Wireless authentication through AD

Similar Messages

• Wireless authentication to a windows network

  IF this is the wrong group please let me know and I will re-post...
  I am trying to solve some problems authenticating to a windows network using a airport card....
  I keep getting a non-trusted certificate message after/during the 802.x authentication box..We are not using certificates, at least that is what the admin tells me...so I have logged in as root, opened keychain and set the certifcates in question to trust always for all settings...I log out and then relogin as a normal network account and I still get the message which I can click continue and now I have access..
  the other problem is that my home folder will not mount...I have to mount it manually through the finder..I am assuming this is because the airport network services are not running until I authenticate locally with a cached password....Is there a way to have the login window authenticate through airport so I can have my home directory mount automatically...
  thanks for your help...

  unfortunately there are severla problems with the solution and it really doesn't address the issue. I can't mount the volume on the dock as it won't mount, probably because it is the server itself that has been mounted, not the shared home folder. Also it might create a conflict by having an alias to the home folder that would conflict with the auto mounted home folder when I use the ethernet as a connection source. What I have is a multi-purpose machine.
  1) I use a hardwired connect at my desk...
  2) If I need to go somewhere that a port in the wall is not active, I can then use a wirless connection which allows me access to everything I need....
  What I need to do is get this working so that the rest of the area can use it as well....
  So the question still remains: Does the wireless authentication not mount the home directory because it is not tied into the login window. For example, in a hardwired case I login to the system and this authenticates me and mounts my home folder. When I unplug the ethernet cable and turn on ariport and log off I login to the login window but the 802.x box comes up and asks for my password....which then brings up a not trusted certificate. Which I have tried everyhting I know to make this accepted by the system, including logging as root and going into keychain and setting it to be trusted. This DOES not work. I still get the untrusted certifcate message and the home directory does not mount. So what I need is someone who is authenticating to a windows network using wireless. I have followed all the 802.x suggestions which include using only peap to authenticate through.
  I hope someone can tell me how to stop the untrusted certificate error and how to mount the home directories. It would seem that there should be some type of setting to make airport startup prior to the login window or be hooked into the login window and pas that through to the wireless authentication. This is beyond my experience as you can see...
  thanks

