WDS and IAS Authentication

Similar Messages

• WDS and client authentication

  Hello Experts;
  Currently I have 4 subnets with about 10 AP's apiece and 1 master WDS per subnet. When my clients roam from one subnet to another i cannot get another ip on the new subnet. The WDSs are configured exactly the same (except for hostname, etc) and they have connectivity to the dhcp servers. Is there anything that I am missing?

  One or more client server groups on the WDS define client authentication.
  When a client attempts to associate to an infrastructure AP, the infrastructure AP passes the credentials of the user to the WDS for validation. If the WDS sees the credentials for the first time, WDS turns to the authentication server to validate the credentials. The WDS then caches the credentials, in order to eliminate the need to return to the authentication server when the same user attempts authentication again. This chapter describes how to configure access points for Wireless Domain Services (WDS), fast, secure roaming of client devices, and radio management. This chapter contains these sections:
  http://www.cisco.com/univercd/cc/td/doc/product/access/mar_3200/mar_wbrg/o13wds.htm

• WDS and IAS server

  Any idea how i can get WDS working in a Windows 2003 IAS server environment? The AP doesn't seem to be sending any login requests to the IAS server. My WDS AP is not authenticating to the IAS.
  Thanks
  QH

  Have you applied all the required patches from Microsoft??

• 1200 AP and IAS authentication

  I am just trying to verify that a Cisco access point will not allow windows clients to authenticate to a Microsoft IAS server without using a certificate. It looks as if you have two choices PEAP and SmartCard/Digital Certificate and that is it, am I correct?

  The AP itself doesn't actually care about the protocols - it approves the authentication based on the instructions of the radius server, in your case IAS. You are correct, in that when using IAS and the built-in supplicant on windows your only choices are essentially EAP-TLS and EAP-PEAP.
  Since the 802.1x authentication itself isn't encrypted or protected, its up to the EAP protocols to build in credential and privacy protections to its authentication method - the easiest way to do this is with certificate-based methods.
  - mike

• WDS and authentication

  We have 1200 APs configured with mobility networks (mGRE tunnels terminated on a WLSM). The APs are pointed at the WLSM WDS and pass their authentication requests to the WLSM acting as the WDS using WLCCP. However, these APs also provide wireless access to the local wired networks. This can be configured, but it appears that all authentication requests go via the WDS (i.e. all locally configured RADIUS servers for local network authentication are ignored).
  The WLSM Deployment Guide suggests that it is possible to have "WDS" and "non-WDS" SSIDs coexist. The consequence is that the availability of the WDS (on the WLSM) becomes critical, even for APs which could authenticate local wireless users through RADIUS servers configured directly on the AP.

  WDS checks its local list for authentication . If the Mac address is not present it uses configured Radius server for authentication. Make sure Mac address is either in the Local list or Radius server. If you are using Radius server make sure Mac address is configured as user

• IAS and MAC authentication

  Hi, I´m having some trouble to authenticate the users with EAP and MAC authentication, i´m using IAS server and the EAP authentication is working well, but when I configure the MAC and EAP authentication, it doesn´t connect to the clients.
  Any idea how can I solve this problem??
  Thansk

  I think MAC authentication is not supported in IAS , you can do MAC address filtering on AP

• WDS and DHCP issues

  Hi
  I have a series of 1200 series access points, set-up for WDS infrastructure mode to ACS and client authentication to Microsoft IAS.
  When set up in WDS mode, clients authenticate to the IAS server (and event viewer confirms this), but clients do not receive an ip address - even though they do DHCP requests.
  anyone offer advice on any similar issues?

  Can you provide more information on the deisgn?
  Are you using VLANs in your wireless config? If so, does your router or switch have the ip helper address specified for DHCP requests?
  If not, can you obtain an address when the client is plugged into the same port as the access point?

• WDS AND WLSE

  Hi all , one we have set up the wds, what would happen if my wlse device broke? would this take down my wds service ?

