Wired PC's with PEAP and RADIUS - how to join to a domain?

I realize this seems like a 'chicken vs. egg' question, but I'm wondering if there is an answer.
<br />
<br />We're in the process of implementing RADIUS authentication using PEAP and IAS on our network.
<br />
<br />(Server 2003, WinXP Pro, and Cisco hardware)
<br />
<br />My test network is working well, however the one glitch that we've come across is joining new PC's to the domain. Because the switch will not authenticate the machine or the user - we can't get access to join the machine to the domain controller.
<br />
<br />Is there a simple workaround for this, or do we have to disable AAA on the switch temporarily, every time we want to join/rejoin and machine?
<br />
<br />Thanks in advance!
<br />Rob

If you are running 802.1x on your switches for wired users, then you either need to stage the machines first by having them join the domain and then pushing out the appropriate certificates to the machine. You can always have ports that don't have 802.1x configured to get this working.

Similar Messages

  • When I get an i.m on ichat it mixes up the letters with uppercase and lowercase how do I fix that?

    When I get an i.m on ichat it mixes up the letters with uppercase and lowercase how do I fix that?

    Hi,
    Depends.
    Is it some sort of Incoming Override you have or their Outgoing IM Style ?
    Go to the iChat Menu > Preferences > Alerts
    Select Message Received in the top item/Drop down.
    When selected check that the Apple Script option is Not On
    If it is is the AppleScript Selected the Mix Message Case one ?
    This is iChat 5 only (this particular AppleScript)
    If the Buddy has it set against Send Message they Output Mixed Case IMs so it could be from the other end.
    8:37 PM      Saturday; May 7, 2011
    Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb( 10.6.7)
    , Mac OS X (10.6.7),
    "Limit the Logs to the Bits above Binary Images."  No, Seriously

  • Cisco ISE with TACACS+ and RADIUS both?

    Hello,
    I am initiating wired authentication on an existing network using Cisco ISE. I have been studying the requirements for this. I know I have to turn on RADIUS on the Cisco switches on the network. The switches on the network are already programmed for TACACS+. Does anybody know if they can both operate on the same network at the same time?
    Bob

