Wireless Security and Novell Client

To all,
I am currently looking to upgrade our existing Network Infrastructure toa secure 802.11b network and we have purchase Cisco Secure ACS. We plan to use LEAD with our system and require a radius sign-on using our Novell Client. The problem I have is planning this and how I can setup the workstations. We use ZEN Works for our management of workstations and this means that the Novell client must be the primary sign-on. How can I get the Novell client to be the primary sign-on and still use LEAP? The Novell client requires a network connection before it can bring up a login screen. Any thoughts or tips would be greatly appreciated. Have a great day!
Adam Osterholt
Network Manager
The Children's Medical Center
Dayton, OH

We have the same configuration here at my place of work (Novell, ACS, ZEN,etc). In my testing it depended on the OS that the client was using. On the win95/98 clients I had to set the primary login to the Novell client but save the LEAP user name and password in the wireless profile within the ACU on the client. During the client boot up, the LEAP username logs in automatically and the Novell login screen appears for login. I could not get it to work properly with prompting the user to enter their LEAP username/password. This process only work as login as my ACS server database was local to the ACS server. If the ACS server is set to use an NT domain as its user DB the LEAP auto-login did not work....
I did not have this problem with win2000 or winXP clients.
Hope this helps.
Rob

Similar Messages

  • Login intermittently slow with ZCM agent AND Novell client

    We continue to struggle with intermittently slow logins in our environment. In testing, we noticed that logins are very fast (10-20 seconds) when only the Novell Client is installed, and very fast (~10 seconds) when only the ZCM agent is installed. However, when they are both installed, logins slow down, sometimes to 1.5 minutes or longer.
    We have checked DNS and rDNS, and they are both configured properly. SLP is working properly as demonstrated by the fast logins when only the client is installed. We use LDAP for user lookup, and it also works very fast to resolve user names (~ 1 second).
    We are using ZCM 10.3.1, and the client is fully patched as well (both Novell Client 2 and 4.91)
    Are there any specific settings (for the ZCM agent or the client itself) that might address this issue?

    My apologies, I told you to remove the wrong thing.
    I should have said NMAS instead of CASA.
    I am just so used to saying CASA when talking about ZCM.
    In regards to NMAS, you could simply rename "NWSSO.DLL" as a test.
    If NMAS is installed which is tested by the existence of this DLL, then
    a certain NMAS call is always made, which in some cases can take a long
    time.
    On 11/9/2010 12:06 PM, dshofkom33 wrote:
    >
    > craig_wilson;2042688 Wrote:
    >> Try removing CASA from the device and see if that makes a difference.
    >> A TID will be out on the issue soon.
    >>
    >> On 10/5/2010 4:36 PM, kjhurni wrote:
    >>>
    >>> Hmm, I will have to try that. I've only observed that with ZCM
    >>> installed (with Novell Client 4.91 SP5 on XP) that the login time
    >> goes
    >>> from about 12-15 seconds to about 50-70 seconds.
    >>>
    >>> But I've not tried "just" the ZCM agent.
    >>>
    >>>
    >>
    >>
    >> --
    >> Craig Wilson - MCNE, MCSE, CCNA
    >> Novell Knowledge Partner
    >>
    >> Novell does not officially monitor these forums.
    >>
    >> Suggestions/Opinions/Statements made by me are solely my own.
    >> These thoughts may not be shared by either Novell or any rational
    >> human.
    >
    > I removed CASA and now I cannot sign into ZCM. I get the "unable to
    > login to network because the login credentials are incorrect" Windows
    > Security Message. Any ideas?
    >
    >
    Craig Wilson - MCNE, MCSE, CCNA
    Novell Knowledge Partner
    Novell does not officially monitor these forums.
    Suggestions/Opinions/Statements made by me are solely my own.
    These thoughts may not be shared by either Novell or any rational human.

  • Wireless security with zero client configuration

    Dears,
    i have a client that needs to have 802.1x based wireless security with zero configuration at his smart-phone devices , just needs to select the ssid prompt for authentication ,login by his domain account and that's it .
    is it possible ?

