WDS and client authentication

Hello Experts;
Currently I have 4 subnets with about 10 AP's apiece and 1 master WDS per subnet. When my clients roam from one subnet to another i cannot get another ip on the new subnet. The WDSs are configured exactly the same (except for hostname, etc) and they have connectivity to the dhcp servers. Is there anything that I am missing?

One or more client server groups on the WDS define client authentication.
When a client attempts to associate to an infrastructure AP, the infrastructure AP passes the credentials of the user to the WDS for validation. If the WDS sees the credentials for the first time, WDS turns to the authentication server to validate the credentials. The WDS then caches the credentials, in order to eliminate the need to return to the authentication server when the same user attempts authentication again. This chapter describes how to configure access points for Wireless Domain Services (WDS), fast, secure roaming of client devices, and radio management. This chapter contains these sections:
http://www.cisco.com/univercd/cc/td/doc/product/access/mar_3200/mar_wbrg/o13wds.htm

Similar Messages

  • WDS and IAS Authentication

    Hello !
    I'm trying to configure 15 Access Points AP1231 as follow :
    SSID1 mapped to VLAN 1 (also management VLAN) for Laptops. Encryption is WEP128 and Mac-authentication with Microsoft IAS server.
    SSID2 mapped to VLAN 10 (phone VLAN)for phones 7921. Encryption is WEP128 and there is no authentication fo the phones.
    I configure 1 AP as a WDS Master (priority 254). WDS registration works fine for all the 15 APs.
    My problem :
    it seems that when i activate WDS, MAC-authentication for ESSID1 doesn't work anymore (authentication failed for all the laptops).
    Can you help me ?

    WDS checks its local list for authentication . If the Mac address is not present it uses configured Radius server for authentication. Make sure Mac address is either in the Local list or Radius server. If you are using Radius server make sure Mac address is configured as user

  • Web Service, SSL and Client Authentication

    I tried to enable SSL with client authentication over a web service. I am using App Server 10.1.3.4.
    The test page requires my certificate (firefox asks me to choose the certificate) the response page of the web service returns this error:
    java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 405 Method Not Allowed
    Has anyone used web services with SSL client authentication?
    Any clue why?
    Regards

    Any comment?
    Thank you.

  • Regular and Client-authenticated HTTPS?

    Hello guys,
    I am having trouble editing the deployment descriptor. This is the first time I deal with HTTPS, and I have tried to solve my problem by reading documentation on my own (namely, the servlet specification 2.4).
    I am developing a web application to be run on Tomcat 6 with JRE 6. I need to secure my application; certain parts need to be accessed via regular HTTPS (i.e. without client-certificate authentication); other parts need to be accessed via client-certificate authenticated HTTPS. I am not all that sure if I am modifying my web.xml correctly. I also want to restrict the access method to POST (i.e. I want to deny GET requests to these pages).
    Right now, I have added the following to my web.xml:
    <security-constraint>
         <web-resource-collection>
              <web-resource-name>client-certificate authenticated pages</web-resource-name>
              <url-pattern>*.cca</url-pattern>
              <http-method>POST</http-method>
         </web-resource-collection>
         <auth-constraint>
              <role-name>cca_user</role-name>
         </auth-constraint>
         <user-data-constraint>
              <transport-guarantee>CONFIDENTIAL</transport-guarantee>
         </user-data-constraint>
    </security-constraint>
    <security-constraint>
         <web-resource-collection>
              <web-resource-name>regular https pages</web-resource-name>
              <url-pattern>*.rh</url-pattern>
              <http-method>POST</http-method>
         </web-resource-collection>
         <auth-constraint>
              <role-name>rh_user</role-name>
         </auth-constraint>
         <user-data-constraint>
              <transport-guarantee>CONFIDENTIAL</transport-guarantee>
         </user-data-constraint>
    </security-constraint>As you can probably notice, the two instances of <security-constraint> are almost identical. So here are the problems:
    1. Something must be missing before the difference between client-certificate-authenticated https and regular https is established.
    2. Since I want to force the use of client-certificate-authenticated https on requests to *.cca, I must let the application server know which client identity I am expecting. I still have no clue how to do that.
    3. I put <http-method>POST</http-method> in both instances of <security-constraint>, but I doubt it does what I mean it to do. It probably means to apply the security constraint only if the matching URLs are accessed via POST (i.e. no security is required when these pages are accessed via GET). This is not the behaviour that I want.
    Can somebody help me with the above problems?
    Edited by: SwordAngel on Jul 30, 2008 4:15 AM

