Wireless users Authentication of external repository? help?

Similar Messages

• Wireless user authentication detail at syslog server

  Hi Dear.  I configurated wireless network. i want to see my wireless user authentication detail(ip address, username and if it is possibly mac-address) at my syslog server. i do some configuration, the wireless controller send something to my syslog server but i need exctahly the user authentication detail.
  how i do that? please help me. thank you veru much.

  Hi dears. please help me

• WLSM and wireless user authentication.

  I'm attempting to put together a solution to wireless security which does NOT include any kind of client configuration or installed supplicant. I want the wifi network to be wide open, no wep. When users attempt to get on the network they are directed to a ssl encrypted web interface to enter credentials checked against a radius server. I've been told the new WLSM for the 6500 along with 12.2.15+ code on the WAP's might have this feature. Can anyone confirm this? I've heard about this in the past, as something that cisco is working on, but didn't think anything had come to fruition yet..
  Thanks,
  -Kyle

  Responding to my own post..
  The solution I was fishing for is a combonation of IP Mobility enabled WAP's with the SLSM in a central location then routing them to a SESM enabled gateway.

• User authentication in FDM

  Hi friends,
  1) I am using FDM 9.3.1, we can i create a user in FDM using user management and we are creating simple user authentication vb script in FDM but still we are able to access that user with any password.
  2)I also donot know how to configure fdm with shared services.
  But i think we can create some user in FDM without any need of shared services and we can authenticate that user by writing vb user authentication script.
  Pls help me for both these problems

  Hi,
  How SRDEMO calls the login page which asks the username and password and later use it in other pages?
  Its using container managed security: Look at infrastructure/SRLogin.jspx
  Is there exists any document which describe How user connection(userid and password) information is authenticated and preserve later in other pages of the ADF applicaton?
  In container managed authentication, the username can be accessed from the JSf external context. The password isn't
  Is there exists any example which does the database user authentication instead of application user authentication in ADF BC and used in later forms?
  Yes, you can configure container managed authentication to use a custom JAAS LoginModule instead
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  Is there exists some pre-login( on-logon) triggers kind of stuff in ADF as it was in forms?
  Using ADF Business Components that would be the prepareSession() method that is called on the application module
  Frank

• Need help with external user authentication

  Hello,
  I need some help to set up an external user authentication in Oracle DB 10g. Using the documentation at
  http://www.oracle-base.com/articles/misc/OsAuthentication.php
  I added the user alex to my linux system and checked the parameter os_authent_prefix:
  SQL> show parameter os_authent_prefix
  NAME TYPE VALUE
  os_authent_prefix string ops$
  SQL>
  I created the oracle user alex using
  CREATE USER alex IDENTIFIED EXTERNALLY;
  as well as
  CREATE USER ops$alex IDENTIFIED EXTERNALLY;
  The parameters in the sqlnet.ora are set to
  NAMES.DIRECTORY_PATH = (TNSNAMES, HOSTNAME, EZCONNECT)
  SQLNET.AUTHENTICATION_SERVICES = (ALL)
  Being the local user alex on the linux server I can login:
  $ sqlplus /
  SQL*Plus: Release 10.2.0.1.0 - Production on Tue Aug 30 08:56:26 2011
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Connected to:
  Oracle Database 10g Release 10.2.0.1.0 - 64bit Production
  SQL>
  Now using a Windows Client:
  C:\>sqlplus alex@<netservicename>
  SQL*Plus: Release 10.2.0.1.0 - Production on Di Aug 30 10:31:37 2011
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Kennwort eingeben:
  ERROR:
  ORA-01017: invalid username/password; logon denied
  - So, what's wrong?
  - Do I always have to create oracle users with the prefix "ops$" to the local username? How do these users login - with or without the prefix 'ops$'?
  - I read that kerberos authentication is only available through oracle advanced security addon. What about authentication through ldap?

  Obviously it doesn't work from any remote system.
  For this to happen the parameter remote_os_authent would have been set to true.
  Warning: this poses a security risk.
  As far as I know you should have been logged in as alex on the client, and using sqlplus /
  However, from 10g onwards Oracle comes with Oracle Wallet, which stores the password encrypted outside the database in a file, called wallet, and which is accessible from anywhere.
  You would better use that.
  Sybrand Bakker
  Senior Oracle DBA

• Wireless PEAP users authenticated by TACACS+

  Hello,
  I have the following scenario, access points 1214 (fat AP) connected to ACS (RADIUS) and the ACS integrated with Novell LDAP as external database.
  The wireless users use PEAP for authentication, here the problem when I tried to connect wirelessly with username and password configured locally on the ACS database it works fine but if I use a username and password listed on the Novell LDAP I got the error ?Auth type not supported by External DB? .
  Note:
  For VPN users, I can connect and access the network resources from outside with username and password listed on Novell LDAP database (integration between ACS and Novell LDAP is fine). Maybe this note could help you!!
  Regards,
  Belal