• Windows Client cannot connect to wireless LAN through EAP-TLS

  I have a Cisco Aironet Access point which cannot be authenticated by a remote RADIUS server to connect to wireless lan through EAP-TLS. These is the debug output from the AAA process.
  *Mar  7 10:56:56.337: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  7 10:56:56.369: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:56:56.385: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:56:56.385: dot11_auth_parse_client_pak: id is not matching req-id:1re
  sp-id:2, waiting for response
  *Mar  7 10:56:56.401: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: Received server response:
  GET_CHALLENGE_RESPONSE
  *Mar  7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
  esponse
  *Mar  7 10:56:56.785: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: Received server response:
  GET_CHALLENGE_RESPONSE
  *Mar  7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
  esponse
  *Mar  7 10:56:57.101: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: Received server response:
  GET_CHALLENGE_RESPONSE
  *Mar  7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
  esponse
  *Mar  7 10:56:57.397: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: Received server response:
  GET_CHALLENGE_RESPONSE
  *Mar  7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
  esponse
  *Mar  7 10:56:57.677: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: Received server response:
  GET_CHALLENGE_RESPONSE
  *Mar  7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
  esponse
  *Mar  7 10:56:57.957: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: Received server response:
  GET_CHALLENGE_RESPONSE
  *Mar  7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
  esponse
  *Mar  7 10:56:58.321: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: Received server response:
  GET_CHALLENGE_RESPONSE
  *Mar  7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
  esponse
  *Mar  7 10:56:58.685: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: Received server response:
  GET_CHALLENGE_RESPONSE
  *Mar  7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
  esponse
  *Mar  7 10:56:59.041: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:57:01.077: Client 0811.9650.8cb0 failed: reached maximum retries
  *Mar  7 10:57:08.997: %RADIUS-4-RADIUS_DEAD: RADIUS server 165.72.12.12:1812,181
  3 is not responding.
  *Mar  7 10:57:08.997: %RADIUS-4-RADIUS_ALIVE: RADIUS server 165.72.12.12:1812,18
  13 is being marked alive.
  *Mar  7 10:57:14.481: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  7 10:57:14.521: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:57:44.521: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
  n failed
  *Mar  7 10:57:44.801: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  7 10:57:44.829: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:58:14.829: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
  n failed
  *Mar  7 10:58:15.105: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  7 10:58:15.141: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:58:45.141: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
  n failed
  *Mar  7 10:58:45.425: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  7 10:58:45.449: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:59:15.449: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
  n failed
  *Mar  7 10:59:15.729: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  7 10:59:15.753: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:59:45.753: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
  n failed
  *Mar  7 10:59:46.009: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  7 10:59:46.037: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:59:50.077: Client 0811.9650.8cb0 failed: reached maximum retries
  *Mar  7 10:59:50.349: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  7 10:59:50.373: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 10:59:55.077: Client 0811.9650.8cb0 failed: reached maximum retries
  *Mar  7 10:59:55.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  7 10:59:55.361: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 11:00:00.077: Client 0811.9650.8cb0 failed: reached maximum retries
  *Mar  7 11:00:00.333: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  7 11:00:00.357: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 11:00:05.077: Client 0811.9650.8cb0 failed: reached maximum retries