    You can find examples on the Internet depending on what Radius server your using.
    Here are some:
    http://www.labminutes.com/sec0095_acs_wireless_dot1x_peap_eap_tls_machine_authentication_2
    http://networklessons.com/wireless/peap-and-eap-tls-on-server-2008-and-cisco-wlc/
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • DHCP Conflict between ZfD 4 Agent and Novell Client

    I am having problems with the use of Novell Client versions that support
    DHCP settings tab (Tree, Context, Server).
    This is in this board because my problem is only reproduced when ZENworks
    for Destkops 4 (IR5 and IR7) Workstation Management component is installed.
    THe problem is this:
    Every now and then, logging in with the novell client displays 886f errors
    in the login results window, and other strange communication errors.
    If I release and renew the IP, it works fine after that.
    If I reboot, there is a chance I get the same problem.
    This absolutely does not happen when I have the two options for DHCP
    settings in the Novell Client unchecked (Server->Binary Data).
    Now, is ZfD Workstation Manager getting the Preferred Server IP from DHCP
    as well during system startup? Is this clear? Happens on both Windows
    2000 and Windows XP.
    I have no access to the router serving DHCP so I don't know the details on
    that end.

    There was (is?) a conflict that is supposed to be solved,
    but I'm not 100% convinced that is true. Since I always
    use Client32 I remove novdhcp.dll in my ZfDAgent transform,
    even now with ZDM7 because I've seen the "semaphore" error
    there too if I don't.
    See:
    http://support.novell.com/cgi-bin/se...?/10090994.htm
    http://support.novell.com/cgi-bin/se...?/10093676.htm
    http://support.novell.com:80/cgi-bin...?/10091089.htm
    Regards
    Rolf Lidvall
    Swedish Radio (Ltd)

  • GW 2014 and Novell Client

    Hi,
    since we upgraded to GroupWise 2014 SP1 HP1 some (but not all) of our users
    (still GW 2012 Clients) complain that they have to authenticate twice,
    Novell Client and GroupWise.. is there a change because of the decoupling of
    GW and eDirectory? Something to be aware of? I did not find anything in the
    docu...
    Thanks,
    Mirko

    Massimo Rosen wrote:
    > Mirko,
    >
    > Am 09.04.2015 um 13:44 schrieb Mirko Guldner:
    >>
    >> I verified this...
    >>
    >> We have "Use eDirectory Authentication instead of password" set and
    >> locked on the domain level.
    >
    > Well, that explains then why the option isn't there in the client.
    Ah, ok, I see that now. Then possibly it was the other options that my
    collegues sometimes saw - I think I didn't ask precisely...
    > Which basically leaves the idea that somehow the association between GW
    > and eDir user got lost/broken.
    What is the best way to check this? If "Sychronize" in Admin Console updates
    "Contact information" correctly the association should be all right,
    shouldn't it? Additionaly I check LDAP DN in "Diagnostics". I did not see
    any problems there.
    I seems that only users with clients before 12.0.3 HP1 are affected; as soon
    as users upgrade to 12.0.3 HP1 or 14.0.1 HP1 login works as before.
    Thanks,
    Mirko

  • Question about wireless security and setup.

    Ok, I have a pretty long house and my router is in the garage and I want wireless access in my bedroom. Here's the deal. Coming from the wall I have cable modem plugged into a WRT54g. That feeds 5 or 6 different WIRED PC's on that side of the house, but the other side isnt wired. So 1/2 way across I have a WRE54G setup as a range extender to reach the bedroom. I just bought a WUSB11 because the pc in the bedroom has no open PCI slots, and doesnt need the speed of G so a B connection should be fine. If I turn off all security everything is ok, everybody gets connected, including the neighb's. So I turned on WEP in the router WRT54G, it generates 6 keys I setup the WRE54G from my laptop sitting right next to it, and I enabled WEP in that as well, so I enabled WEP there and entered key #2 from the list supplied by the WRT54G, key#1 went into my laptop, which connects just fine. HOWEVER in the bedroom the WUSB11 sees the network just fine, but no matter WHAT key I enter into the WUSB11 it will NOT connect in anyway. anyone have ANY ideas? I would REALLY love to have this working and I would HATE to have top turn off my security, I really dont like o tust ny neighbors. thanks j

    thanks wizzard, now I had a chat going with linksys tech support and they suggested that the WEP keys in all THREE devices be the same. now I may have left out of my original message the fact that key #1 that was generated by the router, is currently being used in an ACER laptop that has a NON linksys G device, and it connects just fine. so should EVERYTHING on the wireless be using the same key? and oobviously the same transmit id (1) thanks for your help j