  Hello Darran,
  Thx for your feedback..
  now i'm trying to configure EAP-TLS but as stated in the configuration guide i should have CA certificates for both ACS and the wireless users. here the question, shall i have CA server or thers is another way to complete the task (use local generated certificate for example if possible) ?
  Regards,
  Belal

• Problem authenticating Wireless users with peap

  Good afternoon,
  I am currently trying to authenticate wireless users using PEAP and an external RADIUS server. The problem is when I try to authenticate I get this error :
  AAA/AUTHEN/PPP : Pick method list 'Permanent Local'
  DOT11-7-AUTH_FAILED : Station ... Authentication failed
  It shouldn't use local authentication, but the aaa server I configured.
  I looked on the internet but didn't find a working solution.
  Does anyone know why it is not working ?
  Here is my running configuration :
  Current configuration : 4276 bytes
  ! Last configuration change at 00:45:40 UTC Mon Mar 1 1993
  ! NVRAM config last updated at 16:38:23 UTC Thu Jul 24 2014
  ! NVRAM config last updated at 16:38:23 UTC Thu Jul 24 2014
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap
  logging rate-limit console 9
  enable secret 5 $1$QVC3$dIVAarlXOo52rN3ceZm1k0
  aaa new-model
  aaa group server radius rad_eap
   server 192.168.2.2 auth-port 1812 acct-port 1813
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  no ip routing
  no ip cef
  dot11 syslog
  dot11 ssid test
     authentication open eap eap_list
     authentication key-management wpa version 2
     guest-mode
  eap profile peap
   method peap
  crypto pki token default removal timeout 0
  bridge irb
  interface Dot11Radio0
   no ip address
   no ip route-cache
   encryption mode ciphers aes-ccm
   ssid test
   antenna gain 0
   stbc
   beamform ofdm
   station-role root
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface Dot11Radio1
   no ip address
   no ip route-cache
   shutdown
   antenna gain 0
   no dfs band block
   channel dfs
   station-role root
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface GigabitEthernet0
   no ip address
   no ip route-cache
   duplex auto
   speed auto
   dot1x pae authenticator
   bridge-group 1
   bridge-group 1 spanning-disabled
   no bridge-group 1 source-learning
  interface BVI1
   ip address 192.168.3.10 255.255.255.0
   no ip route-cache
  ip default-gateway IP
  ip forward-protocol nd
  ip http server
  ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.168.2.2 auth-port 1812 acct-port 1813 key 7 140441081E501F0B7D
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 0 4
   transport input all
  end
  Thank you

  I haven't setup autonomous APs before but I think I might see the problem. You are defining an authentication list called "eap_methods" but you never call for it in your SSID settings. Instead there you call a list named "eap_list" In addition, I think you might be missing one more command. So perhaps try this:
  dot11 ssid test
  authentication open eap eap_methods
  authentication network-eap eap_methods
  authentication key-management wpa version 2
  guest-mode
  Hope this helps!
  Thank you for rating helpful posts!

• Show repository gives "user authentication error"

  Hello
  I am running ACS 5.4, When I try a "show repository <repository_name>" command I get "user authentication error" however I have admin status. Any suggestions?
  Thanks

  Hi,
  Can you share the show running-config from the ACS.
  Just  to clarify, the admin role on the ACS is not important, the user that  you have mentioned in the repository configuration should be present on  the respective respository and the password should be correct.
  eg:
  repository ftp
  url ftp://1.1.1.1/
  user ed password plain ed
  The user name ed should be there on the ftp server and the password should be correct.
  nothing to do with the admin role on the ACS if that is what you meant.
  **Share your knowledge. It’s a way to achieve immortality.
  --Dalai Lama**
  Please Rate if helpful.
  Regards
  Ed

• User authentication in Cisco ACS by adding external RADIUS database

  Hi,
  I would like to configure the below setup:
  End user client (Cisco Any connect/VPN client) -> ASA 5500 (AAA client) -> ACS server -> External RADIUS database.
  Here ACS server would send the authentication requests to External RADIUS server.So, i have added the external user database (RADIUS token server) in
  ACS under External databases.I have added AAA client in Network configuration (selected authenticate using RADIUS(VPN 3000/ASA/PIX 7.0) from the drop down.
  Here how do i make ASA recognize that it has to send the request to ACS server. Normally when you use ACS as RADIUS server you can add an AAA server in ASA and test it.But here we are using an external RADIUS server which has been configured in ACS, so how do i make ASA to send the requests to ACS server?
  Any help on this would be really grateful to me.
  Thanks and Regards,
  Rahul.

