Wireless Security & Authentication methods

Similar Messages

• Authentication method for JCo connection in XSS installation

  Hi All,
  I have a query which perplexes me.  I am implementing XSS (ESS/MSS) on SAP Portal EP6 SR1 with an ECC5 backend for prototype purposes.
  When I follow SAP's help steps to setup JCo connections, it states that for the metadata connection you should use a security authentication method of 'User/Password', but for the application data connection you should use a security authentication method of 'Ticket'.
  Does anyone know why the difference in methods here?  Is it possible to use 'User/Password' for both?  Any thoughts would be appreciated.

  Hi john,
  User -ID /Pwd method can be used to access the backend for both types of Data as per your scenario.
  User -ID /Pwd method and logon tickets both can be used to access data in backend.
  The difference lies in the scenario with which you are accessing the back-end.
  If all your portal users are same as backend users then you can select Logon ticket methods.
  If they are going to be different then you need User-ID /Pwd method .
  Check the following link to get a clear picture:
  <a href="http://help.sap.com/saphelp_ep50sp2/helpdata/en/4d/dd9b9ce80311d5995500508b6b8b11/frameset.htm">Scenario to use type of SSO</a>
  Hope it helps.
  Regards,
  Vivekanandan

• Secure authentication?

  I have my clients connecting to iCal on my OS X Server using SSL but have authentication set as "any" in the iCal Server preferences. Is authentication secure with the "any" setting, or is it (possibly) in the clear? I'm not sure if I have Kerberos running which I'm assuming would be a secure authentication method, and not sure if my clients (MacBook Pros running latest OS X) would support it on the LAN and/or away from the office? I started off with the basic server setting.

  For calendar I have found it necessary to use "any method" to authenticate if you want to use the web interface, because it can not use kerberos.
  It was recommended to me by the apple support team to use "any method". I thought the same as you that if any method is selected none is required, but since no options are send PW's in the clear it seems safe.
  If you have internal DNS set up correctly it will function right on the LAN or inside your company. If your DNS set up correctly externally and you have the correct ports open and forwarded to your internal IP in your firewall/router (I believe 8008, 8443 if SSL, 88 for Kerberos) it will work away from your office.

• Wireless Security & Methods

  Hi,
  I've some experience on WLAN Networks, but I would like to have your opinion around Wireless Security implemenations.
  We have several sites where we have some Cisco Access points running IOS. We are currently doing WEP 128b, with Mac-Authentication against a central ACS Server.
  But having fixed WEP, and mac registrations is not very practical.
  Do you know about any method to have authentication against Active Directory (passing through the Cisco ACS), and Dynamic WEP Keys ?
  Any recommendation is welcome.
  Of course with this we would like to bring up our level of security.
  Thanks a lot for all,
  Best Regards,
  Jorge

  An ACS server can be used to do authentication based on user logon to AD.
  So it would only require a single login if your wireless adapter supports it.
  You would just need to enable the wireless vlan to do 802.1x (EAP-FAST) authentication.
  This document would answer some of your questions.
  http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa09186a00802030dc.html

• Wireless security advice

  Hey everyone,
  I have inherited a unsecured wireless network with the following setup -
  1x WLSE express (v2.13.1)
  28x AP 1210
  10x AP 1130
  Windows 2003 Active Directory
  I was wondering what would be the best security / encryption solution to implement without spending a dime. I have reading alot about PEAP as well.
  Any suggestions / advice would be appreciated.
  Regards,
  Mark

  PEAP uses Transport Level Security (TLS) to create an encrypted channel between an authenticating PEAP client, such as a Wireless laptop, and a PEAP authenticator, such as Microsoft Internet Authentication Service (IAS) or any RADIUS server. PEAP does not specify an authentication method, but provides additional security for other EAP authentication protocols, such as EAP-MSCHAPv2, that can operate through the TLS encrypted channel provided by PEAP. The PEAP authentication process consists of two main phases:
  Here is the URL for the PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service. It may help you
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml
  Follwing URL contains Different types of Authentication which are use in wireless.
  http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_7_JA/configuration/guide/b37auth.html#wp1035193