  • Cisco ASA 5505, Cisco VPN Client and Novell Netware

    Hi,
    Our ISP have installed Cisco ASA 5505 firewall. We are trying to connect to our Novell 5.1 server using VPN client.
    I installed VPN client on a laptop that is using wireless connection. I connect using wireless signal from near by hotel and I am able to connect to my firewall usinging vpn client and also able to login in using Novell client for XP.
    When I use same vpn client and Novell client at home that is not using wireless connection, but DSL connection amd not able to login or find the tree.
    The only difference in two machine is laptop using wireless connection and my home machine is using wired connection using DSL.

    If your remote end of the services in question support IPsec IKEv1 as the VPN type then, yes - the 5505 can be a client for that service. At that point it looks like a regular LAN-LAN VPN which is documented in many Cisco and 3rd party how-to documents.

  • Resetting and wireless security...

    hi there,
    last night i got my AEBS and after setting it up it worked fine and dandy. But today within the last hour i realised there is no wireless security when i could have sworn i set it up when i did the airport utility. so i went to set up wireless security and still on system preferences it does not show up that it has wireless security.
    Also after resetting the base station after clicking 'update' the base station doesnt usually reappear unless i manually reconnect to it.
    Any ideas?
    Thanks.
    oh and while i'm on here, I have connected my AEBS to my 802.11g/b router i used as it has a built in modem. The wireless network works fine on it and I have set my AEBS to 802.11n only, does this mean i am okay running both wireless networks?

    oh can i also just slip in there my macbook doesn't think my router has a wpa2 key even though i set it on my base station. my base station says wireless security is on. regardless of weather its in my keychain or not. i have changed it a fair few times...

  • AirPort Extreme 802.11n as a wireless router and local network switch?

    Good afternoon,
    I'm curious if its possible to have the APE in wireless network mode and connect systems via hard line as well?
    I have an AirPort Extreme 802.11n set to "Create a Wireless Network" mode that is attached directly to a cable modem for internet connectevity. My issue is that while all wireless devices (several iPods, two iPhones and three laptop computers) connect to the APE without issue (and have internet access), when I try to plug in a Windows 7 desktop computer via one of the ethernet jacks, Windows is unable to connect and shows the network as "unidentified," spitting back a private IP address as opposed to a local LAN (this behavior repeats for an Ubuntu Linux box as well).
    Not sure if the APE is misconfigured, this is a Windows 7 issue or if its improper use on my part (though this also precludes me from connecting a gigabit switch to the APE).
    Thank you,
    Nathan

    Properly configured, the AirPort should provide both wired and wireless network client with Internet access.
    At this point, I would recommend that you do the following as a minimum:
    Power-down the modem, AirPort base station, and computer(s).
    Power-up the modem; wait at least 10-15 minutes to allow it adequate time to initialize.
    Power-up the AirPort base station; wait at least 5-10 minutes. Note: The AirPort's status light may continue to flash amber after it has intialized. That is because, there may be some additional configuration items necessary, like setting up wireless security, before the overall setup is completed to get a green status.
    Power-up your computer(s).
    If the above steps do not solve the problem, start over with step 1 above, but then perform the next steps between steps 1 & 2. above.
    Disconnect the AirPort base station from the Internet broadband modem.
    While all of the devices are powered-down, perform a "factory default" reset on the base station. This will get it back to its "out-of-the-box" configuration and make setting it up much easier, especially if you use the "Assist me" process within the AirPort Utility. (ref: Resetting an AirPort Base Station or Time Capsule)
    After the base station resets, go ahead and power it back down.
    Reconnect the AirPort base station to the Internet broadband modem. For the Extreme and Time Capsule, be sure to connect the cable to the base station's WAN (circle-of-dots) port.
    Continue with step 2 in the first set of steps.
    In this basic configuration, the AirPort base station will broadcast an unsecured wireless network with a Network Name (SSID) of Apple Network NNNNNN. Network clients, connected to the base station either by wire or wireless, should now be able to access the Internet through the ISP's modem. Once Internet connectivity has been verified, you can use the AirPort Utility to configure the base station for wireless security and any other desired options. Please post back your results.