    Hello Robert,
    I believe NO, they both won't work together as both TACACS and Radius are different technologies.
    It's just because that TACACS encrypts the whole message and Radius just the password, so I believe it won't work.
    For your reference, I am sharing the link for the difference between TACACS and Radius.
    http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml
    Moreover, Please review the information as well.
    Compare TACACS+ and RADIUS
    These sections compare several features of TACACS+ and RADIUS.
    UDP and TCP
    RADIUS uses UDP while TACACS+ uses TCP. TCP offers several advantages over UDP. TCP offers a connection-oriented transport, while UDP offers best-effort delivery. RADIUS requires additional programmable variables such as re-transmit attempts and time-outs to compensate for best-effort transport, but it lacks the level of built-in support that a
    TCP transport offers:
    TCP usage provides a separate acknowledgment that a request has been received, within (approximately) a network round-trip time (RTT), regardless of how loaded and slow the backend authentication mechanism (a TCP acknowledgment) might be.
    TCP provides immediate indication of a crashed, or not running, server by a reset (RST). You can determine when a server crashes and returns to service if you use long-lived TCP connections. UDP cannot tell the difference between a server that is down, a slow server, and a non-existent server.
    Using TCP keepalives, server crashes can be detected out-of-band with actual requests. Connections to multiple servers can be maintained simultaneously, and you only need to send messages to the ones that are known to be up and running.
    TCP is more scalable and adapts to growing, as well as congested, networks.
    Packet Encryption
    RADIUS encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can be captured by a third party.
    TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header. Within the header is a field that indicates whether the body is encrypted or not. For debugging purposes, it is useful to have the body of the packets unencrypted. However, during normal operation, the body of the packet is fully encrypted for more secure communications.
    Authentication and Authorization
    RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization.
    TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting. After a NAS authenticates on a Kerberos server, it requests authorization information from a TACACS+ server without having to re-authenticate. The NAS informs the TACACS+ server that it has successfully authenticated on a Kerberos server, and the server then provides authorization information.
    During a session, if additional authorization checking is needed, the access server checks with a TACACS+ server to determine if the user is granted permission to use a particular command. This provides greater control over the commands that can be executed on the access server while decoupling from the authentication mechanism.
    Multiprotocol Support
    RADIUS does not support these protocols:
    AppleTalk Remote Access (ARA) protocol
    NetBIOS Frame Protocol Control protocol
    Novell Asynchronous Services Interface (NASI)
    X.25 PAD connection
    TACACS+ offers multiprotocol support.
    Router Management
    RADIUS does not allow users to control which commands can be executed on a router and which cannot. Therefore, RADIUS is not as useful for router management or as flexible for terminal services.
    TACACS+ provides two methods to control the authorization of router commands on a per-user or per-group basis. The first method is to assign privilege levels to commands and have the router verify with the TACACS+ server whether or not the user is authorized at the specified privilege level. The second method is to explicitly specify in the TACACS+ server, on a per-user or per-group basis, the commands that are allowed.
    Interoperability
    Due to various interpretations of the RADIUS Request for Comments (RFCs), compliance with the RADIUS RFCs does not guarantee interoperability. Even though several vendors implement RADIUS clients, this does not mean they are interoperable. Cisco implements most RADIUS attributes and consistently adds more. If customers use only the standard RADIUS attributes in their servers, they can interoperate between several vendors as long as these vendors implement the same attributes. However, many vendors implement extensions that are proprietary attributes. If a customer uses one of these vendor-specific extended attributes, interoperability is not possible.
    Traffic
    Due to the previously cited differences between TACACS+ and RADIUS, the amount of traffic generated between the client and server differs. These examples illustrate the traffic between the client and server for TACACS+ and RADIUS when used for router management with authentication, exec authorization, command authorization (which RADIUS cannot do), exec accounting, and command accounting (which RADIUS cannot do).

  • Having a problem with PEAP and Cisco 2960 Switch

    Hi All,
        I am attempting to use PEAP with a LDAP backend on FreeRadius witht he MS Supplicant.  I have it all working, in debug on the Radius server I see it sending all the information, the tunnel, medium etc. but with PEAP the Cisco switch is not changing VLANS.  If I install the Cisco or Juniper client it works just fine if I use eap-mschapv2 but peap-mschapv2 does not switch the port to the right vlan.  Is there something extra on the switch I need to do to allows PEAP or is there something on the FreeRadius? 
        The only difference between the PEAP and EAP versions that I can tell is that the PEAP authenticates ands the information is sent once(according to the debug on the Radius server) where as with the EAP the connection information is sent several times, that is I will see the Tunnell and medium info sent more then once in the Radius log for just one login.
    Any ideas?