    Hi Jacob,
    Take a look at the simple, one way SSL example [1] however it sounds
    like you want to have the client provide a cert back to the server,
    implying two-way SSL. You can find a two-way example here [2].
    Regards,
    Bruce
    [1]
    http://webservice.bea.com/simpleSSL.zip
    [2]
    http://webservice.bea.com/SSL2way.zip
    Jacob Anderson wrote:
    >
    Got some web services that are document and document wrapped. Have generated the
    client stubs using <clientgen> ANT task from BEA. Time to run a test against
    the web services, but they have to run on HTTPS. When I invoked my web service
    using the HTTPS://.... URL, I got this:
    [java] 5) testQuoteStubs(com.arrow.arrowsoap.client.QuoteServiceClientTest)
    weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from
    https://localhost:7002/QuoteService?WSDL. Please check the URL and make sure
    th
    at it is a valid XML file [javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIF
    ICATE - A corrupt or unuseable certificate was received.]
    Cool. So how do I assign a default CERT to the https client? This is on a developer
    instance of WL 8.1. I don't want to run the test on HTTP b/c I need to see how
    it works with HTTPS (need to simulate a bona fide downstream user). Any help
    is greatly appreciated.
    Thanks
    -Jake

  • WDS and DHCP issues

    Hi
    I have a series of 1200 series access points, set-up for WDS infrastructure mode to ACS and client authentication to Microsoft IAS.
    When set up in WDS mode, clients authenticate to the IAS server (and event viewer confirms this), but clients do not receive an ip address - even though they do DHCP requests.
    anyone offer advice on any similar issues?

    Can you provide more information on the deisgn?
    Are you using VLANs in your wireless config? If so, does your router or switch have the ip helper address specified for DHCP requests?
    If not, can you obtain an address when the client is plugged into the same port as the access point?