  • Guest wireless security

    My client concerns about the guest WLAN security, and the client would like the guest WLAN only access to the Internet and not its other vlans, specailly the server vlans. Could any one kindly provide the steps/methods to follow? BTW, the client uses cisco WLC 5508 and AP 3602i. Many thanks and kind regards,       

    You have to take care of that from the core side. You need to allow routing for that VLAN to outside only.
    The other option (which requires two WLCs) is to set up an anchor controller in the DMZ and tunnel guest traffic between your internal WLC and the anchor WLC in DMZ.
    read this: Wireless Guest Access FAQ
    Regards,
    Amjad
    Rating useful replies is more useful than saying "Thank you"

  • Trying to secure my wireless security

    I am trying to secure my wireless security and I keep getting the following error message "Execption has been thrown by the target of an invocation" can someone please help me with this?  Thanks

    yup.  we need more details as to what's the router you're using, what settings you've done (or if you are trying to access the GUI of the router you're using), etc.  so we could help you.
    "Don't fix it if it ain't broken."

  • WRT100 wireless security

    Last week I bought the WRT100 router.  It's kinda working (loss of signal and weak signal) so I'm not sure I want to monkey around with it but I was reading the user guide about wireless security and I am a little concerned.  Should I attempt to change the security settings to WPA or WPA2 and MAC filtering?  I'm not sure what this means but it sound like I need it not to get hacked.  Also will any of this slow down my connection wired or wireless.  Any suggestions. 

    Before you try to setup wireless security, you need to get your router working properly.  Leave your wireless unsecured for now, until you can get it working properly.
    1)  If you connect a computer to the router, by ethernet wire, do you get a properly working Internet connection?
    There are many causes for poor wireless connections, and many solutions:
    First of all, give your network a unique SSID. Do not use "linksys". If you are using "linksys" you may be trying to connect to your neighbor's router. Also set "SSID Broadcast" to "enabled". This will help your computer find and lock on to your router's signal.
    Poor wireless connections are often caused by radio interference from other 2.4 GHz devices. This includes wireless phones, wireless baby monitors, microwave ovens, wireless mice and keyboards, wireless speakers, and your neighbor's wireless network. In rare cases, Bluetooth devices can interfere. Even some 5+ GHz phones also use the 2.4 Ghz band. Unplug these devices, and see if that corrects your problem.
    In your router, try a different channel. There are 11 channels in the 2.4 GHz band. Usually channel 1, 6, or 11 works best. Check out your neighbors, and see what channel they are using. Because the channels overlap one another, try to stay at least +5 or -5 channels from your strongest neighbors. For example, if you have a strong neighbor on channel 9, try any channel 1 through 4.
    Also, try to locate the router about 4 to 6 feet above the floor, in an open area. Do not locate it behind your monitor or near other computer equipment or speakers. The antenna should be vertical.
    Also, in the computer, go to your wireless software, and go to "Preferred Networks" (sometimes called "Profiles" ). There are probably a few networks listed. Delete any network named "linksys". Also delete any network that you do not recognize, or that you no longer use. If your current network is not listed, enter its info (SSID, encryption (if any), and key (if any) ). Then select your current network and make it your default network, and set it to automatic login. You may need to go to "settings" to do this, or you may need to right click on your network and select "Properties" or "settings".
    If the above does not fix your problem, download and install the latest driver for your wireless card.
    Some users have reported improved wireless performance by switching from WEP to WPA encryption.
    If you continue to have problems, try the following:
    For wireless g routers, try setting the "Transmission Rate" to 54 Mbps.
    If you still have trouble, download and install the latest firmware for your router. After a firmware upgrade, you must reset the router to factory defaults, then setup the router again from scratch. If you saved a router configuration file, DO NOT use it.
    Report back with your results.  When you get your router working properly, we can proceed with setting up wireless security.