  *Mar  7 11:00:05.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
  *Mar  7 11:00:05.365: dot11_auth_parse_client_pak: Received EAPOL packet from 08
  11.9650.8cb0
  *Mar  7 11:00:10.077: Client 0811.9650.8cb0 failed: reached maximum retries

  Kindly get verified the configuration and the compatibility if there is a mismatch. Please find the link below for more information on EAP-TLS functions in Access points and clients.
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml#wp39110

• Secure wireless authentication

  I have just been reading all the posts about secure wireless access and I am
  not happy with the direction Novell has chosen to take.
  I have been extremely pleased with Netware, GroupWise & ZenWorks but Novell
  is starting to loose it's appeal.
  Let me summarize what I have learned and see if I have made any mistakes
  with my understanding.
  1. Novell has stopped development on their Radius server and have no plans
  to resume development.
  2. Novell contributed code to the open source FreeRadius project.
  http://www.novell.com/news/press/arc...2/pr05008.html
  3. There isn't any Radius server with 802.1x authentication that runs on
  Netware (Netware kernel).
  a. Novell's Radius server (BMAS or the newer NMAS server) doesn't do
  802.1x authentication.
  b. I have contacted Funk and this is their reply. Steel-Belted Radius
  Server will run on Windows and Solaris (Linux is coming).
  http://www.funk.com/News&Events/sbr_linux_pn.asp
  c. MTG House hasn't gotten back to me about a solution for Netware. (I
  am doubtful, I didn't find anything on their website.)
  4. You need to run a Radius server that does 802.1x authentication and will
  work/integrate with eDir.
  a. FreeRadius (Linux) will integrate with Edir.
  http://www.novell.com/documentation/...ius/index.html
  http://www.novell.com/coolsolutions/feature/15383.html
  b. Funk's Steel-Belted Radius server (Windows, Solaris & Linux is in
  beta).
  http://www.funk.com/radius/default.asp
  c. Aegis Server
  http://www.mtghouse.com/products/aeg...er/index.shtml
  5. You need a 802.1x Client to authenticate to a Radius server for wireless
  authentication.
  a. Microsoft has 802.1x support in their client. (read this from other
  posts in this forum)
  b. Novell isn't planning on putting 802.1x support in the NW Client.
  (read this from other posts in this forum)
  c. There are 2 Radius clients that integrate with the NW Client for
  Radius Edir authentication.
  1. Funk's Odyssey Client ($45 - $50 per workstation depending on
  quantity) + added annual maintenance costs.
  $2281.25 for 50 Client licenses & annual maintenance.
  http://www.funk.com/radius/wlan/wlan_c_radius.asp
  2. Aegis' Client ($32 - $39.99 per workstation depending on
  quantity) + added annual maintenance costs.
  $2240.00 for 50 Client licenses & annual maintenance.
  http://www.mtghouse.com/products/aeg...nt/index.shtml
  http://www.mtghouse.com/novell_app_note_122204.pdf
  3. When FreeRadius is integrated with Edir is this separate client
  still needed?
  I didn't see anything about a separate client being needed while
  reading the Integrating FreeRadius with Edir documentation.
  6. FreeRadius support is going to be built-in to the next version of Edir.
  http://www.novell.com/news/press/arc...2/pr05008.html
  Why didn't Novell contribute code to port FreeRadius to Netware?
  At this point in time they are still giving us a choice between the Netware
  kernel and the Linux kernel. To me that says they are willing to make
  things work with both systems until they drop support for the Netware
  kernel. Ok, so give me support for 802.1x authentication in the Netware
  kernel. I don't have stray single purpose servers floating around my
  network and I don't want to have to begin that practice just to get Radius
  802.1x authentication working.
  I also won't put my district at a disadvantage by upgrading to the Linux
  kernel until I know Linux well enough to administer it properly. I am the
  IT department at this district so I don't have a great deal of extra time to
  run about learning the new things I would LOVE to learn. I'm sure I'm not
  the only person in this situation so Novell should take these things into
  concideration before they just drop support for a product they say they are
  still supporting. Obviously all of the real support is going toward the
  Linux side at Novell.
  Daniel Blake
  Milford Central School