• MacBookPro and Cisco's LEAP authentication method

  I am getting ready to get laptop in next couple of weeks.
  The Law School's wireless network standard is 802.11g. The network uses Cisco's LEAP authentication method. Only LEAP-enabled notebook computers may connect to all access points of the Law School wireless network.
  I googled this and at least last year in 2006, macbook pro's weren't working with the LEAP system because they woudln't assign an IP address. Do you know has this been resolved?
  MacG5 Mac OS X (10.4.10)

  I found this: Finder>Help>Mac Help>Search: LEAP>
  "AirPort: How to configure Mac OS X 10.4 "Tiger" clients for LEAP authentication
  If you select LEAP authentication on a Mac OS X 10.4.2 or later computer on which the AirPort 4.2 or later update has been installed, your authentication settings may be lost after restart, sleep, or location change. As a workaround, you should use the steps shown here, which will have the effect of configuring LEAP, even though you will choose WEP from the menu.
  Go to the Network pane of the System Preferences, show AirPort, and click the AirPort tab.
  Be sure the "By default, join" menu is set to "Preferred networks."
  Note: If you don't have "Preferred networks" as a choice, this means that your 10.4 system was upgraded from 10.3, and that you're still using a Location imported from 10.3 (Panther). In this situation, you experience Panther behavior instead of new Tiger features. You will need to create a new location to utilize Tiger features and complete these steps.
  Click the "+" button.
  Enter the desired network name in the window that appears.
  From the Wireless Security pop-up menu, choose WEP Password.
  Replacing username and password with actual name and password, enter them exactly as show here, including both brackets and slash:
  <username/password>
  Note: Though there will not be any visible indication, this entry format sets the client to use LEAP rather than WEP.
  Click OK. Note: The network entry will appear in the table as "WEP," but LEAP will be used.
  Click Apply Now."
  Looks like it works when you know what to do (or where to search).

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• Wrt160nv2 wireless security help

  Hello I'm new to this forum and had some questions regarding the wireless security settings on this router (WRT160Nv2) I have the security mode set to: WPA2 and what I need to know is which Encryption is better AES or the other setting which is TKIS or AES shouldint it be just TKIS? Any info would be great thanks still trying to figure out the router...

  AES offers a higher level of encryption than TKIP, or "TKIP or AES". 
  Here are my other tips for setting up wireless security:
  To set up wireless security, you must use a computer that is wired to the router.
  Where to find the router settings: The router's login password is usually on one of the "Administration" pages. The other settings are all found in the "Wireless" or the "Security" section of the router's setup pages, located at 192.168.1.1
  First, give your router a unique SSID. Don't use "linksys".
  Make sure "SSID Broadcast" is set to "enabled".
  Next, leave the router at its default wireless settings (except for the unique SSID), and then use your pc to connect wirelessly to the router. Test your wireless Internet connection and make sure it is working correctly. You must have a properly working wireless connection before setting up wireless security.
  To implement wireless security, you need to do one step at a time, then verify that you can still connect your wireless computer to the router.
  Next, encrypt your wireless system using the highest level of encryption that all of your wireless devices will support. Common encryption methods are:
  WEP - poor (see note below)
  WPA (sometimes called PSK, or WPA with TKIP) - good
  WPA2 (sometimes called PSK2, or WPA with AES) - best
  WPA and WPA2 sometimes come in versions of "personal", "enterprise" or "radius". Most home users should use "personal". Also, if you have a choice between AES and TKIP, and your wireless equipment is capable of both, choose AES. With any encryption method, you will need to supply a key (sometimes called a "password" ).
  The wireless devices (computers, printers, etc.) that you have will need to be set up with the SSID, encryption method, and key that matches what you entered in the router.
  Retest your system and verify that your wireless Internet connection is still working correctly.
  And don't forget to give your router a new login password.
  Picking Passwords (keys): You should never use a dictionary word as a password. If you use a dictionary word as a password, even WPA2 can be cracked in a few minutes. When you pick your login password and encryption key (or password or passphrase) you should use a random combination of capital letters, small letters, and numbers, but no spaces. A login password, should be 12 characters or more. WPA and WPA2 passwords should be at least 24 characters. Note: Your key, password, or passphrase must not have any spaces in it.
  Most home users should have their routers set so that "remote management" of the router is disabled. If you must have this option enabled, then your login password must be increased to a minumum of 24 random characters.
  One additional issue is that Windows XP requires a patch to run WPA2.   The patch is located in SP3, so you will need SP3 to run WPA2.
  Note:
  WEP is no longer recommended. The FBI has demonstrated that WEP can be cracked in just a few minutes using software tools that are readily available over the Internet. Even a long random character password will not protect you with WEP. You should be using WPA or preferably WPA2 encryption.
  Message Edited by toomanydonuts on 06-25-2009 03:43 AM