    Thought I mentioned the client in the first post, I am using the 3 different types of clients with a goal of getting the MS client to work.  I am using the Juniper Odyssey client, Cisco CSSC client and the MS built-in client.  I mentioned the EAP-MSChanpV2 because I tested that login so I could compare the Radius output with that of PEAP-MSChapV2.  I did not release logs from the Radius server because it seems to be centered with something on the switch changing Vlans but if you want output I can give that..
    CSSC Client pops out:
    14:25:08.453  Network Connection requested from user  context.
    14:25:08.468  Connection authentication started using the logged in  user's credentials.
    14:25:08.468  Port state transition to  AC_PORT_STATE_CONNECTING(AC_PORT_STATUS_STARTED)
    14:25:08.796  Port state  transition to  AC_PORT_STATE_UNAUTHENTICATED(AC_PORT_STATUS_8021x_FORCED_UNAUTH)
    14:25:09.828   Port state transition to  AC_PORT_STATE_AUTHENTICATING(AC_PORT_STATUS_8021x_ACQUIRED)
    14:25:09.843   Identity has been requested from the network.
    14:25:09.875  Identity has been  sent to the network.
    14:25:09.890  Authentication started using method type  EAP-PEAP, level 0
    14:25:09.890  The server has requested using authentication  type: EAP-PEAP
    14:25:09.890  The client has requested using authentication  type:  EAP-PEAP
    14:25:09.968  Profile does not require server  validation.
    14:25:10.031  Identity has been requested from the  network.
    14:25:10.031  Identity has been sent to the  network.
    14:25:10.046  Authentication started using method type  EAP-MSCHAP-V2, level 1
    14:25:10.046  The server has requested using  authentication type: EAP-MSCHAP-V2
    14:25:10.046  The client has requested  using authentication type:  EAP-MSCHAP-V2
    14:25:10.078  Port state transition  to AC_PORT_STATE_AUTHENTICATED(AC_PORT_STATUS_EAP_SUCCESS)
    14:25:10.078  The  authentication process has succeeded.
    *************************Raidus Ouptut for PEAP:**************************
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.7 seconds.
    Waking up in 0.7 seconds.
    Waking up in 0.1 seconds.
    Waking up in 3.7 seconds.
    Waking up in 0.1 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for anonymous
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    rlm_ldap: object not found or got ambiguous search result
    [ldap] search failed
    rlm_ldap: ldap_release_conn: Release Id: 0
    [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
    Waking up in 0.9 seconds.
    Waking up in 0.9 seconds.
    Waking up in 0.9 seconds.
    Waking up in 0.8 seconds.
    Waking up in 0.8 seconds.
    Waking up in 0.8 seconds.
    [ldap] performing user authorization for RadiusUser
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.8 seconds.
    [ldap] performing user authorization for RadiusUser
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.8 seconds.
    [ldap] performing user authorization for RadiusUser
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.8 seconds.
    Waking up in 0.7 seconds.
    Waking up in 3.7 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    Ready to process requests.
    **************************Radius ouput for EAP******************************
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.7 seconds.
    Waking up in 0.7 seconds.
    Waking up in 0.1 seconds.
    Waking up in 3.7 seconds.
    Waking up in 0.1 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    Waking up in 3.9 seconds.
    Ready to process requests.
    Hope that Helps.

  • I can't seem to see sync my mac and iphone using iCloud with numbers and pages how can i correct this?

    Hi
    I've used Numbers and Pages for IOS for sometime now and when i use safari to look at my icloud account i can see all my files. Recently i bought Numbers for Mac and now whenever i create a spreadsheet on my mac i can't see it on my iphone but i can if i login to icloud. In fact i can only see about 16 files on my iphone when there is over 40 files.
    Although i don't yet have pages for mac i now have a similar problem with Pages, whenever i edit a file or even create a file on IOS it doesn't appear in icloud.
    I did think it was something to do with me not selecting backup to icloud so i then spent £14 to upgrade my storage to 15GB and that hasn't helped.
    I've checked all the settings and can't see anythng that will cause the problem.
    My iphone is running IOS 6 and my Mac is running Mountain Lion 10.8.2
    Does anyone know how to correct this mess?
    Many thanks in advance.
    Mick.

    Problems with buttons and links at the top of the page not working can be caused by an extension like the Yahoo! Toolbar or a Babylon extension that extents too much downwards and covers the top part of the browser window and thus makes links and buttons in that part of the screen not clickable.
    *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes
    Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance).
    *Do not click the Reset button on the Safe mode start window or otherwise make changes.
    *https://support.mozilla.org/kb/Safe+Mode

  • How to join to virtual domain from windows 8.1 host ??

    Hi there
    does it possible to join to virtual domain from windows 8.1 host or not ??
    I installed windows 8.1 on my system as host windows and then enable windows 8.1 hyper-v and installed windows server 2012 r2 and installed active directory domain service 
    now I want to join to this domain from my windows 8.1 but I can't . I create a user in active directory users and comupers and do it's DNS but can't complete  .
    give me this Error that may be the domain name is not correct or the user name or password is incorrect 
    please help me how can I join to virtual domain from windows 8.1 host in my pc ??
    thanks
    Regards :
    Raha
    whit the best regard : Raha

    Yes, you can.
    You will need to configure the virtual network switch as either internal or external.
    Then, you'll need to specify the IP address of the virtual Domain Controller as a DNS Server on the Windows 8.1 device.