  Sorry I forgot to answer this.
  As I mentioned, WLSE is just monitoring.
  Only If WLSE is being used as Radius server, then the NEW authentications might fail.
  "Might", because remember that WDS will try to cache the credentials, for example, for roaming.
  But sometimes it cache it for a long time. And additionally the current authenticated users will still be associated and authenticated. So only if a  new user trys to associate and authenticate, you will notice that the authentication is not working.
  Now, the other possibility is that you are using a backup WDS and or backup radius server. So everything will keep working as expected.

• Cisco ACS 4.2 and Radius authentication?

  Hi,
  I have a Cisco ACS 4.2 installed and using it to authenticate users that log on to switches using TACACS+, when I use local password database, everything is working. But if i try to use external database authentication using a windows 2008 radius server, I have problem that I can only use PAP, not CHAP. Anyone who know if it's possible to use CHAP with external radius authentication?

  To access network devices for administrative purpose, we have only three methods available :
  [1] Telnet : Which uses PAP authentication protocol between client and the NAS device. So the communication between Client and NAS is unencrypted,  and when this information flows from NAS to IAS server gets encrypted using the shared secret key configured on device/IAS server.
  [2] SSH : Which uses  public-key cryptography for encrypting information between client and the NAS device, i.e, information sent between client 
  and NAS is fully secure. And the communication between NAS and IAS is encrypted using shared secret same as above. Good point on SSH side is that commincation channel is secure all the time.Again the authentication type would remain same that is PAP.
  [3] Console:Which is also the same it will not allow to use MSCHAP as there is no need to secure it as you laptop is connected directly to the NAS and then if you are using TACACS it will encrypt the payload .
  Summarizing, we cannot use CHAP, MS-CHAP, MS-CHAP V2 for communication between client and NAS device or administrative access.
  And the most secure way to administer a  device is to use SSH.
  Rgds, Jatin
  Do rate helpful post~

• Portal Drive Single Sign On and Kerberos Authentication

  Hi,
  We are using NW2004s SP10 Portal and we have successfully configured Kerberos authentication with Windows Active Directory 2003. To access the KM Content in windows explorer format, we are using Portal Drive but Portal Drive still asks for authentication i.e. SSO is not working for Portal Drive. I have understood from the forums and sap help site that SSO from portal drive will work only for NTLM authentication and client certificates. Can you please help regarding below questions.
  1. Can Kerberos and NTLM authentication be configured together.
  2. If yes, what are the steps to configure NTLM authentication for NW2004s SAP Portal and Active Directory 2003.
  3. Any other approach to make Portal Drive SSO work.
  Helpful answers will be rewarded.
  Regards,
  Chandra

  Hi Gregor,
  I did two things:
  first i made a change in the portalapp.xml in the PAR file "com.sap.km.cm.par". In the section authentication scheme for "docs" I changed the authentication scheme to "default" to make sure that documents are opened using the default authentication scheme (SPNego) instead of basic authentication
  second, I used the SPNego wizard to configure SPNego. So I didn't adjust anything in the Visual Admin or the authentication template apart from adding the Template to the Ticket policy configuration.
  Again, this only worked after installing the latest vesion.
  Hope this helps
  Marcel

• Graphics builder and os authentication

  I'm running on NT 4 sp6. I'm trying to get OS authentication working with graphics. It works great for forms and reports, but I cannot get graphics builder or the graphics runtime to work with os authentication. I've tried it with developer 2000 r2 and 6i release 2. Thanks is advance.
  null

  Is the state of OCCI and OS Authentication still the same? Or has it changed in the 2.5 years since this question was first asked and answered?
  I've yet to find any indication that it is now supported, but could I confirmation of that fact?
  If it is not, what is the Oracle recommended method for accomplishing this?

