Using root bridge as a fallback radius server for WPA and EAP
From reading the different documentation out there, it seems that one should be able to configure a root bridge as a fallback radius server in case a primary radius server were to be unreachable. Has anyone encountered this situation? And could they share the steps and configuration statements to apply the bridges (1310 or 1410) in order to make this happen?
Many Thanks and Regards,
Giles -
Yes, you have to first configure a root bridge as a fallback radius server in case a primary radius server were to be unreachable
Similar Messages
-
Use Open Directory on Mac OS X Server for Airport authentication?
Is it possible to set up an Airport Extreme network so that only people with user names and passwords in the Open Directory on my Mac OS X Server can access it?
I'm picturing a scenario where users would be prompted for the same user name and password they use for other network services when they attempt to join the wireless network.
Our Airport Extreme access point is connected to the second Ethernet port on an original-model XServe that's running Mac OS X Server 10.3.9 (soon to be upgraded to 10.4.x).Is it possible to set up an Airport Extreme network
so that only people with user names and passwords in
the Open Directory on my Mac OS X Server can access
it?
I'm picturing a scenario where users would be
prompted for the same user name and password they use
for other network services when they attempt to join
the wireless network.
Our Airport Extreme access point is connected to the
second Ethernet port on an original-model XServe
that's running Mac OS X Server 10.3.9 (soon to be
upgraded to 10.4.x).
What you seem to be describing, is WPA2/Enterprise level security. This would require you to run some type of Radius Server on your XServe, and you would simply duplicate the name & password they use on the XServe on the Radius Server. BTW, this is considered one of the most secure methods of running a wireless network in the corporate world.
You will however, have to research Radius & it's requirements, as I have not yet implemented that on my own system. HTH.
Regards,
Albert
G4 QuickSilver01 OWC 1.47Ghz CPU 1.5GB RAM 740GB HDD Mac OS X (10.4.3) 17" Aluminum PowerBook G4 1.33Ghz CPU 1.5GB RAM 80GB HD -
Radius server for 802.1x port authentication
Does anybody know if CiscoSecure for Unix version 2.3.6.2 can be used as a Radius server for 802.1x port authentication? I know the Windows version will do this and can be configured to assign a user to a specific VLAN, but can the UNIX software do the same?
ThanksCheck connectivity between the PIX and the server.
If the server is outside the PIX, verify that it is specified in the (if_name) parameter of the aaa-server command. In the example below, the (if_name) parameter represents outside.
aaa-server group_tag (if_name) host server_ip key timeout 5
If you are using TACACS+, verify that the PIX and server are communicating on the same port (Transmission Control Protocol (TCP)/49).
If you are using RADIUS, verify that the PIX and server are communicating on User Datagram Protocol (UDP) port 1645. Or, if the RADIUS server is using port 1812, verify that the PIX is using software version 6.0 or later, and then issue the aaa-server radius-authport 1812 command to specify port 1812.
Ensure that the secret key is correct.
Check the server logs for failed attempts. All servers have some kind of logging function. -
Single directory Server for Messaging and Portal
We are trying to unify our directory services.
At present, there two directory servers, one for iPlanet messaging 5.2 and another for Portal server 6.0.
Messaging's Directory server is v5.1 and Portal's Directory server is v5.2. Their BaseDN is same.
Now, What we are planning to do is as below.
1. LDIF everything from Msgr Directory and import into Portal's Directory.
2. Point Msg Server to the Portal's directory.
But, we are not sure what to export or how to tell messaging server to look at the Portal's Directory. Any help will be greatly appreciated!!!
Thanks
SriniWhat you are trying to do is non-trivial.
Setting the ldap server for user and groups on the mail server is easy enough -- look at the output of configutil and you will find the values of local.ugldap*
define the values you need to change.
e.g.:
local.ugldapbasedn
local.ugldapbindcred
local.ugldapbinddn
local.ugldaphost
local.ugldapport
etc.
These are all listed in the messaging reference manual.
You need to ensure that the schemas of the two apps. match. For example, if you are using schema 1 for mail and schema 2 for the portal (quite likely), there will be a lot more work to do on the directory than simply moving the user entries accross and merging them.
Unless you have done this sort of thing before, or feel very comfortable and knowlegable about how the messaging server in partuicular works with LDAP, I would suggest that you seriously consider getting help from Sun Professonal Services. -
Mac OS X attempts to poll server for PortMixerProvider and DirectAudioDevic
When running my applet on Mac OS X using Safari and Firefox, for the most part,
sound seems to work, but sometimes our game screen hiccups while the
applet tries to search our server for PortMixerProvider and
DirectAudioDeviceProvider [See Java Console output at the bottom of
this message]
It seems that the applet is searching in the server location of the
JAR for the Providers, which usually indicate that they don't exist,
but then I don't understand why I sometimes hear sound without
incident.