  • Wired 802.1x with PEAP

    I have manage to get wired 802.1x working using Windows Active Directory as the database. With machine authentication, single-signon can be achieved.
    Setup:
    C3750 switch - Cisco ACS 3.2 - Windows AD
    Sequence of events:
    1. 802.1x machine authentication
    2. User logs in to domain
    3. 802.1x with user credentials
    But, I have the following issues:
    i. If user logs in using local account, it takes 3 minutes (default dot1x switch timers) for the port to turn unauthorized. Is it possible to place the port in unauthorized state immediately?
    ii. If the user 802.1x login has dynamic VLAN assignment, the AD scripts do not run. It seems that the AD scripts can't run if there is a change of IP address upon login (difference in VLAN for 'machine authentication' and 'user login').
    Any solution for this?
    Tks

    2 issues here:
    *Cached credentials for Microsoft supplicannts. Microsoft's authentication strategy in general reflects, and WLAN roaming would be difficult without the use of cached credentials. If cached credentials are not desired, would recommend another supplicant.
    * Falied Authentication for a local account. It should try to dot1x authenticate this user. For PEAP as an example, you would see the username as \. Now, a port will only be placed into a HELD state if a RADIUS-Reject is sent to the switch. A RADIUS-Reject will only be sent to the switch if the attempt is actually "failed" as opposed to silently discarded, packet lost in transit, etc. Taking 3 minutes to actually fail an attempt is indeed way too long, but the switch is probably doing what RADIUS is telling it to do. (this can be verified by a sniffer trace or debugs). Correspinding logs on RADIUS would help as well.