  Ok, I'll give them the benefit of the doubt and say fine the Netware kernel
  might as well be considered dead. So they are giving me support via
  FreeRadius if I just migrate to OES (Linux). Ok, I might/can live with that
  as a Novell decision.
  But that still doesn't explain why they don't give us some client to log in
  via 802.1x. Giving us the server but not the client is like giving us a
  locked door without a key. That's just plain stupid. I would rather stay a
  Netware - OES shop, but if Novell can't think something this simple through
  then I'm a little nervous about staying with them. What could they think up
  next?
  I guess Novell has decided to port all it's software to Windows cause it
  sucks so bad at business decisions. GroupWise & ZenWorks run completely on
  Windows now, so why do I need OES at all? Except for complexity &
  integration issues of course. I mean why would I need to purchase Edir for
  Windows if I didn't stay with OES? Or Nsure Identity Manager for that
  matter. So if we start looking deeper into this we see Marketing all over
  this thing. Novell Marketing has always done such a good job for Novell.
  Novell has given me a real choice that will work though. If I migrate
  completely to a Windows network it just works without any added costs. Heck
  it even makes my installs easier without having to install the NW Client on
  every new workstation. I can still run ZenWorks & GroupWise too.
  Now, how is Novell Marketing going to screw up and make me hate GroupWise &
  Zenworks so I migrate completely away from Novell products? Way to go
  Novell!
  Daniel Blake
  Milford Central School
  "Jim Michael" <[email protected]> wrote in message
  news:[email protected]...
  > mcsdtech wrote:
  >
  >> 1. Novell has stopped development on their Radius server and have no
  >> plans to resume development.
  >
  > Correct, so far as we know.
  >
  >> 2. Novell contributed code to the open source FreeRadius project.
  >> http://www.novell.com/news/press/arc...2/pr05008.html
  >
  > Yes. Code to allow easier integration with eDirectory.
  >
  >> 3. There isn't any Radius server with 802.1x authentication that runs on
  >> Netware (Netware kernel).
  >
  > Correct.
  >
  >> a. Novell's Radius server (BMAS or the newer NMAS server) doesn't do
  >> 802.1x authentication.
  >
  > Correct. It was developed quite a while before 802.1x even existed.
  >
  >> b. I have contacted Funk and this is their reply. Steel-Belted
  >> Radius Server will run on Windows and Solaris (Linux is coming).
  >> http://www.funk.com/News&Events/sbr_linux_pn.asp
  >
  > Correct, but Stell-Belted Radius is probably the last solution I would
  > look at. Radiator is a commercial product that runs on Linux or Windows
  > (it is Perl-based) and you will get far better support from them on
  > eDirectory issues and general Radius problems. freeRADIUS is what I would
  > run on Linux if you don't want to spend a dime on the software.
  >
  >> c. MTG House hasn't gotten back to me about a solution for Netware.
  >> (I am doubtful, I didn't find anything on their website.)
  >
  > Not familiar with them.
  >
  >> 4. You need to run a Radius server that does 802.1x authentication and
  >> will work/integrate with eDir.
  >> a. FreeRadius (Linux) will integrate with Edir.
  >> b. Funk's Steel-Belted Radius server (Windows, Solaris & Linux is
  >> in beta).
  >
  >> c. Aegis Server
  >
  > And Radiator (what I run) http://www.open.com.au This is the solution we
  > run.
  >
  >> 5. You need a 802.1x Client to authenticate to a Radius server for
  >> wireless authentication.
  >
  > Correct.
  >
  >> a. Microsoft has 802.1x support in their client. (read this from
  >> other posts in this forum)
  >
  > Correct. Technically, the "support" is in Windows, not the MS client.
  >
  >> b. Novell isn't planning on putting 802.1x support in the NW Client.
  >> (read this from other posts in this forum)
  >
  > Correct.
  >
  >> c. There are 2 Radius clients that integrate with the NW Client for
  >> Radius Edir authentication.
  >> 1. Funk's Odyssey Client 2. Aegis' Client ($32 - $39.99 per
  >> workstation depending on
  >
  > Correct.
  >
  >> 3. When FreeRadius is integrated with Edir is this separate
  >> client still needed?
  >
  > Yes. You ALWAYS need a 802.1x supplicant (client) on the workstation.
  > Windows has one built-in, which works FINE against eDirectory. HOWEVER,
  > because of the way it works you must log into eDirectory *after* fully
  > logging into windows. That is unacceptable to most organizations (you
  > would have to manually log in and map drives to NW, etc). This is why
  > there are third-party clients that integrate specifically with the NetWare
  > client.. they allow the 802.1x authentication to "insert" itself
  > in -between the Windows and eDirectory login, thus preserving all of the
  > normal features like dynamic local user, zen policies, etc.
  >
  >> I didn't see anything about a separate client being needed
  >> while reading the Integrating FreeRadius with Edir documentation.
  >
  > A client is always assumed.
  >
  >> Why didn't Novell contribute code to port FreeRadius to Netware?
  >
  > Because Novell's future direction is Linux, and there isn't much demand
  > for a NetWare Radius server.
  >
  >> At this point in time they are still giving us a choice between the
  >> Netware kernel and the Linux kernel. To me that says they are willing to
  >> make things work with both systems until they drop support for the
  >> Netware kernel. Ok, so give me support for 802.1x authentication in the
  >> Netware kernel. I don't have stray single purpose servers floating
  >> around my network and I don't want to have to begin that practice just to
  >> get Radius 802.1x authentication working.
  >
  > You can always make your wishes known at
  > http://support.novell.com/enhancement
  >
  >> I also won't put my district at a disadvantage by upgrading to the Linux
  >> kernel until I know Linux well enough to administer it properly. I am
  >> the IT department at this district so I don't have a great deal of extra
  >> time to run about learning the new things I would LOVE to learn. I'm
  >> sure I'm not the only person in this situation so Novell should take
  >> these things into concideration before they just drop support for a
  >> product they say they are still supporting. Obviously all of the real
  >> support is going toward the Linux side at Novell.
  >
  > I understand the frustration, but I doubt things will change. There is a
  > big difference between "supporting" existing products and adding major
  > enhancements to products to support new standards. I just don't think
  > Novell believes it is worth dedicating development resources to enhancing
  > Radius on NetWare, for those few that can't/won't run a Linux or Windows
  > box where the software already exists.
  >
  >
  > --
  > Jim
  > NSC SYsop