  • Handshake failure with client authentication

    Hi,
    I am using the JDK1.4 beta 3 to accomplish the following: I want to request an HTML page on an Apache webserver configured with SSL and client-authentication. It works with Netscape and Internet Explorer (and also with the openssl s_client test program)...
    But now I want to try it using Java... So, I wrote a very simple program based on some examples found on this forum... But i keep getting the following error (excerpt from the javax.net.debug=all command)
    As you can see the server request a client certificate that's issued by the certificate authority mentioned...
    *** CertificateRequest
    Cert Types: RSA, DSS,
    Cert Authorities:
    <[email protected], CN=Andy Zaidman, OU=stage, O=Kava's Certif
    icate Authority, L=Antwerp, ST=Antwerp, C=BE>
    [read] MD5 and SHA1 hashes: len = 180
    0000: 0D 00 00 B0 02 01 02 00 AB 00 A9 30 81 A6 31 0B ...........0..1.
    0010: 30 09 06 03 55 04 06 13 02 42 45 31 10 30 0E 06 0...U....BE1.0..
    0020: 03 55 04 08 13 07 41 6E 74 77 65 72 70 31 10 30 .U....Antwerp1.0
    0030: 0E 06 03 55 04 07 13 07 41 6E 74 77 65 72 70 31 ...U....Antwerp1
    0040: 25 30 23 06 03 55 04 0A 13 1C 4B 61 76 61 27 73 %0#..U....Kava's
    0050: 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 Certificate Aut
    0060: 68 6F 72 69 74 79 31 0E 30 0C 06 03 55 04 0B 13 hority1.0...U...
    0070: 05 73 74 61 67 65 31 15 30 13 06 03 55 04 03 13 .stage1.0...U...
    0080: 0C 41 6E 64 79 20 5A 61 69 64 6D 61 6E 31 25 30 .Andy Zaidman1%0
    0090: 23 06 09 2A 86 48 86 F7 0D 01 09 01 16 16 41 6E #..*.H........An
    00A0: 64 79 2E 5A 61 69 64 6D 61 6E 40 75 69 61 2E 61 [email protected]
    00B0: 63 2E 62 65 c.be
    *** ServerHelloDone
    [read] MD5 and SHA1 hashes: len = 4
    0000: 0E 00 00 00 ....
    *** Certificate chain
    JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
    *** ClientKeyExchange, RSA PreMasterSecret, v3.1
    Random Secret: { 3, 1, 38, 54, 219, 158, 32, 158, 155, 15, 55, 137, 216, 164, 4
    5, 65, 153, 142, 200, 98, 57, 251, 55, 6, 46, 124, 181, 161, 164, 234, 218, 75,
    195, 72, 218, 187, 182, 197, 4, 11, 249, 45, 3, 136, 207, 114, 236, 172 }
    [write] MD5 and SHA1 hashes: len = 141
    0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 64 92 2E .............d..
    0010: 42 2C A5 79 1D 2B A9 A5 D0 46 2A 1F 67 F3 49 28 B,.y.+...F*.g.I(
    0020: E0 ED 1D 85 E3 06 22 49 8A 79 02 48 E2 DD E6 75 ......"I.y.H...u
    0030: F3 C0 D3 A8 31 C0 18 94 7C 81 24 75 6A A1 0C 4F ....1.....$uj..O
    0040: 99 03 66 B8 37 4F 05 0D 5D CD F2 A0 10 F5 D5 F5 ..f.7O..].......
    0050: 50 66 49 91 CA C0 18 F1 07 E9 70 D0 CB EA 70 D3 PfI.......p...p.
    0060: 8E 13 55 E7 43 BD 94 1C D3 96 1F E9 67 93 57 62 ..U.C.......g.Wb
    0070: 91 5C E6 ED B1 75 9C A8 55 B7 50 DE CE 9B 1C EE .\...u..U.P.....
    0080: 57 62 20 9C F3 11 36 68 7A 38 62 79 D1 Wb ...6hz8by.
    main, WRITE: SSL v3.1 Handshake, length = 141
    SESSION KEYGEN:
    PreMaster Secret:
    0000: 03 01 26 36 DB 9E 20 9E 9B 0F 37 89 D8 A4 2D 41 ..&6.. ...7...-A
    0010: 99 8E C8 62 39 FB 37 06 2E 7C B5 A1 A4 EA DA 4B ...b9.7........K
    0020: C3 48 DA BB B6 C5 04 0B F9 2D 03 88 CF 72 EC AC .H.......-...r..
    CONNECTION KEYGEN:
    Client Nonce:
    0000: 3B E9 51 EF F3 13 65 11 4E D6 B7 B1 9F E8 F6 CB ;.Q...e.N.......
    0010: B5 2B 34 8F 87 53 66 61 33 BF 5A AD 7D 22 57 7D .+4..Sfa3.Z.."W.
    Server Nonce:
    0000: 3B E9 53 4E 03 37 E9 CD E8 DB 7C 54 9A 9E 53 B9 ;.SN.7.....T..S.
    0010: 78 E0 36 DF 06 17 07 90 2C D1 83 5E 20 05 DC E9 x.6.....,..^ ...
    Master Secret:
    0000: B5 A0 37 0A 2C 29 AD AC 99 B6 2F E0 4D 80 38 68 ..7.,)..../.M.8h
    0010: F7 4F 24 C4 AA 8C ED 25 A9 D6 90 33 4B 5A 0B 1D .O$....%...3KZ..
    0020: 11 A5 C9 E8 DB DE EF 9B 8D EB 7C 84 D6 AC 94 4F ...............O
    Client MAC write Secret:
    0000: F5 AF 61 5B B4 C2 A8 12 DA 7A FE A6 82 79 7F FC ..a[.....z...y..
    0010: B9 86 B2 C0 ....
    Server MAC write Secret:
    0000: 62 22 C6 39 91 E4 45 50 2A 49 E0 26 CF 16 3E 6A b".9..EP*I.&..>j
    0010: 46 19 00 D9 F...
    Client write key:
    0000: D9 D2 99 89 5C CA 2E 7D F3 B8 52 24 9E 01 9B 3B ....\.....R$...;
    Server write key:
    0000: 37 C3 37 78 8B 85 B0 FE 01 83 E2 6C F7 C6 73 33 7.7x.......l..s3
    ... no IV for cipher
    main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
    JsseJCE: Using JSSE internal implementation for cipher RC4
    *** Finished, v3.1
    verify_data: { 51, 236, 194, 3, 230, 37, 147, 76, 251, 233, 132, 207 }
    [write] MD5 and SHA1 hashes: len = 16
    0000: 14 00 00 0C 33 EC C2 03 E6 25 93 4C FB E9 84 CF ....3....%.L....
    Plaintext before ENCRYPTION: len = 36
    0000: 14 00 00 0C 33 EC C2 03 E6 25 93 4C FB E9 84 CF ....3....%.L....
    0010: 64 30 E3 0B 31 CF 7D C7 D6 17 D8 FB 31 23 F9 34 d0..1.......1#.4
    0020: 5D B9 47 F9 ].G.
    main, WRITE: SSL v3.1 Handshake, length = 36
    main, READ: SSL v3.1 Alert, length = 2
    main, RECV SSLv3 ALERT: fatal, handshake_failure
    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
    at java.io.OutputStream.write(OutputStream.java:61)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
    at HttpClient.main(HttpClient.java:105)
    Now, I am sure the certificate is in the keystore, because one of the first things I do in the program is print the certificates available in the keystore...
    Does anyone know what I'm doing wrong? If you need the code to make a proper judgement, I will post it...
    Tnx in advance!
    Greetz,
    Andy Zaidman
    [email protected]