  • Problem with EAP and RADIUS

    Hi *,
      I have the following problem with RADIUS and EAP authentication.
    Radius server sends an "Access-Accept" packet to my AP, but the station does not authenticate.
    I've tried with different encryption configuration and with different authentication methods under "dot11 essid", but nothing changes...
    What could it be?
    Debug piece and configuration follows:
    *Jan 25 14:23:34.795: RADIUS/ENCODE(00000012): acct_session_id: 17*Jan 25 14:23:34.795: RADIUS(00000012): sending*Jan 25 14:23:34.799: RADIUS:   4E 47 56 7A 78 65 4A 4F 55 31 47 40 77 6C 61 6E  [NGVzxeJOU1G@wlan]*Jan 25 14:23:34.799: RADIUS:   2E 6D 6E 63 30 30 31 2E 6D 63 63 30 30 31 2E 33  [.mnc001.mcc001.3]*Jan 25 14:23:34.799: RADIUS:   67 70 70 6E 65 74 77 6F 72 6B 2E 6F 72 67        [gppnetwork.org]*Jan 25 14:23:34.799: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]*Jan 25 14:23:34.799: RADIUS:  NAS-Port            [5]   6   265                       *Jan 25 14:23:34.799: RADIUS:  NAS-Port-Id         [87]  5   "265"*Jan 25 14:23:34.799: RADIUS:  NAS-IP-Address      [4]   6   192.168.173.2             *Jan 25 14:23:34.811: RADIUS/DECODE: EAP-Message fragments, 20, total 20 bytes*Jan 25 14:23:34.831: RADIUS/ENCODE(00000012):Orig. component type = DOT11*Jan 25 14:23:34.831: RADIUS:  AAA Unsupported Attr: ssid              [265] 8   *Jan 25 14:23:34.831: RADIUS:   57 69 66 69 45 41                                [WifiEA]*Jan 25 14:23:34.831: RADIUS:  AAA Unsupported Attr: interface         [157] 3   *Jan 25 14:23:34.831: RADIUS:   32                                               [2]*Jan 25 14:23:34.831: RADIUS(00000012): Config NAS IP: 192.168.173.2*Jan 25 14:23:34.831: RADIUS/ENCODE(00000012): acct_session_id: 17*Jan 25 14:23:34.835: RADIUS(00000012): sending*Jan 25 14:23:34.835: RADIUS:   10 01 00 01 07 05 00 00 D9 37 C3 D9 79 3E 33 EA  [?????????7??y>3?]*Jan 25 14:23:34.835: RADIUS:   F3 7D 73 43 BF BA D0 6A                          [?}sC???j]*Jan 25 14:23:34.835: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]*Jan 25 14:23:34.835: RADIUS:  NAS-Port            [5]   6   265                       *Jan 25 14:23:34.835: RADIUS:  NAS-Port-Id         [87]  5   "265"*Jan 25 14:23:34.835: RADIUS:  NAS-IP-Address      [4]   6   192.168.173.2             *Jan 25 14:23:35.035: RADIUS: Received from id 1645/64 192.168.177.158:1812, Access-Challenge, len 304*Jan 25 14:23:35.039: RADIUS:   46 10 78 5F 5F B0 CB 6C 0B 05 00 00 DA C3 BF 28  [F?x__??l???????(]*Jan 25 14:23:35.039: RADIUS:   E0 18 2B 95 97 C2 0A D7 40 53 FE 62              [??+?????@S?b]*Jan 25 14:23:35.039: RADIUS(00000012): Received from id 1645/64*Jan 25 14:23:35.039: RADIUS/DECODE: EAP-Message fragments, 60+220, total 280 bytes*Jan 25 14:23:35.355: RADIUS/ENCODE(00000012):Orig. component type = DOT11*Jan 25 14:23:35.355: RADIUS:  AAA Unsupported Attr: ssid              [265] 8   *Jan 25 14:23:35.355: RADIUS:   57 69 66 69 45 41                                [WifiEA]*Jan 25 14:23:35.355: RADIUS:  AAA Unsupported Attr: interface         [157] 3   *Jan 25 14:23:35.359: RADIUS:   92 DA 5E 26 CF 40 01 22 7A 8E F5 C1              [??^&?@?"z???]*Jan 25 14:23:35.359: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]*Jan 25 14:23:35.359: RADIUS:  NAS-Port            [5]   6   265                       *Jan 25 14:23:35.359: RADIUS:  NAS-Port-Id         [87]  5   "265"*Jan 25 14:23:35.359: RADIUS:  NAS-IP-Address      [4]   6   192.168.173.2             *Jan 25 14:23:35.367: RADIUS: Received from id 1645/65 192.168.177.158:1812, Access-Accept, len 30*Jan 25 14:23:35.367: RADIUS:  authenticator 8C 2C 1B 97 82 BB 6C 7F - AA D3 4A AB CA 22 8B B7*Jan 25 14:23:35.367: RADIUS:  EAP-Message         [79]  10  *Jan 25 14:23:35.367: RADIUS:   03 01 00 04 00 00 00 00                          [????????]*Jan 25 14:23:35.371: RADIUS(00000012): Received from id 1645/65*Jan 25 14:23:35.371: RADIUS/DECODE: EAP-Message fragments, 8, total 8 bytes*Jan 25 14:23:35.671: %DOT11-7-AUTH_FAILED: Station d023.dbb8.d6a9 Authentication failed
    Config:
    aaa new-model!aaa group server radius rad_eap server-private 192.168.177.158 auth-port 1812 acct-port 1813 key 7 044803071D2448!aaa authentication login eap_methods group rad_eapaaa authorization exec default if-authenticated aaa authorization network default if-authenticated !         aaa session-id commonip name-server 192.168.177.45!                dot11 ssid WifiEAP1   vlan 10   authentication open eap eap_methods    authentication shared eap eap_methods   authentication key-management wpa optional   guest-mode!         bridge irb!         interface Dot11Radio0 no ip address no ip route-cache !        encryption vlan 10 mode ciphers aes-ccm tkip wep128 !        broadcast-key vlan 10 change 300 !        ssid WifiEAP1 !        antenna gain 0 station-role root!         interface Dot11Radio0.10 encapsulation dot1Q 10 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!         interface GigabitEthernet0 ip address 192.168.173.3 255.255.255.0 no ip route-cache!         interface GigabitEthernet0.1 encapsulation dot1Q 10 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled!         interface BVI1 ip address 192.168.173.2 255.255.255.0 no ip route-cache!ip radius source-interface BVI1 bridge 1 route ip
    thanks so much!