As this is happening during game play, I need to find a solution to either stop these requests to the server or at least delay them until the end of the game session.
[JAVA CONSOLE VERSION INFO]
Java Plug-in 1.5.0
Using JRE version 1.5.0_13 Java HotSpot(TM) Client VM
Browser: Safari
[JAVA CONSOLE OUTPUT]
network: Connecting http://MYWEBSITE/META_INF/com/sun/media/sound/PortMixerProvider.class
with proxy=DIRECT
network: Connecting http://MYWEBSITE/META_INF/com/sun/media/sound/PortMixerProvider.class
with cookie "_session_id=ee767a9d5c7d1625385c890da92b0929"
network: Server http://MYWEBSITE/META_INF/com/sun/media/sound/PortMixerProvider.class
requesting to set-cookie with
"_session_id=ee767a9d5c7d1625385c890da92b0929; path=/"
network: Connecting http://MYWEBSITE/my_account/login with
proxy=DIRECT
network: Connecting http://64.128.14.171/my_account/login with cookie
"_session_id=ee767a9d5c7d1625385c890da92b0929"
network: Server http://MYWEBSITE/my_account/login requesting to set-
cookie with "_session_id=ee767a9d5c7d1625385c890da92b0929; path=/"
basic: Last modified time and/or expiration value is not available.
Jar file will not be cached.
network: Connecting http://MYWEBSITE/META_INF/com/sun/media/sound/PortMixerProvider.class
with proxy=DIRECT
network: Connecting http://MYWEBSITE/META_INF/com/sun/media/sound/PortMixerProvider.class
with cookie "_session_id=ee767a9d5c7d1625385c890da92b0929"
network: Server http://MYWEBSITE/META_INF/com/sun/media/sound/PortMixerProvider.class
requesting to set-cookie with
"_session_id=ee767a9d5c7d1625385c890da92b0929; path=/"
network: Connecting http://MYWEBSITE/my_account/login with
proxy=DIRECT
network: Server http://MYWEBSITE/my_account/login requesting to set-
cookie with "_session_id=ee767a9d5c7d1625385c890da92b0929; path=/"
network: Connecting http://MYWEBSITE/META_INF/com/sun/media/sound/DirectAudioDeviceProvid...
with proxy=DIRECT
network: Connecting http://MYWEBSITE/META_INF/com/sun/media/sound/DirectAudioDeviceProvid...
with cookie "_session_id=ee767a9d5c7d1625385c890da92b0929"
network: Server http://MYWEBSITE/META_INF/com/sun/media/sound/DirectAudioDeviceProvid...
requesting to set-cookie with
"_session_id=ee767a9d5c7d1625385c890da92b0929; path=/"
network: Connecting http://MYWEBSITE/my_account/login with
proxy=DIRECT
network: Connecting http://MYWEBSITE/my_account/login with cookie
"_session_id=ee767a9d5c7d1625385c890da92b0929"
network: Server http://MYWEBSITE/my_account/login requesting to set-
cookie with "_session_id=ee767a9d5c7d1625385c890da92b0929; path=/"
basic: Last modified time and/or expiration value is not available.
Jar file will not be cached.
network: Connecting http://MYWEBSITE/META_INF/com/sun/media/sound/DirectAudioDeviceProvid...
with proxy=DIRECT
network: Connecting http://MYWEBSITE/META_INF/com/sun/media/sound/DirectAudioDeviceProvid...
with cookie "_session_id=ee767a9d5c7d1625385c890da92b0929"
network: Server http://MYWEBSITE/META_INF/com/sun/media/sound/DirectAudioDeviceProvid...
requesting to set-cookie with
"_session_id=ee767a9d5c7d1625385c890da92b0929; path=/"
network: Connecting http://MYWEBSITE/my_account/login with
proxy=DIRECT
network: Server http://MYWEBSITE/my_account/login requesting to set-
cookie with "_session_id=ee767a9d5c7d1625385c890da92b0929; path=/"I have more background on this problem, but no solution. I see this happening everytime I try to record audio using my applet running under Firefox 3 (Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9) Gecko/2008061004 Firefox/3.0) and OS X 10.5.3.
The program runs perfectly using the AppletViewer.
I created a JAR file, sunaudio.jar, containing the com.sun.media.audio classes and the JavaSound SPI meta-files, put it in the same directory as my applet's JAR and changed my Web page to look like
<applet ... archive="myapplet.jar,sunaudio.jar">
</applet>
... and though I could see the browser request and receive the sunaudio.jar file from the server, it nevertheless requested com/sun/media/sound/DirectAudioDeviceProvider.class immediately thereafter.