    import java.net.*;
    import java.io.*;
    import java.security.*;
    import java.security.cert.*;
    import javax.net.ssl.*;
    import java.util.*;
    public class HttpClient
         public HttpClient(){}
         public static void main (String args[])
         try
              //This is my server certificate - public key
              String serverCertificateFile = "MyCA.cer";
              //This is my client personal certificate
              String clientCertificateFile = "MyPersonal.pfx";
              CertificateFactory cf = CertificateFactory.getInstance("X.509");
              KeyStore ks = KeyStore.getInstance("JKS");
              TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
              ks.load(null, null);
              java.security.cert.X509Certificate the_cert = (java.security.cert.X509Certificate) cf.generateCertificate(new FileInputStream(serverCertificateFile));
              ks.setCertificateEntry("server", the_cert);
              tmf.init(ks);
              for (Enumeration e = ks.aliases() ; e.hasMoreElements() ;)
         System.out.println(ks.getCertificate(e.nextElement().toString()).toString());
              KeyStore ks2 = KeyStore.getInstance("PKCS12", "SunJSSE");
              KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
              ks2.load(null, null);
              FileInputStream fin = new FileInputStream(clientCertificateFile);
              ks2.load(fin, "xxx".toCharArray());
              kmf.init(ks2, "xxx".toCharArray());
              fin.close();
              for (Enumeration e = ks2.aliases() ; e.hasMoreElements() ;)
         System.out.println(ks2.getCertificate(e.nextElement().toString()).toString());
              SSLContext ctx = SSLContext.getInstance("SSLv3");
              KeyManager[] km = kmf.getKeyManagers();
              for(int i = 0; i < km.length; ++i)
                   System.out.println(km);
              TrustManager[] tm = tmf.getTrustManagers();
              ctx.init(km, tm, null);
              // connection part
              SSLSocketFactory factory = ctx.getSocketFactory();
              SSLSocket socket = (SSLSocket)factory.createSocket("localhost", 443);
              for(int i = 0; i < socket.getEnabledCipherSuites().length; ++i)
                   System.out.println(socket.getEnabledCipherSuites()[i]);
              socket.startHandshake();
              PrintWriter out = new PrintWriter(
                        new BufferedWriter(
                        new OutputStreamWriter(
                        socket.getOutputStream())));
              out.println("GET " + "/" + " HTTP/1.1");
              out.println();
              out.flush();
         catch(Exception e)
              e.printStackTrace();

  • Client Authentication is not working

    Hi all..
    I have developed a web service with server and client authentication.. I had configured OC4J 10g successfully for client authentication but the problem is: I can NOT access the webservice from the browser the server says: no_certificate. the stub client works properly. I tried to install the certificate into IE explorer but it is not working. please help me ... Thanks in advance
    Khaled

    Hi
    How did you implement your solution to work with a client? I'm trying to authenticate users that try to access a webservice with basic authentication but I can't seem to make it work...
    Thanks in advanced
    Vitor