  • Removing Novell Client from Windows 7

    Hello,
    We have an issue with programs running slowly on our SUSE Linux server 11.0. We set up a test machine with Windows 7 without Novell Client and the same programs run extremely fast. (They run fast on a Windows 2008 server too with or without the client.) This is great for the new test machine but I have about 20 workstations that need to have the Client removed. If we remove it through control panel (both NICI and Novell Client - whatever version is installed) the programs are still slow. However, if we do a restore to the time before the Novell client was installed, the machine is fast. Because these machines have had the Novell Client installed for months, we cannot go back to an old restore point. Is there some registry file or other file that needs to be removed or changed to make the computer like it was installed without the Novell Client? I really do not want to have to rebuild 20 computers in order to fix this. I have researched the web and forums and cannot find any information about anything else that needs to be changed when the Novell client is removed. FYI - this is the same on our few Windows XP machines with the appropriate last updated Client on them.
    Any help would be welcome!
    Susan

    We have had many issues with the Novell Client / Windows 7. Here is what we have done to get to an acceptable point.
    We are running OES 11SP1 fully updated up until July (Getting ready to apply more updates), we are also talking about switching from CIFS to Samba as we have been seeing some weirdness with CIFS and NSS disconnects.
    OES11 SP1 - Primary File Server NSS with CIFS
    OES11 SP1 - DSFW/DNS Server for Domain Authentication for the CITRIX Servers, this server also runs ZCM 11.2.2 (Also going to update this as we need windows 8 support and the ZCM Agent has some issues at this level; however ZCM has a horrible way to apply updates and is time consuming)
    OES11 SP1 Squid Proxy With transparent user authentication using LDAP with SquidTrust. Also has NSS Shares
    Other servers exist as well.
    We standardized on Novell Client 2 SP3 or Greater. Currently SP3 IR3 is what is in use. But prior to SP3 the client had many issues for us.
    Also, We do not use Group policy with ZCM (We tried But it was painful and slow and policies would randomly just quit working / remove themselves) we reverted back to just digging in and finding the registry keys. If a key only existed in the Policy Section we put it there and do a GPUPDATE /force on login.
    Server Settings:
    Disable OPLOCKS
    Workstation Settings:
    NW Client Settings
    File Commit (Enabled)
    File Cache (Disabled) - NW Client Setting
    Name Services DNS / SLP Only (Default on the newer Netware Client)
    Win7 Machine Settings:
    Static DNS Server - Set to the internal servers only. No external server set. The win 7 machines for some reason would use the secondary DNS Server randomly instead of the primary, never really dug in on why but disabling / removing a public DNS Server as the secondary and adding in a second internal.
    MS Client For Microsoft Networks Remove, We tried changing the preferred order on the network adapters with no help. I believe the fact that we are running CIFS on the Server side the client is having issues with deciding on how to connect to the NSS Volumes when the client is installed. With the MS Client removed we see a huge improvement In the Novell client.
    Libraries Disable - Registry - We redirect Documents Folders and such and these libraries are wanting to index the locations. As the Libraries consist of multiple locations.
    Offline Files Disable - Registry
    Windows Search Disable Registry (Service)
    Zone Mapping - Registry Adds the servers & domain to the Trusted list for the OS (Even though it says Internet Explorer its used by other portions of the OS)
    User Access Control Registry
    I have others that helped but this is the short list of changes that made major improvements.
    When I have a moment I will look back and see if there are other major changes. This is just what I remember.

  • Novell Client breaks LUM

    Hi,
    SLED11 SP2 (confirmed same on SP1)
    I am trying to set up integrated login as per:
    Support | How to set up Single Sign-On for Novell Client for Linux on SLED 11.0
    and have done this Support | Single Sign-On does not work after initial setup.
    I have LUM working correctly on SLED 11 Sp2 without the Novell Client installwed - all works 'as it should' edirectory users can login and accounts and user home dirs are created. Once the Novell Client is installed, LUM is broken. Specifically namcd is dead and cannot be started with this error:
    Starting NAM Cache Daemon .../usr/sbin/namcd: /usr/lib/libldapssl.so.0:: no version information available (required by /usr/sbin/namcd)
    Removing Novell Client and CASA results in LUM working again.
    Does anyone have any idea how to fix this?
    Thanks in advance,
    Trevor Storr