Have you submitted a bug to Apple? If not, I will. -
How do I convert my Windows 7 Folder to an ISO image to burn to my USB Flash drive (16GB) in order to use Bootcamp Assistant to partition my MacBook Pro for Mac and Windows?
Sorry - confusing - My question has NOT been solved yet - can anyone help?
-
Well my sister lives in US and she just handed me her old iphone 3gs. The phone was locked to AT&T .While trying to acees it an error message is popping up that Iphone is disable,Please connect to itunes.Well i downloaded a new version of itunes and while connecting it in recovery mode and tryuing to update it it is giving an error.i asked my sister to unlock the phone so i could use it on any network .she has applied for it and will get the code in one week. What should i do?? Please help.
Restore the device as new with an AT&T SIM card or wait until it is unlocked and restore as new with another carriers SIM.
-
how do i migrate files from a imac to macbook pro using an ethernet cable. the migration program asks for firewire and i don't own a fireWire. I do own an ethernet cable though
A FW cable would be far faster & Easier, but with Ethernet you need a compatible version of Migration Assistant running on both Macs.
-
I've been using Photoshop Elements 2 on my Vista PC for years and it has stopped booting?
I've been using Photoshop Elements 2 on my Vista PC for years and it has stopped booting?
Hi there! Because the forum you originally posted in is for beginners trying to learn the basics of Photoshop, I moved your question to the Photoshop Elements forum, where you'll get more specialized help.
Best,
Julia -
Bridging a WPA2 Enterprise Radius Server (Lion Server) to Apple TV
Hello,
I was wondering if anyone can help me out with this setup that I have with Lion Server. Recently I set up my Airport Extreme to use Radius and bind it to my Lion Server for Authentication. Radius works with most of my devices, except for my ATV2 (which is in a different room from the AIrport Extreme.) As most of you may know, ATV2 doesn't support WPA2 Enterprise networks.
Ideally what I would like to do is have the Apple TV connect to my wireless network for all of my videos that are shared on a HD connected to my Lion Server. I was thinking about looking for a WPA2 enterprise wireless bridge with an Ethernet port so that I can connect the ATV to the bridge and have the bridge connect to my Airport Extreme. However, here is what I can not figure out. How can I get that bridge to authenticate to the Radius Server on Lion Server? From my understanding the Radius service on the Lion Server uses its own proprietary radius server to where I couldn't get the bridge to cnnect.
Please let me know your thoughts. If it helps, I have a 1st generation TC that I can place in the other room. However, I couldn't see any functionality in Airport Utility that would allow me to bridge that box to the WPA 2 Enterprise network.Hello,
I was wondering if anyone can help me out with this setup that I have with Lion Server. Recently I set up my Airport Extreme to use Radius and bind it to my Lion Server for Authentication. Radius works with most of my devices, except for my ATV2 (which is in a different room from the AIrport Extreme.) As most of you may know, ATV2 doesn't support WPA2 Enterprise networks.
Ideally what I would like to do is have the Apple TV connect to my wireless network for all of my videos that are shared on a HD connected to my Lion Server. I was thinking about looking for a WPA2 enterprise wireless bridge with an Ethernet port so that I can connect the ATV to the bridge and have the bridge connect to my Airport Extreme. However, here is what I can not figure out. How can I get that bridge to authenticate to the Radius Server on Lion Server? From my understanding the Radius service on the Lion Server uses its own proprietary radius server to where I couldn't get the bridge to cnnect.
Please let me know your thoughts. If it helps, I have a 1st generation TC that I can place in the other room. However, I couldn't see any functionality in Airport Utility that would allow me to bridge that box to the WPA 2 Enterprise network. -
Cisco 5508-WLC using MS NPS as RADIUS Server for EAP-TLS
Has anyone experienced a problem getting a Cisco WLC to work with MS NPS server? We've done it before albeit with differnt code versions.
I have a Cisco 5508 WLC running 7.0.116.0 code hosting a WLAN configured for WPA2 with 802.1x for authentication. I have two Windows NPS servers configured as the RADIUS servers for EAP-TLS authentication. Via debug info on the WLC I can see the 802.1x handshake take place with the wireless client and the WLC as well as a successful transmission of an Authentication Packet from the WLC to one of the RADIUS servers. However on the WLC I see repeated RADIUS server x.x.x.x:1812 deactivated in global list and on the NPS server I'm seeing event log errors indicating "The Network Policy Server discarded the request for a user" along with the pertinent auth request info that I would expect the NPS server to receive from the WLC.
Based on the WLC debug info I'm never actually getting to the EAP-TLS certificate authentication part. It seems the NPS servers don't like the format of the initial RADIUS authentication request coming from the WLC and so don't respond whcih in turn casues to WLC to switch to the other NPS server which produces the same issue.