  • Enabling CLIENT-CERT and FORM authentication in same web-app

    Hi!
    I try to enable same behaviour in WLS 8.1 SP4 as is available in WLS 9.2 (one can define in web.xml to have many <auth-method>s, for example <auth-method>CLIENT-CERT,FORM<auth-method>, which states that first one tries authentication with token (Single Sign On case, for example) and if it is not successful then go to log-in page.
    My steps are as follows in my custom Servlet. We are using IE 6.0 as our web-client. We have configured our auth-method to be FORM, and in the <form-login-page> we have direction to that custom Servlet, which does the handling described below.
    1. If client does not send tokens in request, then set response header:
    response.setHeader("WWW-Authenticate", "Negotiate");
    response.sendError(response.SC_UNAUTHORIZED);
    This works fine and client starts to send his tokens
    2. Now check token, if it is valid, let user in, if not forward him to custom log-in page, for example:
    RequestDispatcher dispatcher = request.getRequestDispatcher("/login/login.html");
    dispatcher.forward(request, response);
    3. Client is forwarded to a log-in page as requested and he gives his credentials. Pushes OK
    log-in page is as defined in edocs:
    <form method="POST" action="j_security_check">
         <table border=1>
              <tr>
                   <td>Username:</td>
                   <td><input type="text" name="j_username"></td>
              </tr>
              <tr>
                   <td>Password:</td>
                   <td><input type="password" name="j_password"></td>
              </tr>
              <tr>
                   <td colspan=2 align=right><input type=submit value="Submit"></td>
              </tr>
         </table>
    </form>
    Now the interesting thing happens (I have investigated TCP traffic at server machine): client (in this case IE) seems to override somehow the credentials (j_password and j_username for HTTP headers, does not send them at all) but keeps on sending this 'Authorize'-field with invalid token instead.
    I have tried a Servlet that does not request WWW-Authenticate at all (in which case client does not start to send 'Authorize'-field). In this case those values are put to HTTP header OK and authentication is able to take place.
    Anyone has any ideas how can I force my clients to send those values from the HTML FORM described above? SHould I set something at response while I do the forward to the custom log-in page. I have tried virtually everything I can imagine (which seems to be not too much :-))...

    Solution found:
    The trick is to return "401" in response if ticket is not valid (do nothing else). This will end the negotiate between client and server
    In your web.xml, forward your 401 code to login page:
    <error-page>
    <error-code>401</error-code>
    <location>/form_login_page.html</location>
    </error-page>
    There might be a more straightforward way to do this (have all the page management within servlet), but I did not have time to investigate it further. This one at least works

  • XI 3.1 Client Tools and LDAP Authentication

    I have Business Objects XI 3.1 SP2 installed.  For the web clients (InfoView) single sign on and LDAP authentication are working correctly.  However when a user tries to log in using LDAP authentication to one of the client tools (Universe Designer, Webi Rich Client, etc) the error "Cannot access the repository (USR0013)" occurs with the following details:
    [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Security plugin error: Failed to set parameters on plugin.(hr=#0x80042a01)
    Are there troubleshooting or setup guides dealing specifically with LDAP authentication with the various client tools?

    Make sure that the File and Printer Sharing for Microsoft Networks component is installed and enabled on your clients.
    Take a look at note 1272536 (http://service.sap.com/notes)
    Regards,
    Stratos

  • Client authentication doesnt work between 1.0.3 and 1.4

    Hi!
    Has anyone else experienced the following problem?
    I programmed an client-server-application using an SSL connection.
    It works well if client and server run on the same java version (JRE 1.3
    with JSSE 1.0.3 or JRE 1.4). It also works well when server is running on
    JRE 1.4 and client on 1.3 with 1.0.3.
    But when I run the client with JRE 1.4 and the server with JDK 1.3 and JSSE
    1.0.3 the connection fails with the following exception:
    javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    Studiing the SSL debug outputs it occured to me that the client did not send
    his certificate as he was supposed to be because setNeedClientAuth was set
    to true.
    So i set NeedClientAuth to false and everything worked OK.
    Any ideas about how I can get client authentication working?
    If debug output is useful I will post it too.
    Thanks in advance.
    CU, Florian

    Hi!
    The described behaviour only shows up with Version 1.4.1 and 1.4.1_01. No problems with 1.4.0_03.
    Seems to be a bug in 1.4.1.
    CU, Florian

  • Client Authentication/Authorization via ISE & AD, Posture Registry Key, and mapped to specific DHCP scope by AD membership