• Remote users sending email - RBL and SMTP authentication

  I've read about the problem of using RBL's with remote Outlook IMAP/SMTP users who may be using dynamically assigned IP addresses. There is a good chance that they will be appear on the RBL and so not be able to send email via the GWIA.
  One work around is to have them send their email via their ISP's SMTP server, but this is a pain, because when they are back in the office, then need to switch their SMTP server back to the inhouse one.
  So on the GW 7.0.3 server running on SLES 10, I wondered if the one host could handle multiple GWIA's??
  1st existing GWIA:
  To handle the regular in/out email with RBL's protection on it.
  2nd new GWIA on a separate port but same IP address to handle just inbound email. This would be used by remote users and require authentication so no need for an RBL on it.
  Is this a sound approach?
  Any gotchas for setting up two gwia's on the one server and IP address besides separate ports?
  I am aware there is the option of using the Groupiwse client or webmail, but firstly these users don't want to change from 'LookOut" due to their address book synch with their mobile phones and secondly sometimes they like to use their smart phones for remote email synchronisation.

  Maybe I should simplify this a little...
  Can the one host handle multiple GWIA's??
  1st existing GWIA:
  To handle the regular in/out email with RBL's protection on it.
  2nd new GWIA on the same host and IP address, but on a separate port to handle just inbound email. This would be used by remote users and require authentication.

• Can we provide UN and pwd Authentication 4r SMTP Mail Configuration

  Dear All,
  Previously we are able to send the mails from SAP to Outside World. After chaning the Mail Server to MS Exchange 2003
  We enabled the Port the 25.
  We are facing a problem While configuring a mail via SMTP for Exchange Server 2003.
  Throws an Error Message:
  Internal error: CL_SMTP_RESPONSE ESMTP error code is not known. 554 554 > : Recipient add
  As per network Team :
  Unless we provide a Username and password, the Send/Receive process does not happen.
  Is there any option in SAP - SMTP Mail Configuration to Provide user and password Authentication.
  I searched in SDN as well as in market place. but i could not succeed. Please guide me the process.
  Regards
  SNB.

  Hi we are configuring Google SMTP getting below error..
  No delivery to xxx.com, authentication required
  Message no. XS856
  Diagnosis
  The message was processed successfully in the SAP system. The mail server that is to receive the message for further processing requires authentication. Probably there is no logon data specified in the SAPconnect configuration.
  Information from external system (if available)
  smtp.gmail.com:587
  530 5.7.0 Must issue a STARTTLS command first. i91sm11178241qgd.25 - gsmtp
  Procedure
  Enter the logon data in the SAPconnect node.
  Using Gmail SMTP server using "smtp.gmail.com" with port 587
  Please advise.
  Regards,
  Sudarshan

• XI 3.1 Client Tools and LDAP Authentication

  I have Business Objects XI 3.1 SP2 installed.  For the web clients (InfoView) single sign on and LDAP authentication are working correctly.  However when a user tries to log in using LDAP authentication to one of the client tools (Universe Designer, Webi Rich Client, etc) the error "Cannot access the repository (USR0013)" occurs with the following details:
  [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Security plugin error: Failed to set parameters on plugin.(hr=#0x80042a01)
  Are there troubleshooting or setup guides dealing specifically with LDAP authentication with the various client tools?

  Make sure that the File and Printer Sharing for Microsoft Networks component is installed and enabled on your clients.
  Take a look at note 1272536 (http://service.sap.com/notes)
  Regards,
  Stratos

• Username and Password authentication

  Hi,
  I am new to both JDBC and MSSQL. I've been connecting to msSQL server without providing username and password (DriverManager.getConnection(String url)). I am wondering how to enforce the username and password authentication so that username and password have to be verified before a connection is made. Thanks in advance.

  but where can I get the username & password? I can get
  the connection even with any username & password, why?Hi WeiHang,
  This is regarding the options you have set in the SQL Server. You have to choose from Windows NT authentication and SQL Server Authentication. If you give SQL Server authentication you have mentioned the username and password and you can connect to database simple using DSN(if you are using JDBC-ODBC). However if you choose WindowsNT authentication you donot specify the user name and password there and you have to enter the same at runtime.
  Hope this can help you