Any ideas of what might be the issue or misconfiguration?Jim,
I wanted to know if you can setup wireshark on both of the boxes and see if your are hitting the following bug:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti91044
It looks as if the WLC is retransmitting the client traffic from one radius session with primary over to the secondary in which the radius state attribute that was assigned from the primary server is probably hitting the secondary server. Therefore if the state attribute isnt assigned from the secondary server it will discard the packet.
May need to open a TAC case to see if this issue is on the 550x controllers also.
Thanks,
Tarik -
Setting Radius server for Airport Extreme
Hi all,
I have AP Airport Extreme. I updated it to the latest version of firmware and Airport utility.
I am trying to set the AP to connect to Microsoft Radius server (Windows server 2003). The problem is that in the security, I don't have WPA/WPA2 Enterprise. I only have WPA/WPA2 personal. I do have option to configure the radius properties (IP, Port, etc'...).
What should I do in order to set my AP to connect to Microsoft Windows server 2003?
Thanks for your help.About the only one I'm aware of is the D-Link DPR-1260, which supports up to 4 printers. I have the predecessor to this print server, but it was horribly unreliable, requiring a reboot at least once a day, so YMMV. I settled on a Buffalo WLI-TX4-G54HP wireless-to-Ethernet bridge (with built-in 4-port Ethernet switch) and use my Belkin F1UP0001 in Ethernet mode. This combination gives me the option of adding network-enabled printers at a later date.
-
Radius server for Sun Java directory Server?
I want to know what products does offer Sun for provide a radius server using the Sun Java Directory Server..
I have only seen Sun Access Manager, but it is a complex/expensive product for use only the radius server
RegardsNope
This is part of the Oracle Lifetime Support policy:
http://www.oracle.com/us/support/lifetime-support/index.html
'OLD' products can/may still be supported under *SPECIAL* support contracts. So if you're entitled to its support, you can access it. Otherwise, I'm afraid the answer is no.
HTH,
Marco -
I am studying Routing & Switching, but I also need to have a general understanding of the security features: AAA authentication, dot1x etc. It is probably the weakest link in my chain of knowledge because I have never used those
features.
I really need to play with the protocols in the lab to get a basic understanding of them. Is there some cut-down Radius server, preferably freeware running on a PC, that can be used for basic lab work? Can someone guide me through obtaining and installing it?
Kevin Dorrell
LuxembourgHi Kevin
You should be able to get an eval license for Cisco's Secure ACS that you could use in the lab. It is free for download on the Cisco site.
It does run out after 3 months so it depends on how long you need it for.
The other option is to use the Microsoft Radius server (IAS) which comes with the W2K Advanced server. I haven't used it so i can't really comment other than that.
HTH
Jon -
When I use Adobe Bridge with PSE 8 is asks for my serial
I just launched Photoshop Elements 8 for Mac and chose to use Adobe Bridge to find images. Adobe Bridge opened and I found the image I wanted but when I double-clicked on the image a Photoshop Set-up dialogue box appears asking for my serial. So, I found my serial in my email because I bought the digital download and it says my serial is wrong. The weird thing is is that PSE is running and works fine. So why is Adobe Bridge asking me for my serial and rejecting it?
thanks
JerrySubversion is a program/system that stores files on a server, does versioning, etc. We use it principally for code management but also for our image files. It integrates into Windows explorer so you can check-in/check-out files, etc.
I was just wondering if there was a way to use Adobe Bridge as the front-end for it somehow.
Maybe you are looking for
-
I use PS Tools Performance Toolkit to clean/repair my (Vista) registry. When the utility runs, Firefox closes. When I start Firefox again, the appearance on screen has been reset to default -- no menu bar and the the web address line is scrambled. Al
-
How to create a info structure for product allocation functionality
Hi Experts, how to create a info structure for product allocation functionality For allocating fixed quantities to the specified customers at sales order Especially i need help in selecting the key figures and key charecterstics for at mc21 and mc24
-
Someone please tell me how to get the full app back without purchasing it again and having for pay £3 again?
-
Actions and EEWB (Business Transactions)
Hi, I've extended a business transaction (service ticket) with 5 new fields using EEWB. I'm creating a new action to print out a letter. I want it to print only if one of the new fields is filled in. - The action works fine if I trigger it on a stan
-
Super simple bash music player
I've got this little script that continuously plays random songs: #!/bin/sh songs=(~/music/*/*/*) total=${#songs[@]} while true do song=${songs[$RANDOM%$total]} oggdec "$song" -o- | aplay -q done I'd like to be able to skip a song and go to the next,