    Stefano: not sure if related but there is an unsupported attribute in the debugs:
    Jan 25 14:23:35.355: RADIUS:  AAA Unsupported Attr:
    *Jan 25 14:23:35.355: RADIUS:   57 69 66 69 45 41
    *Jan 25 14:23:35.355: RADIUS:  AAA Unsupported Attr: interface
    Try to eliminate any configured attributes on radius except those in IETF radius. Then try again.
    You may also chech by removing the shared eap as suggested above. Let us know if this works.
    Sent from Cisco Technical Support iPad App

  • Sharing Linksys Wireless Print Server with MAC and PC - How to do?

    I have lost the capability to share a printer on my network by using the Linksys Wireless Print Server-model number WPS54G -V2. Prior to having to return my previous Print Server on an RMA, I was able to use the MAC and PCs on my network. I have a PowerGook G4 with MacOS X 10.4.10. I also have a Airport Extreme Base Station V5.6. The printer on the network that is being shared is an Epson Stylus Photo 820. Recently, when trying to reconfigure the network, I updated the software on the Airport Extreme...so I think after that, I am no longer able to share this printer using current network configuration. As information, I will share how I got the network to share the printer BEFORE I had to replace the previous Print Server and BEFORE I updated the Airport Extreme. Please see this link:
    http://www.macosxhints.com/article.php?story=20050406151311940
    Even though this was for a different type of Print Server, this worked for me.
    When reconfiguring the new Print Server, I contacted Linksys...as had some difficulty until I found out how to assign a static IP to the new Print Server. When trying to talk to them about the Mac issue, and sharing the printer, they shared this link with me...which may be helpful to some, but I found that this does not work for me...
    http://www.macosxhints.com/article.php?story=20060404021600193
    I have been trying to work through the issue, but feel I may now have some compatibility issues between the Airport Extreme and the Epson printer.
    Further details are that I use 10.0.1.78 for the assigned IP address for the Print server. My router (which is the Airport address) is 10.0.1.1. I have tried IPP printing option, LPD printing option...and IPP printing at least returns a status on the Print Server as "printing" as opposed to "idle". I have checked the Print status on the Mac, and I have received two (2) different error messages as to why the print job failed. They are:
    "the process "picwpstops" stopped unexpectedly with status 1"
    and
    "the process "rastertoprinter" stopped unexpectedly with status 1"
    The latter happens when I follow the instructions on the second link I attached on this topic...with the only change being that I select IPP printing as opposed to LPD printing.
    Anyone that has any insight into HOW to configure the mysterious settings for Mac OS printing so that it can be compatible with a Wireless Print Server, please feel free to comment. In the meantime, I am thinking that the links above could help some people...just not me at this point given my current configuration and versions of software/firmware and perhaps the printer I am using.
    Greatly appreciate your consideration, and any suggestions to anyone that might understand what these error messages mean when checking the printer status after sending a file for printing.
    Thank you

    1. No, you don't have to make a bootable clone.
    2. If you use the drive for a bootable backup, then you cannot use the drive for other types of storage unless you partition the drive and make more than one volume.
    3. No, it will not try to boot the computer. You must designate the startup volume using Startup Disk preferences.
    If you wish to use the drive on both a Mac and a PC, then either you make two partitions - one for Mac and the other for the PC or you must format the entire drive using FAT32 so the drive can be used for read//write by both operating systems. If you do this then you cannot use the drive for a bootable backup nor can you use it with Time Machine.
    FAT32 is slower for read/write on the Mac than using Mac formatting.
    Optimally, I would suggest you partition the drive into two volumes. One volume formatted for the Mac and the other formatted FAT32.
    You can send files from a PC to a Mac and vice-versa using File Sharing. Select Mac Help from the Finder's Help menu and search for "file sharing" or "sharing" to find help articles. Also see,
    Mac OS X 10.5 Help- Setting up a Mac computer to share files with Windows users
    Mac OS X 10.5 Help- Setting up a Windows computer to share files with Mac users
    Mac OS X 10.5 Help- Sharing with Windows computers

