gone to Utilities>Airport Utilities and all I get is an image/browser of my Airport Extreme. Looking for the browser window which has the title Wireless but cannot find anywhere. What am I doing wrong?

  Open AirPort Utility. The first screen looks something like this:
  Click on the AirPort Extreme and another screen will appear. Click Edit, then the window with the Wireless tab will appear.
  If you do not see these screens, you will need to start over and configure your AirPort again.

• The back button no longer works. I have disabled all add-ons, rebooted & reset the defaults for the browser and nothing has changed. This happens on all webpages.How do I get the back button to light up again?

  the back button no longer works. I have disabled all add-ons,rebooted & reset the defaults for the browser and nothing has changed. This happens on all webpages.How do I get the back button to light up again?

  Start Firefox in <u>[[Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.com/kb/Safe+Mode
  If it does work in Safe-mode then disable all extensions and then try to find which is causing it by enabling one at a time until the problem reappears.
  *Use "Disable all add-ons" on the [[Safe mode]] start window to disable all extensions.
  * Close and restart Firefox after each change via "File > Exit" (Mac: "Firefox > Quit"; Linux: "File > Quit")
  Another possible cause is a problem with the file places.sqlite that stores the bookmarks and the history.
  *http://kb.mozillazine.org/Bookmarks_history_and_toolbar_buttons_not_working_-_Firefox
  *https://support.mozilla.com/kb/Bookmarks+not+saved#w_places-database-file

• Message split on adapter engine for the java based IDoc adapter

  Hi Guys,
  Do you know if message split on adapter engine is available for the java based IDoc adapter on the single stack (PI 7.31)?
  I'm getting such exception when I try to post 3 IDocs
  Transmitting the message to endpoint <local> using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.idoc.exception.IDOCAdapterException: Error before sending due to idoc parsing error: (7) IDOC_ERROR_PARSE_FAILURE: Invalid XML 1.0 character encountered within IDocXML for type <ns0:Messages>:
  state=EXPECTING_IMMEDIATE_TAG_END, charPosition=68, lineNumber=1, columnNumber=69, invalidChar=U+0078,
  sourceSnippet=...UTF-8" standalone="no"?><ns0:Messages xmlns:ns0="http://sap.com/xi/XI/SplitAndMerge"><ns0:Message1><...
  ^
  Mapping is one to many.
  Each IDoc content has been compared manually against the xsd schema and it was fine.  
  I know that old way of modifying xsd is still possible.
  Best regards,
  Wojciech

  Did you find a solution to this? Having a similar error right now.
  Thanks and kind regards
  Jens

• [svn:osmf:] 10589: Updated the readme. txt for the VASTSample based on feedback in the OSMF forum.

  Revision: 10589
  Author:   [email protected]
  Date:     2009-09-25 10:15:31 -0700 (Fri, 25 Sep 2009)
  Log Message:
  Updated the readme.txt for the VASTSample based on feedback in the OSMF forum.
  Modified Paths:
      osmf/trunk/apps/samples/libs/VASTSample/readme.txt

  A good solution. Liked it very much. Can you please make it a technet blog for others.
  [email protected]

• Condition to test for the browser closing/refreshing

  I have an applet that rotates pictures in a html file. I have it in an eternal loop to keep it running. It loads fine, but if you refresh or try to close the browser, the browser locks. Without question this happens because the loop does not test for the browser closing or refreshing so the loop never stops. Does anyone have an idea of a Java condition to test for the browser closing/refreshing so I can stop my loop when these events occur.

  The applets stop message should be called on a reload and/or a close. You could set a flag in your stop method that could be checked by a thread that actually sits and loops.
  When the flag is set, kill the tread.
  You should clear that flag in your start method.
  I have an applet that rotates pictures in a html file.
  I have it in an eternal loop to keep it running. It
  loads fine, but if you refresh or try to close the
  browser, the browser locks. Without question this
  happens because the loop does not test for the
  browser closing or refreshing so the loop never
  stops. Does anyone have an idea of a Java condition
  to test for the browser closing/refreshing so I can
  stop my loop when these events occur.

• Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. Tokens of that type cannot be accepted according to current security settings.

  i am using a custom binding in the BTS Adapter with the following elements (similar to TransportWithMessageCredential with both the client and the server certs)
   encoding (soap11)
   https transport
  Security : CertificateOverTransport
  Problem: the request is sent successfully, but when i receive the response in BizTalk i get the following error
  System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. ,after turning on tracing in the WCF Trace the following error is present "Tokens of that type
  cannot be accepted according to current security settings. "
  Solutions tried
  1) Changed the security to MutualCertificate , this time request also fails with the following error message  The remote endpoint did not provide a domain name system (DNS) claim and therefore did not satisfied DNS identity 'xxxx.com'.
  This may be caused by lack of DNS or CN name in the remote endpoint X.509 certificate's distinguished name.
  Binding configuration
   <behaviors>
        <endpointBehaviors>
          <behavior name="EndpointBehavior">
            <clientCredentials>
              <clientCertificate findValue="XXXXXXXXXXXXXXX" x509FindType="FindByThumbprint" />
              <serviceCertificate>
                <defaultCertificate findValue="XXXXXXXXXXXX" storeName="TrustedPeople" x509FindType="FindByThumbprint" />
                <authentication certificateValidationMode="None" revocationMode="NoCheck" />
              </serviceCertificate>
            </clientCredentials>
          </behavior>
        </endpointBehaviors>
        <serviceBehaviors>
          <behavior name="ServiceBehavior" />
        </serviceBehaviors>
      </behaviors>
      <bindings>
        <customBinding>
          <clear />
          <binding name="XXXXXXXXX">
            <textMessageEncoding messageVersion="Soap11" />
            <security allowSerializedSigningTokenOnReply="true" authenticationMode="CertificateOverTransport" requireDerivedKeys="false" securityHeaderLayout="Lax" messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
  requireSecurityContextCancellation="false">
              <secureConversationBootstrap />
            </security>
            <httpsTransport />
          </binding>
        </customBinding>
      </bindings>
  Thanks -Madhu

  Please refer to the similar discussion:
  http://social.msdn.microsoft.com/Forums/en-US/6a3d38ee-30ca-43fb-b906-6e95808df69d/cannot-find-a-token-authenticator-for-the-systemidentitymodeltokensx509securitytoken-token?forum=wcf

• Each time I open my Firefox browser, the tab from the last time opens. I have the browser set to open on my home page, not to the tab from the last time. I keep trying to save the setting for the browser to open on my home page but it doesn't.

  Each time I open my Firefox browser, the tab from the last time opens. I have the browser set to open on my home page, not to the tab from the last time. I keep trying to save the setting for the browser to open on my home page but it doesn't.

  Try to create a new profile as a test to check if your current profile is causing the problems.
  See "Basic Troubleshooting: Make a new profile":
  *https://support.mozilla.org/kb/Basic+Troubleshooting#w_8-make-a-new-profile
  There may be extensions and plugins installed by default in a new profile, so check that in "Tools > Add-ons > Extensions & Plugins" in case there are still problems.
  If the new profile works then you can transfer some files from the old profile to that new profile, but be careful not to copy corrupted files.
  See:
  *http://kb.mozillazine.org/Transferring_data_to_a_new_profile_-_Firefox
  Do a malware check with some malware scanning programs on the Windows computer.<br />
  You need to scan with all programs because each program detects different malware.<br />
  Make sure that you update each program to get the latest version of their databases before doing a scan.<br /><br />
  *http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
  *http://www.superantispyware.com/ - SuperAntispyware
  *http://www.microsoft.com/security/scanner/en-us/default.aspx - Microsoft Safety Scanner
  *http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
  *http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
  You can also do a check for a rootkit infection with TDSSKiller.
  *http://support.kaspersky.com/viruses/solutions?qid=208280684
  See also:
  *"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked

• Upgraded from 3.6 to 7 - changed nothing else - now takes 50-60 seconds to for the browser to start - works OK after that as long as I keep a window open. I then diabled all plug ins and extenstions - still 60 seconds to load browser.

  I upgraded from 3.6 to 7 - changed nothing else - now takes 50-60 seconds to for the browser to start - works OK after that as long as I keep a window open. I then disabled all plug ins and extensions - still 60 seconds to load browser. I also keep getting a high memory warning from AVG with mem usage up to 600,000 k

  I upgraded from 3.6 to 7 - changed nothing else - now takes 50-60 seconds to for the browser to start - works OK after that as long as I keep a window open. I then disabled all plug ins and extensions - still 60 seconds to load browser. I also keep getting a high memory warning from AVG with mem usage up to 600,000 k