  Thanks Ajay,
  As you said nothing needs to be done on ASA side, if we are using an external user database for authentication.
  Im a newbie to ACS and this is the first time i'm trying to perform a two factor authenticaton in Cisco ACS using external user database.
  By two factor authentication i mean, username + password serves as first factor (validated by RADIUS server), username + security code (validated by RADIUS server) serves as second factor.So, during user authentication i enter only username in username field and in "password" field i enter both "password + security code". Our RADIUS server has already been configured with AD as user store, so we dont have to specify AD details in ACS. I have done the following in ACS to perform this two factor authentication.
  -> In external user databases, i have added a external RADIUS token server.
  -> In unknown user policy , i have added the external data base that i configured in ACS into the selected databases list.
  -> under network configuration, i have added the Cisco ASA as AAA client (authenticate using RADIUS (Cisco VPN 3000/ASA/PIX 7.x+)).
  Just to check whether user authentication is successful, i launched the ACS webVPN using https://IP:2002, it asked me to enter username and password. So, i entered username and in password field i entered "password + security code". But, the page throws an error saying "login failed...Try again".I cant find any logs in external RADIUS server.
  Here is what i found in "Failed attempts" logs under Reports and activities.
  Date,Time,Message-Type,User-Name,Group-Name,Caller-ID,Network Access Profile Name,Authen-Failure-Code,Author-Failure-Code,Author-Data,NAS-Port,NAS-IP-Address,Filter Information,PEAP/EAP-FAST-Clear-Name,EAP Type,EAP Type Name,Reason,Access Device,Network Device Group
  02/28/2012,00:31:52,Unknown NAS,,,,(Unknown),,,,,10.204.124.71,,,,,,,
  02/28/2012,00:41:33,Unknown NAS,,,,(Unknown),,,,,10.204.124.71,,,,,,,
  02/28/2012,00:42:18,Unknown NAS,,,,(Unknown),,,,,10.204.124.71,,,,,,,
  Filtering is not applied.
  Date
  Time
  Message-Type
  User-Name
  Group-Name
  Caller-ID
  Network Access Profile Name
  Authen-Failure-Code
  Author-Failure-Code
  Author-Data
  NAS-Port
  NAS-IP-Address
  Filter Information
  PEAP/EAP-FAST-Clear-Name
  EAP Type
  EAP Type Name
  Reason
  Access Device
  Network Device Group
  02/28/2012
  00:42:18
  Unknown NAS
  (Unknown)
  10.204.124.71
  02/28/2012
  00:41:33
  Unknown NAS
  (Unknown)
  10.204.124.71
  02/28/2012
  00:31:52
  Unknown NAS
  Am i missing any thing in configuration side with respect to ACS?
  Thanks

• User authentication issues when auth by external radius server

  We tend to use FF in a corporate environment to manage our networking devices (firewalls/switches/routers etc). Came across a bizarre problem under the following conditions:
  ZyXEL Network Switch (GS2200-24) uses external authentication (RADIUS) to allow management and accounting of who makes changes.
  When logging into the switch with FF, we get repeated prompts for user authentication. Eventually the user is logged in (and no it's not a typo!). Looking through the dev console in the beta, it seems to get a 401 unauthorised back from the switch once it tries to load another html file.
  The browser *should* be presenting the same credentials to each called page within the site, it doesn't seem to :-(
  No site added as it's an internal IP address....

  We tend to use FF in a corporate environment to manage our networking devices (firewalls/switches/routers etc). Came across a bizarre problem under the following conditions:
  ZyXEL Network Switch (GS2200-24) uses external authentication (RADIUS) to allow management and accounting of who makes changes.
  When logging into the switch with FF, we get repeated prompts for user authentication. Eventually the user is logged in (and no it's not a typo!). Looking through the dev console in the beta, it seems to get a 401 unauthorised back from the switch once it tries to load another html file.
  The browser *should* be presenting the same credentials to each called page within the site, it doesn't seem to :-(
  No site added as it's an internal IP address....