• WLAN connection: authentication through captive po...

  Access to some Wifi hotspots requires an authentication through captive portal (ID and password must be entered on a special web page). Everything works on my E65 except that I did not find the method to avoid to retype my ID and password every time I try to connect. Any idea ?

  Hello,
  I've a e61i and I experience a similar problem. My phone work very well on WiFi network with no encryption as well as 64-bit wep.
  At home I've 2 wireless routers, both encrypted at 128 bits, one with WEP and the other with WPA. On both of them I can correctly obtain an IP thru DHCP, but the traffic do not go thru.
  By using IfInfo I think I discovered the reason of the problem (unless IfInfo is not working properly...) and it seems a bug related to the netmask, broadcast and gateway settings. The router is 192.168.15.1 and this is what I get:
  1) DHCP case -- I get two IP adresses: the 169.254.x.x and the one assigned to the router. DNS is also set properly, but both gateway, broadcast and netmask are set to 0.0.0.0 for both IPs.
  IP Addr: 169.254.162.106
  Netmask: 0.0.0.0
  Broadcast: 0.0.0.0
  Gateway: 0.0.0.0
  DNS1: 192.168.15.1
  IP Addr: 192.168.15.100
  Netmask: 0.0.0.0
  Broadcast: 0.0.0.0
  Gateway: 0.0.0.0
  DNS1: 192.168.15.1
  2) Static IP 192.168.15.64, netmask set to 255.255.255.0 and gateway and DNS set to 192.168.15.1. The 169.254.x.x disappears and I get only one IP which is set to:
  IP Addr: 192.168.15.64
  Netmask: 0.0.0.0
  Broadcast:192.168.15.255
  Gateway: 192.168.15.1
  DNS1: 192.168.15.1
  So in conclusion, it seems that with 128bit encryption, in the DHCP case gateway, broadcast and netmask are not assigned correctly! While in the Static IP case the netmask is still not assigned correctly!!!
  Hope this can help...
  --AP

• How to capture userinfo after a partner application is authenticated through SSOSDK?

  I have successfully installed and deployed the Partner application for Portal using SSOSDK. My question is, once the user is authenticated through SSOPartnerServlet.java and gets thrown back to the partner app(PAPP), how do we get the user info(i.e. username) from the PAPP?
  Is there an API?
  I have already asked this question from oracle tech and they told me to post it
  Thanks,
  Hamid

  Pass the name of a subrotine to handle your user commands to the fm parameter.
  I_CALLBACK_USER_COMMAND = 'USER_COMMAND'.
  Then code for the user command function,
  form user_command using r_ucomm type sy-ucomm.
  case r_ucomm.
  when '<FCODE of your button>'.
  Code your logic....
  endcase.
  endform.
  To add your button using your own pf-status, you should copy a standard gui status and modify it.
  To trigger this pf-status you should pass routine name to I_CALLBACK_PF_STATUS_SET.(I_CALLBACK_PF_STATUS_SET = 'SET_PF_STATUS..)
  form set_pf_status.
  set pf-status 'ZSTAT'.  "THis ZSTAT must be created by copying a STANDARD pf-status of say some std program like SAPLKKBL. and then modifying it.
  endform.

• Set up a Foscam wireless webcam through BaseStation 7.71 inside and outside of my home network.