• User Authentication Method not found?

  I'm using OSX but a co-worker is running 9.2.2 and is having trouble accessing a server on the corporate Microsoft network.
  I can get to the server using OSX but when she selects the server (which does show up in the Chooser list) she gets an error message saying that "the User Authentication Method could not be found" and she should check the AppleTalk folder in her extensions folder. AppleTalk folder? Check it for what?
  What must we do to get access to the new server?
  Thanks.

  For OS 9 to talk to an MS server requires that the server has Client Services for Macintosh fired up and yes, sometimes also that the client Mac has a Microsoft User Authentication Module installed and configured.
  Microsoft says that without the MS UAM, she should still be able to
  Log on to the special Microsoft UAM Volume on the computer running Windows 2000 Server to access the MS UAM file.
  If she can't get that far and there are no other symptoms, the network administrator needs adjust the security settings on the server, or reinstall Client Services for Macintosh…
  Then drag the MS UAM file to your AppleShare(c) Folder in your System Folder. Instructions follow. (Users outside North America, see the "International Concerns" section later in the Release Notes before proceeding.)
  To gain access to the Microsoft Authentication files on the computer running Windows 2000 Server
  1. On the Macintosh Apple menu, click Chooser.
  2. Double-click the AppleShare icon, and then click the AppleTalk(c) zone in which the computer running Windows 2000 Server, with Services for Macintosh, resides. (Ask your system administrator if you're not sure of the zone.)
  3. From the list of file servers, select the Windows 2000 Server computer, and then click OK.
  4. Click the Registered User or Guest option, as appropriate, and then click OK.
  5. Click the Microsoft UAM Volume, and then click OK.
  6. Close the Chooser dialog box.
  To install the authentication files on the Macintosh workstation
  1. On the Macintosh Desktop, double-click the Microsoft UAM Volume.
  2. Locate the "MS UAM Installer" file on the Microsoft UAM Volume, then double-click it.
  3. Click Continue in the installer welcome screen.
  The installer will report whether the installation succeeded.
  If the installation has succeeded, when Macintosh users of this workstation connect to the Windows 2000 Server computer, they will be offered Microsoft Authentication.

• None of the available endpoints supports authentication methods user/pass

  Dear All
  i  create a destination in the ce7.1.but when i  test the destination in the ws navigator  ,but it cant not run ,  the error is:
  The destination [YHSendMessage02] supports the following authentication methods [User Name/Password (Basic)], but none of the available endpoints supports them. The supported authentication types are [None]. Either the destination has to be updated or a new endpoint should be used
  i test the ws in the navigator  dont used the destination ,it work well, so i think maybe some wrong in my ce  about the destination 'configuration.
  best regards

