Search Results

Search found 736 results on 30 pages for 'radius'.

Page 5/30 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Has anyone had luck running 802.1x over ethernet using the stock Windows or other free supplicant?

    - by maxxpower
    I just wanted to see if anyone else has had luck implementing 802.1x over ethernet. So here's my basic setup. Switch sends out 3 eapol messages spaced out 5 seconds apart. if there's no response the machine gets put on a guest vlan with restricted access. If the machine is properly configured it will authenticate and be placed into a secure vlan. About 10% of my windows xp users are getting self assigned 169 addresses. I've used the Odyssey Access Client and it worked without a hitch. I'm using the setting to automatically use the users windows login to authenticate, but it's workign on 90% of the machines so I don't think that's the issue. Checking the logs on the dc it seems that the machines are trying to authenticate with computer credentials even though they are configured not to. I'm running Juniper switches with IAS for radius. I have radius configured for PEAP and MSvhapv2. Macs and linux boxes seem to have no issues authenticating. One last thing to add If I unplugging the ethernet cable and plug it back in usually resolves the issue, but I'd hardly call that acceptable for production. Kinda long winded and specific for a discussion, but just want to see if anyone else has had similar issues or experiences, or if anyone knows of a free XP supplicant that actually works with 802.1x over ethernet.

    Read the article

  • CSS optimization - extra classes in dom or preprocessor-repetitive styling in css file?

    - by anna.mi
    I'm starting on a fairly large project and I'm considering the option of using LESS for pre-processing my css. the useful thing about LESS is that you can define a mixin that contains for example: .border-radius(@radius) { -webkit-border-radius: @radius; -moz-border-radius: @radius; -o-border-radius: @radius; -ms-border-radius: @radius; border-radius: @radius; } and then use it in a class declaration as .rounded-div { .border-radius(10px); } to get the outputted css as: .rounded-div { -webkit-border-radius: 10px; -moz-border-radius: 10px; -o-border-radius: 10px; -ms-border-radius: 10px; border-radius: 10px; } this is extremely useful in the case of browser prefixes. However this same concept could be used to encapsulate commonly-used css, for example: .column-container { overflow: hidden; display: block; width: 100%; } .column(@width) { float: left; width: @width; } and then use this mixin whenever i need columns in my design: .my-column-outer { .column-container(); background: red; } .my-column-inner { .column(50%); font-color: yellow; } (of course, using the preprocessor we could easily expand this to be much more useful, eg. pass the number of columns and the container width as variables and have LESS determine the width of each column depending on the number of columns and container width!) the problem with this is that when compliled, my final css file would have 100 such declarations, copy&pasted, making the file huge and bloated and repetitive. The alternative to this would be to use a grid system which has predefined classes for each column-layout option, eg .c-50 ( with a "float: left; width:50%;" definition ), .c-33, .c-25 to accomodate for a 2-column, 3-column and 4-column layout and then use these classes to my dom. i really mislike the idea of the extra classes, from experience it results to bloated dom (creating extra divs just to attach the grid classes to). Also the most basic tutorial for html/css would tell you that the dom should be separated from the styling - grid classes are styling related! to me, its the same as attaching a "border-radius-10" class to the .rounded-div example above! on the other hand, the large css file that would result from the repetitive code is also a disadvantage so i guess my question is, which one would you recommend? and which do you use? and, which solution is best for optimization? apart from the larger file size, has there even been any research on whether browser renders multiple classes faster than a large css file, or the other way round? tnx! i'd love to hear your opinion!

    Read the article

  • NPS EAP authentication failing after Windows Update

    - by sqlreader
    I have a Windows 2008 Std server running NPS. After applying the latest round of updates (including Root Certificates for April 2012 KB931125 (See:http://support.microsoft.com/kb/933430/)), EAP authentication is failing due to being malformed. Sample error (Security/Event ID 6273), truncated for brevity: Authentication Details: Proxy Policy Name: Use Windows authentication for all users Network Policy Name: Wireless Access Authentication Provider: Windows Authentication Server: nps-host.corp.contoso.com Authentication Type: PEAP EAP Type: - Account Session Identifier: - Reason Code: 266 Reason: The message received was unexpected or badly formatted. The NPS policy (Wireless Access) is configured accordingly (for Constraints/Authentication methods) EAP Types: Microsoft: Protected EAP (PEAP) - with a valid certificate from ADCS Microsoft: Secured password (EAP-MSCHAP v2) Less secure authentication methods: Microsoft Encrypted Authentication version 2 (MS-CHAP-v2) User can change password after it has expired Microsoft Encrypted Authentication (MS-CHAP) User can change password after it has expired We've tested a different RADIUS server without the aforementioned patch, and removed EAP as an authentication type and experienced success. Has anyone else experienced this issue?