  I bought a X10 wireless Security Camera last year and it took me months to figure out how to set it up to access the video both inside my home and through my iPhone remotely, even on my Mac at my office.  I thought I would provide my process of getting this done to help those trying something similar.  Yes the X10 camera works as a Foscam Camera.  I am very happy with the result.  The biggest  challenge was Port Forwarding the Apple Basestation but now that I figured it out, it is easy.
  "How I set up a Foscam wireless webcam through Apple Hardware and software to work inside and outside of my home network seemlessly."
  What you need:
  -Foscam or compatible camera, (iPad or iPhone or Mac or better all three)!
  -Service Provider Router.
  -Apple Base Station, Extreme or Express. 7.71
  -'ip scanner' (software for Mac, app for iPad/iPhone.
  -CCTV Camera pros port scanner app for iPhone.
  First REMOTE ACCESS
  Go to www.dyndns.org and set up an account. For about $20/yr you can have 30 host websites.  Write down the user name and password as you will need it later.
  You need  this service to have a stable website to see your camera outside your network later as 'ip' addresses can change but this site will remain stable.
  Then after you log back in, create a 'host website' from the menu.  When you are creating the host site, dyndns will give you lots of web address choices or you can create your own. Just pick one. Also, you will need the 'ip' of the server where the camera will be. Luckily the dyndns website tells you this, just select it. Write down the web address, click create and you are done this part.
  Next you need to set up the camera.
  CAMERA SET UP
  Using an Ethernet cable, connect your Apple Base Station to your web cam.
  You will need to run 'ip scanner' to see the 'ip' address for the web cam. Write down the 'ip'. Select it, then select "open device in".  Pick browser.
  A web page will be launched and you are given 3 choices. I picked the middle, 'push browser'.  You are then asked for the user name and password for the camera. By default the user is 'administrator' and there is no password. Just click log in. You now will see a menu along the left, at the bottom it should say 'device management'. Select that. Another page will show and there are several important things to do here.
  1. Alias - give a name to the camera.
  2. Set the time from a server.
  3. Users - set a user and password. Write this down as you will need it.
  4. Basic network. Either check to 'Obtain IP from DHCP Server' or specify an IP you want to stay the same. You need the subnet and main DNS server and the Gateway (same thing like 192.168.0.?or 10.0.0.? or 172.16.0.?)
  Decide on a port you want use. Write this down. The camera will reboot, you will need to log in. In the browser enter IP then : the port#.  Like 192.168.0.?:80 you will need the camera user name and password.
  5. Wireless-scan for the nearby network list. Pick your network, enter your password, click submit. It will reboot.
  6. UPnP-check to use.
  7. DDNS Service (this allows remote viewing) pick DynDns.org
  Enter your DynDns user name and password.
  Enter the long DynDns Host website you wrote down. Click Submit. It will reboot. 
  APPLE Basestation set up
  Run Airport Utility on Mac or iPad or iPhone.
  Tap basestation, tap edit, tap advanced, tap Port Settings, tap 'new entry', in description enter a name, enter HTTP port number you picked when setting up the camera in all 4 spots: public and private UDP and TCP. Enter the IP address you picked in the camera setup. Click done and again until the Basestation updates.
  Run the CCTV app, pick 'tools', pick 'Port forwarding Checker'. Enter the port you selected to see if it shows open then you are good. If not go back through the steps.
  Set up Foscam App on the iPad and iPhone.
  Run App, tap Add Camera,
  Label- enter a name
  User- Camera user name
  Password- Camera
  Local camera address-the IP address eg 192.168.0.?
  Port- the one you specified.
  If it connects you will see the chain turn green.
  Remote address- the long one from DynDns.
  Port- the one you specified.
  If it connects you will see the chain turn green.
  Tap done.
  If everything is entered correctly it will all work.
  Trouble shooting, make sure the IP address for the camera is listed correctly in the Apple Router.  If it changes on the network, just go into the Airport Utility and update that.  Also make sure the dyndns address is correctly listed in the Camera set up.
  If questions, just let me know.