  The following message returned from SAP:
  Root of the problem is found. The problem occurs as PI WSDLs doesn't contain security settings. Lack of security settings breaks consumption of those services. I'm working on providing a fix to enable consumption of such services.
  Looking at a WSDL generated by PI (example):
  <wsp:Policy wsu:Id="OP_si_servicename"/>
  The policy contains no transportbinding or authentication methods at all.
  Looking at a WDSL generated by ECC (example):
  <wsp:Policy wsu:Id="BN_BN_si_ManageCustomizingCustomerService_binding">
        <saptrnbnd:OptimizedXMLTransfer uri="http://xml.sap.com/2006/11/esi/esp/binxml" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
        <saptrnbnd:OptimizedXMLTransfer uri="http://www.w3.org/2004/08/soap/features/http-optimization" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
        <wsp:ExactlyOne xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
           <wsp:All>
              <sp:TransportBinding>
                 <wsp:Policy>
                    <sp:TransportToken>
                       <wsp:Policy>
                          <sp:HttpsToken>
                             <wsp:Policy>
                                <sp:HttpBasicAuthentication/>
                             </wsp:Policy>
                          </sp:HttpsToken>
                       </wsp:Policy>
                    </sp:TransportToken>
                    <sp:AlgorithmSuite>
                       <wsp:Policy>
                          <sp:TripleDesRsa15/>
                       </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                       <wsp:Policy>
                          <sp:Strict/>
                       </wsp:Policy>
                    </sp:Layout>
                 </wsp:Policy>
              </sp:TransportBinding>
           </wsp:All>
        </wsp:ExactlyOne>
     </wsp:Policy>
  At the moment SAP is working on a fix to solve this problem.

• None of the authentication methods supported by this client are supported by your server.

  Dear Exchange Admin
  We have implemented exchange server .
  MAPI profile configuration in outlook is working fine.but when we try to configure POP3 in outlook ,without SMTP authentication it is fine.
  But when we enable SMTP authentication ,it is getting the following error
  "None of the authentication methods supported by this client are supported by your server.
  Kindly help
  Ashraf

  This worked for me today, as I had the same issue.
  I had to set encryption to TLS to get it to work, and the server names as yahoo.co.uk...
  In Outlook 2013, click File | Add Account.
  Select Manual setup or additional server types.
  Click Next.
  Select POP.
  Click Next.
  On the “Account Settings” page, enter your account settings:
  Your Name: The name you want to show when you send email.
  Email address: Your full Yahoo email address.
  Account Type: POP3
  Incoming Mail Server: pop.mail.yahoo.com
  Outgoing Mail Server: smtp.mail.yahoo.com
  User Name: Your Yahoo ID.
  Password: Your Yahoo account password.
  Leave the “Require logon using Secure Password Authentication” option unchecked.
  Click More Settings.
  Click the Outgoing Server tab.
  Select the My outgoing server (SMTP) requires authentication box.
  Click Use same settings as my incoming mail server.
  Click the Advanced tab. Enter advanced information:
  Incoming server (POP3) port: 995
  Select This server requires an encrypted connection (SSL).
  Outgoing server (SMTP) port: 465, 587, or 25
  Set the encryption type to SSL or TLS
  Set your desired server timeout and delivery options.
  - We recommend leaving a copy of messages on the server.
  Click OK.
  Restart Outlook.
  Click Send/Receive All Folders.
  You can now retrieve emails from your Yahoo Mail account in Outlook 2013.

• BI Apps 7.9.6 authentication method with EBS integration

  Hi all,
  since the default BI Apps documentation (meaning Security Guide, which deals mainly with Init Block setup for different security groups for EBS implementation) is not very clear about it, I just would like to assure - the only way, how to integrate BI Apps OBIEE environment with EBS int term of security (authentication/authorization) is via the method, described in Oracle® Fusion Intelligence For E-Business Suite - meaning through setup BI Pres Service to get cookie value from EBS session and populate NQ_SESSION.ICX_SESSION_COOKIE whic is then used in OBIEE Init Blocks to setup the context of EBS user and based on that context , initialize different session variables (even row-wise - for populating variables used in security filters - e.g. LEDGER) for logged EBS/OBIEE user , is that right ? There isn't any other method, how to authenticate EBS user in OBIEE - like using the similar way for BI Apps implementation with Siebel CRM (authenticate user via executing Init Block, assigned with Connection Pool, in which :USER,:PASSWORD variables are used to authenicate user againts Siebel OLTP db) ?
  Just to want to assure, that this is the only way, how to integrate BI Apps OBIEE environment into EBS from security point of view.
  Thanks very much in advance for your answers/opinion.
  Michal Zima