    Hi Team,
    I'm currently working on a configuration entailing WLC and ISE where the customer wants a single SSID,and wants his wireless clients to authenticate successfully if they pass a registry key compliance.  Additionally, they want clients to received a different IP address or get mapped to a different DHCP scope based on the Microsoft AD group they belong too. for example:
    Client authenticating with registry key and in AD group ABC that passes authentication gets IP address or subnet for AD group ABC.
    Client authenticating with registry key and in AD group XXX that passes authentication gets IP address or subnet for AD group XXX.
    Clients---->WLC------>ISE-----> MS AD ( groups ABC, XXXX, YYY )
    currently using EAP-PEAP/MSCHAPv2
    Does anyone have any idea or pointers or can refer me somewhere that I can read on how to accomplish this?  Not sure on how to do the registry compliance check nor what attributes will allow me to map the client to a DHCP Scope based on this AD group membership? 
    Thanks...

    Do check cisco how to guides you will get step by step configuration of the current requirement
     

  • Is there any way to config iws6.0 to connect to LDAP directory using SSL client and server authentication.  Only SSL server authentication worked when I tried.

    As my previous question, I followed the following instructions to setup up connection between iws and an LDAP server.
    "Using SSL to Communicate with LDAP
    You should require your Administration Server to communicate with LDAP using SSL. To enable SSL on your Administration Server, perform the following steps:
    1.Access the Administration Server and choose the Global Settings tab.
    2.Click the Configure Directory Service link.
    3.Select Yes to use Secure Sockets Layer (SSL) for connections.
    4.Click Save Changes.
    5.Click OK to change your port to the standard port for LDAP over SSL. "
    Q1. Any other steps needed to setup client authentication (or mutual authentication)?
    Q2. Do I need to enable security for connection groups in order to have this setup to work?

    Check out:
    http://docs.iplanet.com/docs/manuals/enterprise/60sp1/ag/esecurty.htm#1008113
    You will need to turn on Client Auth as described above. Hope it helps.

  • Defining an Authentication Scheme for user ID and password and client certi

    Hi,
                    I do need to define an Authentication Scheme for user ID/Password and client certificate,, both at the same time, so whenever the end user access the SAP Portal he/she will be asked to provide user and password as well digital certificate,
                    Despite of the whole idea behind o f the concept of digital certificate, my client sill wants to keep the user ID and password to complies with business requirements.
         I found a documentation that discuss Authentication Scheme with example using both ID and Digital certificate, but the priority was set different for each authentication method.
    http://help.sap.com/saphelp_nw04s/helpdata/en/d3/1dd4516c518645a59e5cff2628a5c1/content.htm
         So I am wondering with I can accomplish User ID/Pwd plus digital certificate just by making the priority the same value. Anyone had a similar requirement?
    Best Regards
    Claudio Rocha

    Hi
    Did you get an answer for this Query ?
    Regards
    Priyanka

  • WDS and authentication

    We have 1200 APs configured with mobility networks (mGRE tunnels terminated on a WLSM). The APs are pointed at the WLSM WDS and pass their authentication requests to the WLSM acting as the WDS using WLCCP. However, these APs also provide wireless access to the local wired networks. This can be configured, but it appears that all authentication requests go via the WDS (i.e. all locally configured RADIUS servers for local network authentication are ignored).
    The WLSM Deployment Guide suggests that it is possible to have "WDS" and "non-WDS" SSIDs coexist. The consequence is that the availability of the WDS (on the WLSM) becomes critical, even for APs which could authenticate local wireless users through RADIUS servers configured directly on the AP.

    WDS checks its local list for authentication . If the Mac address is not present it uses configured Radius server for authentication. Make sure Mac address is either in the Local list or Radius server. If you are using Radius server make sure Mac address is configured as user

  • Xgrid server admin controller tab won't create password entries for client and agent authentication.

    I am trying to set up password-based access for my OSX Server 10.7.3 running on a mac mini.  When I try to enter passwords into the Client Authentication and Agent Authentication fields from the Controller tab and click Save, the fields empty out.  When I then try to start the Xgrid service, it fails with an error in the log file controller missing password file "/etc/xgrid/controller/agent-password".  Can someone help?
    Thanks,
    Chris

    Thanks for the pointer to createhomedir - that did indeed do the trick. (How on earth do people find these little nuggets).
    I hesitate to mark this as solved however - it's a functioning workaround, but does nothing to explain why on earth the GUI suddenly stopped functioning.
    But in the (likely) event that that question never gets answered, thanks again for letting me get on with working!

Maybe you are looking for