  Ok.. you have to work out the way you are going to access the TC..
  There are basically three methods..
  1. Direct access using AFP.. you need a static public IP and the TC as the main internet router.. then you need to turn on internet access and password the hard disk. The college has to have port 548 open.
  If you do not have a static public IP then you can use ddns service but there is no client in the TC.. so you will have to figure out a way to update the service.
  2. Use BTMM with icloud. This is the Apple method. It actually uses vpn..(the vpn is locked to apple use only but it is not available to end user).. The requirements are 7.6.1 firmware and lion or ML on a Mac computer. I am not sure of the ports because the link to the Apple cloud is separate from the vpn to your home system.
  3. VPN.. that means you need to bridge the TC and use a decent quality vpn modem / router or combo thereof.
  VPN are not for the faint of heart.. it can take a lot of work to get running but offers the best security.. you will need to change the network equipment in your house more than likely.. using a pc / mac as a vpn server is possible.. but messy.
  There are also easy ways to at least access the home computer.. teamviewer for example. This is likely blocked by the college though.
  Double NAT is where you put a router on a private IP behind another router on a private IP.. that makes port forwarding close to impossible.

• Cannot use SASL Authentication Through GSSAPI on DS 6.3

  I try to kerberized DS 6.3. I do step by step instruction from "Sun Java System Directory Server Enterprise Edition 6.3" and it doesn't work.
  When I try to configure the Directory Server to Enable GSSAPI I get an error:
  modifying entry cn=SASL,cn=security,cn=config
  ldap_modify: DSA is unwilling to perform
  ldap_modify: additional info: Modification not allowed on attribute dsSaslPluginsPath
  After all when I try to authenticate to the Directory Server i get response:
  ldap_sasl_interactive_bind_s: Authentication method not supported
  ldap_sasl_interactive_bind_s: additional info: sasl mechanism not supported
  Logs file:
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=-1 msgId=-1 - fd=22 slot=22 LDAP connection from 10.3.233.4:33054 to 10.3.233.4+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=0 msgId=1 - BIND dn="" method=sasl version=3 mech=GSSAPI+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=0 msgId=1 - RESULT err=7 tag=97 nentries=0 etime=0, sasl mechanism not supported+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=1 msgId=2 - UNBIND+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=1 msgId=-1 - closing from 10.3.233.4:33054 - U1 - Connection closed by unbind client -+
  +[22/Sep/2008:10:28:12 +0200] conn=2 op=-1 msgId=-1 - closed.+
  system specyfication:
  Solaris 10 x86 64-bit
  DS 6.3 B2008.0311.0212 NAT

  See http://forums.sun.com/thread.jspa?forumID=761&threadID=5202246 for a description of the problem and a workaround.
  If you have a Sun support contract, you can request an escalation of CR 6637404.
  Also, note that it looks like part of the documentation went missing. In DS5.2 the docs included an additional step
  Chapter 11 Implementing Security
  Configuring Client Authentication
  SASL Authentication Through GSSAPI (Solaris Only)
  http://docs.sun.com/source/816-6698-10/ssl.html#18500
  ldapmodify -D 'cn=directory manager'
  dn: cn=SASL,cn=security,cn=config
  changetype: modify
  add: dsSaslPluginsEnable
  dsSaslPluginsEnable: GSSAPI
  replace: dsSaslPluginsPath
  dsSaslPluginsPath: /usr/lib/mps/sasl2/libsasl.so
  modifying entry cn=SASL,cn=security,cn=config
  ldap_modify: DSA is unwilling to perform
  ldap_modify: additional info: Adding attributes is not allowed
  -------------------------------------------------------------

• PL SQL Web Service Authentication through LDAP

  I have created one PL SQL Web Service and I would like to provide token security through LDAP.
  I have configured LDAP for deployed webservice in oracle IAS 10.1.3 Service.
  Problem Description: <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://dbconnection1/MobileWebService.wsdl/types/"><env:Body><env:Fault><faultcode>env:MustUnderstand</faultcode><faultstring>SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security</faultstring></env:Fault></env:Body></env:Envelope>
  I have provided LDAP authentication through oracle iAS Setup.
  Please help

  Hi I am looking out for a good friend of mine, Rajeev Dave from Vijaywada, if your the one, please email me [email protected]
  thanks,