  • Want a New MBP with SL and wondering how the OS is fiaring

    hi-
    I have been waiting a little before I purchase a new MBP-especially since I had a hard time with the conversion over to Mac. At that time Tiger was the OS and I stopped upgrading at the last version of Tiger. I probably should have gone with Leopard but there is always more time.
    I am curious to hear how the OS has done and if the updates have dealt with the problems well. I would like to get a 17" MBP and of course this would b the OS that is installed on the MBP.
    I am open to learn before I buy, so in advance--thanks!
    I will throw this last question---well, I beter not.

    Take the time to learn about Snow Leopard. Be sure your applications are Snow Leopard ready. Check to see if you will be required to update. Verify that your hardware will still work. Printers have been a bit slow to get drivers for Snow Leopard. Have a backup that you can revert to if needed!!!
    Some links to get you started:
    Mac OS X 10.6 Snow Leopard: the Ars Technica review
    http://arstechnica.com/apple/reviews/2009/08/mac-os-x-10-6.ars
    Getting Ready for Snow Leopard: Installation Options, Backups, and What To Buy
    http://www.tuaw.com/2009/08/27/getting-ready-for-snow-leopard/
    Review: Snow Leopard
    http://www.macworld.com/article/142423/2009/08/snowleopardreview.html
    Snow Leopard's smaller changes
    http://www.macworld.com/article/142455-4/2009/08/snowleopardtweaks.html
    Upgrading to Apple's Snow Leopard OS: What you need to know
    http://www.computerworld.com/s/article/9137147/Upgradingto_Apple_s_Snow_Leopard_OS_What_you_need_to_know?source=CTWNLE_nlt_dailyam2009-08-27
    The Macworld Mac Basics Superguide, Snow Leopard Edition is an excellent guide.
    http://www.macworld.com/superguide/macbasicssnowleopard/

  • Connection with Netweaver and ECC6 how to??

    Hi SDNers
    I am doing research at the possibilities of SAP Netweaver CE 7.1, I want to set up a small "Live Demo" where my netweaver is connected with my ECC6
    For example, i made a process with some validations where i want to insert new employee data, like address Name, Last Name.
    How can i connect with my ECC6 so that the data I fill in is saved in SAP, I don't have much experience with SAP, I know I need a web service to make the connection if I'm right, how can I make / generate the web service.
    Can you give me some directions,
    Thanks
    Robin

    Robin,
    at sender you can use Webservice or File or any source to provide data to PI..
    lets take
    Webservice -->SAP PI 7.1 -->ECC 6.0
    At sender(Webservice )  you will use SOAP sender adapter  and reciever (ECC 6.0) you can use either RFC(Remote function call)  or ABAP Proxy..
    to have communication between PI 7.1 and ECC6.0 you should have the following..
    RFC Connections in SAP PI7.1
    SAP ECC6.0 -ABAP connection User: IDOC_BASIS
    INTEGRATION_DIRECTORY_HMI- HTTP connection to ABAP system - user: PIISUSER
    INTEGRATION_SERVER - User: PIAPPLUSER
    LCRSAPRFC- TCP/IP
    RFC Connections in SAP ECC6.0
    SAP PI7.1 - ABAP connection - PIAPPLUSER
    INTEGRATION_SERVER- Http connection to ABAP system- user: PIAPPLUSER