    No - and even if it does not break it, LUM and Novell Client do not
    really work well together in my experience. Personally I have decided
    to not use LUM on Linux client PCs anymore.
    But maybe somebody else found a working solution for this.
    W. Prindl
    tstorr wrote:
    >
    >Hi,
    >
    >SLED11 SP2 (confirmed same on SP1)
    >I am trying to set up integrated login as per:
    >
    >'Support | How to set up Single Sign-On for Novell Client for Linux on
    >SLED 11.0' (http://www.novell.com/support/kb/doc.php?id=7005012)
    >and have done this 'Support | Single Sign-On does not work after
    >initial setup.' (http://www.novell.com/support/kb/doc.php?id=7006896)
    >
    >I have LUM working correctly on SLED 11 Sp2 without the Novell Client
    >installwed - all works 'as it should' edirectory users can login and
    >accounts and user home dirs are created. Once the Novell Client is
    >installed, LUM is broken. Specifically namcd is dead and cannot be
    >started with this error:
    >
    >Starting NAM Cache Daemon .../usr/sbin/namcd:
    >/usr/lib/libldapssl.so.0:: no version information available (required
    >by /usr/sbin/namcd)
    >
    >Removing Novell Client and CASA results in LUM working again.
    >
    >Does anyone have any idea how to fix this?
    >
    >Thanks in advance,
    >
    >Trevor Storr

  • I have installed the agent 10 or 15 times and one installation hasfailed, no error appeared during the installation but I am havinginconsistent issues with my ethernet card not working here and there. Werebooted and can log into Novell client but th

    I have installed the agent 10 or 15 times and one installation has failed, no error appeared during the installation but I am having inconsistent issues with my ethernet card not working here and there. We rebooted and can log into Novell client but the login prompt did not appear for ESM client or the icon was not in the systray. Everything seems to work, besides at times (a couple times today) it terminates his ethernet card/connection. I would re-image his computer but he has several applications and it would take several hours, so I am hoping someone has an idea to fix this issue. So I was trying to figure out why he did not get the prompt to login and why it's not in the systray and it appears to not have completed the install? I checked the add/remove programs, its not listed within their, I also checked the registry and found nothing for endpoint within their, but the files are within c:\program files\novell\zenworks endpoint security.
    I have also tried uninstalling it but that fails due to it "not being installed", and it will not reinstall over itself either.
    I did notice that stuninstdrv.exe is running in task manager. Any help would be great...
    Windows xp sp3
    ESM 3.5.154
    Thanks,
    Andy

    If you are searching the registry, check for the "Senforce" string. It should be at HKLM\Software\Senforce
    Try running the install program for the ZSC with the following command line:
    setup.exe /V"STUNINSTALL=1"
    If you've specified an uninstall password, try this one instead:
    setup.exe /V"STUNINSTALL=1 STUIP=password"" (please note the double quote at the end)
    Let me know if that helped you.
    Daniel
    >>>
    From: Andy_DeWees<[email protected] du>
    To:novell.support.zenworks.endpoint-security-management
    Date: 2/5/2009 12:52 PM
    Subject: I have installed the agent 10 or 15 times and one installation hasfailed, no error appeared during the installation but I am havinginconsistent issues with my ethernet card not working here and there. Werebooted and can log into Novell client but the login prompt did not appearfor ESM client or the icon was not in the systray. Everything seems towork, besides at times (a couple times today) it terminates his ethernetcard/connection. I would re-image his computer but he has severalapplications and
    I have installed the agent 10 or 15 times and one installation has failed, no error appeared during the installation but I am having inconsistent issues with my ethernet card not working here and there. We rebooted and can log into Novell client but the login prompt did not appear for ESM client or the icon was not in the systray. Everything seems to work, besides at times (a couple times today) it terminates his ethernet card/connection. I would re-image his computer but he has several applications and it would take several hours, so I am hoping someone has an idea to fix this issue. So I was trying to figure out why he did not get the prompt to login and why it's not in the systray and it appears to not have completed the install? I checked the add/remove programs, its not listed within their, I also checked the registry and found nothing for endpoint within their, but the files are within c:\program files\novell\zenworks endpoint security.
    I have also tried uninstalling it but that fails due to it "not being installed", and it will not reinstall over itself either.
    I did notice that stuninstdrv.exe is running in task manager. Any help would be great...
    Windows xp sp3
    ESM 3.5.154
    Thanks,
    Andy

Maybe you are looking for