• Help to resolve Unable to connect to XL reporter user authentication

  I upgraded business one 2007 from PL 11 to PL42 on SQL Server 2000. I have 7 companies and only one of them has a problem loading XL reporter. I first get a sql script executor - execution result screen with what looks like errors in a script that has lines taht refer to OADM. then it gives a message when I X out of it'
  'Unable to connect to XL reporter
  Error! User authentication failed!
  Cause: ExitCode -1'
  then I get the sql script executor again, X out, and then it asks to start with out the add-on.
  What is weird is that the SQL script message will come up after a while once I turn on the laptop
  and am doing other things, but have not gone into Business One yet.
  Any ideas as I am stumped.
  thanks,
  laura nesteriak
  Edited by: Laura Nesteriak on Oct 2, 2008 8:28 PM
  Edited by: Laura Nesteriak on Oct 9, 2008 9:57 PM
  support helped me resolve. the table xrdbv had a incorrect value in the PartnerDBV field. We updated the field and XL reporter then worked.

  my issue was that the partnerdbv was a different version than the B-one software. I have values in dobjver (1.8), parver(22.02), partner (SBOOEM) , and partnerdbv (see below) . the others are NULL.
  the values are version specific to the version of Business One and my partnerdbv was 800176 when my buiness one version was 800177. Once we changed parnerdbv to 800177, it worked. I didn't change it-support did with a webex session. good luck.

• PEAP authentication failed for wireless users

  Dears
  Hello
  i'm receiving this error when i'm trying to authenticate wireless users using PEAP MSCHAPv2. can anyone please support me.
  thanks 

  Dear Neno
  the customer has sent me this in aruba
  aaa authentication dot1x "dot1xProfile"     
     termination eap-type eap-peap                                                                                                                                                                                                                                             
     termination inner-eap-type eap-mschapv2       
  aaa authentication-server radius "SERVER"
     host x.x.x.x
     key xxxx
     nas-ip x.x.x.x
  aaa server-group "RADIUS-GROUP"
    auth-server “SERVER”
  aaa profile "KSAU-JED-AAA-Profile"
     authentication-dot1x "dot1xProfile"
     dot1x-server-group "RADIUS-GROUP"
  wlan virtual-ap "SSID-NAME"
     aaa-profile "KSAU-JED-AAA-Profile"
     ssid-profile "SSID-NAME"
     vlan <VLAN ID>

• Table SOFFCONT1 to an external repository with help of report RSIRPIRL

  Hi experts,
  I have to relocate data from table SOFFCONT1 to an external repository with help of report RSIRPIRL...I went through all related Sap notes and it seems pretty straightforward.
  When I run the report RSIRPIRL I see all the fields I have to fill up (I have already created an content repository as well as a catalogue) but my question is how to select some data manually for testing purpose? Is it any way how to see from table SOFFCONT1 just 1 file for example?? I couldn't see that field in the report RSIRPIRL.
  Regards,
  Blaiso

  Applied OSS note 1536325 which will add an extra field to select by date and narrow the number of documents to test

• Cisco NAC: Issue for the Wireless Users being assigned "Un-Authenticated Role" to stop accessing the Network !!!

  Hi,
  I am looking for a solution to deal with the wireless NAC users being authenticating (Web Login Only) from a particular AD group. The mapped users gets into a particular role and access VLAN but un-mapped users get the default role which is "Un-Authentication Role" but also gets the same Access VLAN. So, the un-wanted users gets also the same access which is undesired.
  I tried with one solution which is, i put those users into a role named as "Deny_Role" and Enable a Timer of 1 minute (least Time) on it, which seems working but i can see that user is disconnecting (session timeout) after 3 or 5 minutes. I want to limit this but again, i do not find this as an appropriate solution.
  We could deal with wired users easily, bounce the port and get them again in "Unauthenticated Role" and VLAN will be "Un-Auth VLAN" with no network access or rediect them into a particular role with a specific VLAN. But, this is not valid in case of "Wireless Users".
  So, I am looking for a solution to deal with the wireless users in this situation...
  Please advise or give an idea.
  BR,
  Mubasher Sultan

  Hi,
  Any idea or suggestion...
  BR,
  Mubasher Sultan

• New Intel Wireless Pro set let bypass PEAP user authentication

  Hello.
  I have a critical situation. We use PEAP/MSCHAPv2 for client and user authentication. Wireless users and clients will be authenticated by the ACS by asking a ADS usergroup membership. Valid users and clients have access to LAN ressources protected by the wlan controller. If the wireless client use the WZC and the logged on user is not a member of the user group he will not be authenticated and have no access through the wlan controller. But if the wireless client can use the actual "Intel Wireless Pro Set" and the user is not a member of the ADS group the ACS drop the user authentication request. But some seconds later the user will have nevertheless access to internal resources.
  In this case I think the user authentication request will not right handled by the ACS so authenticated client will have access through the wlan controller and a not ACS authenticated user will have access to lan ressources by his local cached user credentials.
  Is there a possible security leak or have I a configuration problem?
  Best regards
  Olaf Bachmann

  Hi irisrios.
  PEAP "Fast Reconect" is disabled on ACS side.
  But in the meantime we made some tests with cisco ACS and nortel wlan controller. If the wlan client use a wireless profile, generated with the Intel Proset (!! full installation incl. andmin tools and pre-logon authentication!!) then a user who is not a member of the wlan user group have access to lan resources.