  I'm not using EBS R12.1.3 but I can give a suggestion, if possible try it once.
  Using current configuration (Informatica and DAC) run a data load sourcing from EBS R12.1.3.
  Let me know if you try this :)

• Cisco ACS v4.1 - User Export incl. Authentication Method

  Hi,
  I wish to export a list of all our users, to include their group and more importantly, their password authentication method. We have a combination users that authenticate using both ACS internal database and also external RSA Secure ID database. Basically I need to identify all users who are NOT authenticating against Secure ID.
  I ran CSUtil.exe -u   , however this only gives me the user & group, doesn't list the authentication method per user.
  Thanks,
  Brian

  Brian,
  Unfortunately, CSUtil.exe will only list the users & group they are a member of. So the simple answer is no.
  If the goal is to set everyone to use token authentication, you could get export a list of all users with CSUtil.exe, then use the client import option to update database used for authentication of all users. Here is the url for documentation on this and other CSUtil.exe options.
  =====================
  Via Csutil
  Created a file in text format
  ONLINE
  UPDATE::EXT_SDI
  ADD::EXT_SDI:PROFILE:
  DELETE:
  csutil -i
  =====================
  If you feel adventerous, you could explore the contents of the dump.txt. by running csutil -d
  This file does contain the information you are looking for. However, there is no documentation or support available for reading or decrypt it.,
  Regards,
  Jatin
  Do rate helpful posts-

• One SSID with muptiple authentication methods

  Have received a request from a customer to run both TKIP and AES encryption on the same SSID
  From reading I believe this is not possible but can anyone confirm this please
  Currently the config looks thus
  dot11 ssid HELP
  vlan 20
  authentication open eap eap_methods
  authentication network-eap eap_mtheods
  authentication key-management wpa
  authentication key-management wpa version 2  <<<<<<<<<<<<<<<<<<
  <<<<< Trying to add wpa version 2 overwrites uithentication key-management wpa so presume this confirms it can't be done >>>>>
  Interface Dot11Radio0
  encryption mode ciphers tkip
  encrytption vlan 20 mode ciphers aes-ccm tkip
  Many Thanks

  Hello
  Cisco wireless products have the option to offer to the wireless clients both encryption methods, TKIP and AES and even WEP on the same SSID. This can be configured on the GUI and CLI but what you have to be aware and be careful is that this is not the standard. Even though Cisco can offer this, some clients won't understand that, they will get confused and disconnect or just not be able ro connect at all.
  We are talking about encryption here not authentication so to answer your question: yes, you can configure several encryption methods on the same vlan but it is not a best practice and regarding authentication, it is not possible to configure different authentication methods on the same SSID.
  Regards,
  Sent from Cisco Technical Support Android App

• Wireless security settings...

  I have a wireless print server, and a wireless router.  The WPS is limited to WEP for a security setting.  Does this limit the security for my entire network?  I checked the BIOS -- it has the latest.
  Thanks,
  -Kevin
  Message Edited by lscaveman on 11-22-200603:34 AM

  Your encryption method is limited by the weakest wireless link in your system.  So if your wireless print server can only do WEP, then that is the highest level of wireless security your wireless system can be set to.
  However, as gv stated, WEP is no longer recommended.  It should only be used until you have time to upgrade to WPA or WPA2.
  I assume you have a wireless G router capable of WPA or WPA2.  If so, there are 2 reasonably secure solutions to your problem:
  1)  Run a wire from your router to your WPS  (turn off the WPS wireless)
  2)  Upgrade to a wireless G  WPS.
  Message Edited by toomanydonuts on 11-23-200601:09 AM