• 802.1x wireless authentication with certificates

  Hi.
  I have configured and working 802.1x authentication with certificates for Wired connections. with no problem.
  when i try to authenticate the same machine with 802.1x and certificates , on Wirelss, the ACS rejects it  with:
  "12520  EAP-TLS failed SSL/TLS handshake because the client rejected the ACS local-certificate."
  the ACS is the same, the certificate the same, and the root ca is the same.
  what's hapenning????
  Antero Vasconcelos

  What supplicant are we using for wireless authentication? Do we have complete chain of certificates installed on the client machine? Can you check if we have root CA/intermediate correctly installed in client and ACS.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• How to do .1x port based network access authentication through ACS

  How to do .1x port based network access authentication through ACS.

  Hi,
  802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.
  In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.
  To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html
  To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005
  Regards,
  Kush

• 802.1x Wireless Authentication

  Hello
  I am using a MS Certificate Server and MS Radius server with 802.1x Wireless Authentication. When the macs Authenticate I get a warning so to speak and the Cert will not save or trust. I have enter it in as a 509 anchor and other and still the same thing. Is anyone out there doing this.
  The windows says
  801x Authentication
  The Server Certificate could not be validated becuase the root certificate is missing.
  Thanks

  No, CA wasn't changed with R2.
  Are you able to see the User's certificate in the Keychain app under the login keychain & My Certificates? Can you see the CA's certificate under the X509Anchors?
  In the login keychain, when looking at the Users certificate, does it show as valid?

• OBIEE 11.1.1.6.2 BP1 authentication through Shared Services EPM 11.1.2 .2

  Hi,
  Any idea how to get the authentication in OBIEE through Shared Services to work?
  We use Native Directory and MSAD in SS, hence we need to get the authentication through Shared Services.
  We were able to run this on EPM 11.1.1.3 through LDAP server of Shared services port 28089, surely not working now.
  I've tried both of the following but still no luck:
  http://gerdpee.wordpress.com/2011/06/17/oracle-weblogic-and-hyperion-shared-services-11-1-1-3/
  http://gerdpee.wordpress.com/2011/06/17/integration-sort-of-of-obiee-11-1-1-5-and-hyperion-shared-services-11-1-1-3/
  Please help. Many thanks!!!
  Cheers,
  Steve

  Hi Steve,
  I have not been through this, but hope this helps you though. While we run the System configurator Wizard (EPM 11.1.1.2), we are now having an option to integrate EPM with OBIEE. Have you given it a shot?
  I am just thinking, if we could had it configure for us, we could directly access the Subject Areas from OBIEE, just like what Mark had mentioned here : http://www.rittmanmead.com/2009/01/epm-workspace-111-and-obiee-10134-updated/
  You could further look into the "SSO using CSS Token" field in the connection pool, too.
  Hope this helps and I will let you know, if I have any other information.
  Thank you,
  Dhar

• ACS user authenticating through Windows Database

  Hello,
  Please, i need a document/ guideline on how to configure ACS 4.2 user authenticating through Windows Database and the ACS server is running on an appliance.
  Please, help.
  Regards,
  Ethelbert

  Hi,
  If you delete the user in AD, then it would not authenticate the user even if the dynamic mapped user exists in the ACS database, as the password would not be verified from the AD for the user.
  The dynamically mapped user entry would still exist in ACS and would not get deleted if the user is deleted from AD.
  tnx
  somishra

• Wireless Authentication

  Hello
  I am using a MS Certificate Server and MS Radius server with 802.1x Wireless Authentication. When the macs Authenticate I get a warning so to speak and the Cert will not save or trust. I have enter it in as a 509 anchor and other and still the same thing. Is anyone out there doing this.
  The windows says
  801x Authentication
  The Server Certificate could not be validated becuase the root certificate is missing.
  Thanks

  You've posted in the wrong forum. This is Feedback about Discussions. Try Networking and the Web maybe.