  • Need help with CoA and Radius

         I am going through a 2 year degree course for Network Design and Adminstration and I have an internship with the city I live in. I have been tasked to reconfigure over 150 layer 3 switches (all Cisco and ranging from 2960, 3560 to 3850 [the 3850's are new and will have an initial config when this is done])from TACACS+ to Radius. The gentlemen I work under has given me only one parameter, make it work. He wants me to do my own research and then configure both a 3560 and a 3850 in a lab enviroment first and then troubleshoot.
        I have a couple of questions...
              1) In the manual for the 3560 on page 10-37 under the CoA heading It says ".... This procedure is required". Does that mean if I am using radius I have to use CoA or is it if I use some of the other options such as VSA I have to use it? Also, I have read the geek speak for what CoA is but this may be a stupid question but can someone put it in a langauge an intermediate person can understand and explain why I would want to do this and is it a best practice?
              2) Any words of wisdom about do's and don'ts for this process?

    Good question.
    And the answer depends on the requirements of an environment.
    One example can be mentioned in the following scenario
    A user has access to specific devices (Devices A) in the network only during business hours. While it has access to other devices 24/7 (Devices B).
    If a user logged in to a device in group A just before end of buisness day, the user will be able to keep the session active after buisness hours until s/he exits or the session times out.
    Now, you can change the authorizatoin at the end of business day so that the user's session loses access to the group A devices and keep only access to group B.
    Another example can be that, you allow all users to your network to have internet only access. But allow only specific group to connect to the internal network. When a user authenticates you allow it directly in the VLAN X that allows the user for internet access only. Now, if the user is authorized and is a member of the internal group, you send a CoA message to the user to change its connection to VLAN Y that has access to both internal and internet access.
    Hope it clears the picture a bit.
    Amjad
    Rating useful replies is more useful than saying "Thank you"

  • URGENT- Exporting jpg from LR with title and captions: how?

    Hi,
    I need to email some pix before midnight.
    In LR metadata section I have info (title and caption). I did export pix as JPGs but can't find the info when I open the pictures now in a folder on my desktop.
    How can I make sure the info is attached to the photo? Should I uncheck "Minimize metadata"?
    Thanks for your help.
    jm47

    Thanks Hal. So there is no way to minimize the metadatea but keep the
    Title/Caption info?
    jm
    Le 1/03/10 21:05, « Hal P Anderson » <[email protected]> a écrit :
    Unchecking minimize metadata will do what you want.
    Hal
    >

  • TS3938 if i have stored items written in word documents with picture and text how can i open them and print/

    what other formats or apps can i now word processand cut and paste photos on ?

    Control click on your file> see your "Open With" options.

  • Help with lists and Numbers - how can I separate data from one column?

    I have a series of data entries that have two or three pieces of information listed in one column (it was a list copied from the Internet). My data is in this form all in one column (ie Column A):
    XXXX -- YYYY, ZZZZ
    I want to be able to easily split that data into three columns (A, B, and C) without having to go through and manually separate all of the entries? I'd ideally like to have XXXX in one column, the '--' removed, YYYY in another column, and ZZZZ in a third column, like this:
    Column A Column B Column C
    ====== ====== ======
    XXXX YYYY ZZZZ
    Is this possible? Any help is appreciated.

    BlooGoo
    Open or paste your material in your favorite texteditor. TextEdit will suffice but there are better applications. Make sure your material is consistent, especially that there are no stray characters or extra spaces studded in the text. You can do this by using the clean up routine as described below.
    1. Copy the set of characters you want to replace. In this case " -- " Note that there are spaces on each side of the dashes and you want to get rid of those.
    2. Open the *Find and Replace* dialogue:
    +Menu > Edit > Find > Find…+ (or command f)
    Paste the " -- " into the Find: field, then type a comma in the Replace: field or
    Copy and paste a tab from the document or
    Click on the Advanced button and enter a tab using the Insert… button that appears.
    3. Click *Replace All.*
    Repeat as necessary. If it doesn't seem to work, copy and paste the bits that stick, usually there is something not visibly different but different as far as the computer iust concerned.
    When you are finished save the results as a comma or tab delimited delimited .txt file and reopen it in Numbers.
    Peter

Maybe you are looking for