    Read the article

  • 8021x wireless clients auto connect prior to user login

    - by JohnyV
    I am using a 2008 r2 dc that also performs Radius (NPS), I also have a 2008 r2 certificate authority which is giving out certificates. The computers are getting the certificate and when a user logs into the device (that has previously logged in) gets put on the correct VLAN (according to there user access). However I cant get the computers to join the wireless network prior to logging in, so that they can log in with their domain accounts and authenticate through the wireless. The basic setup is Computer gets group policy which tells it to get a certificate the computer then has a seperate vlan to join just as a computer account however the wireless computer wont connect through that vlan. (this vlan allows login information only then once the users credentials are verified it puts them onto another VLAN). So I am trying to work out why the notebook wont auto connect to the wireless network as a computer. Thanks

    Read the article

  • Make user home directory at gdm login

    - by Lorenzo
    I'm trying to make home directory at (RADIUS) user gdm login. The auth is working right, but when I try gdm says that the user hasn't a home directory. I tried to do that with pam_mkhomedir.so but is not working. My /etc/pam.d/gdm file: PAM-1.0 auth sufficient pam_radius_auth.so auth sufficient pam_nologin.so auth sufficient pam_env.so readenv=1 auth sufficient pam_env.so readenv=1 envfile=/etc/default/locale auth sufficient pam_succeed_if.so @include common-auth auth optional pam_gnome_keyring.so account sufficient pam_radius_auth.so @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session optional pam_limits.so @include common-session session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open session optional pam_gnome_keyring.so auto_start session required pam_mkhomedir.so skel=/etc/skel umask=0022 @include common-password Thanks

    Read the article

  • How does one guarantee a remote client the same local IP address every time when connecting to a VPN?

    - by Joe Carroll
    I need to configure a VPN for secure remote access to a PACS serving DICOM radiological images. The DICOM standard requires that any clients accessing the PACS must be using a fixed IP address that is pre-registered in PACS. I haven't implemented this solution before and would appreciate any guidance. I believe it should be possible to use RADIUS on the server to authenticate users connecting to the VPN and with it assign each user their own specific local subnet IP address, which would be registered with the PACS. The server runs Windows Server 2003 R2 Enterprise Edition SP2 and the VPN device is a FortiGate 60C. The What would be the best and/or simplest way to set this up?

    Read the article

  • need help upgrading small business wifi network

    - by Henry Jackson
    Our small business currently has 3 wireless access points around the building, each with their own SSID. Security is done with WEP (ick) and MAC address filtering (double ick). We are trying to reconfigure the setup, with these goals: wifi roaming between the access points user-based authentication that isn't as annoying as MAC address filtering. 1) The entire building is hardwired with ethernet, so I assume it should be easy to set up the routers to act as one big network, but I can't figure out how. Can someone point me in the right direction? The routers are consumer-grade linksys routers, is it possible to do this without getting new hardware? 2) For security, we will probably upgrade to WPA2, and I'm thinking of using the Enterprise version so that users can log in with a username, instead of having a single key (so if an employee leaves or something, their access can be removed). We have several on-site Windows servers, can one of them be set up as a RADIUS server, or is that best left to a dedicated machine (again, using existing hardware is good).

    Read the article

  • Problem with network policy rule in Network Policy Server

    - by Robert Moir
    Trying to configure RADIUS for a college network, and have run into the following frustration: I can't set an "AND" condition for group membership of authenticated objects in the network policy rules, e.g. I'm trying to create a NPS rule that says, essentially "IF user is a member of [list of user groups] And is authenticating from a computer in [wireless computer group] then allow access. The screenshot above is the rule I am having trouble with. It does not work as written. The rule underneath it, which is identical in every aspect except the conditions rule, does work. I've tried changing the non-working rule to define each set of groups as "Windows group" rather than specifically as machine and user groups, with no change. With the "faulty" rule enabled and the working one disabled, any attempt to login with a valid account from a machine that is in the wireless computers group gives a 6273 audit event in the windows event log: Reason code 66 - "the user attempted to use an authentication method that is not enabled on the matching network policy". Disabling the "faulty" rule, enabling the other rule and logging in with the same account and computer works just fine.

    Read the article

  • FreeRADIUS Default Answer

    - by jinanwow
    We are using FreeRADIUS with a MySQL database, authenticating users. We ran into an issue where are MySQL database was slow causing the max number of threads to be reached. The issue with this is, when the server couldn't answer the requests as there were no threads avaiable, it sent the response of Access-Reject to the clients. Our devices cache client connections and periodically checks with the server to see if they should still be allowed or to remove them. The equipment is designed that if there is no response from the server and a client is connected it will remain connected. The issue is, when the radius server is at its max threads, its default answer is to send access-reject (verified via packet capture), however we would like to change the default behavior to just ignore the request (keeping the clients connected). We have fixed the MySQL database issue for now, but I would like to change the default from Access-Reject, to just ignore the client altogeather. I have done research, but not able to find an answer to the question. Thanks in Advance.

    Read the article

  • Central Authentication For Windows, Linux, Network Devices

    - by mojah
    I'm trying to find a way to centralize user management & authentication for a large collection of Windows & Linux Servers, including network devices (Cisco, HP, Juniper). Options include RADIUS/LDAP/TACACS/... Idea is to keep track with staff changes, and access towards these devices. Preferably a system that is compatible with both Linux, Windows & those network devices. Seems like Windows is the most stubborn of them all, for Linux & Network equipment it's easier to implement a solution (using PAM.D for instance). Should we look for an Active Directory/Domain Controller solution for Windows? Fun sidenote; we also manage client systems, that are often already in a domain. Trust-relationships between Domain Controllers isn't always an option for us (due to client security restrictions). I'd love to hear fresh ideas on how to implement such a centralized authentication "portal" for those systems.

    Read the article

  • Expired password change through VPN failure

    - by Tim Alexander
    I am setting up some new accounts to be used by some contractors. they are going to connect via VPN to our network. My requirement is to set the password initially and then have them change it the first time they log in. As a result the "User must Change Password" box is checked. Loading up a laptop and testing has yielded poor results. When logging in I get a notification that the password has expired and a box to fill in, which I do. it then appears again so I dutifully fill in the password details again. I am then presented with a "Sending Password...." error box with Error:619 listed as the reason. Trying to reconnect then gives a 691 error that the password is bad. From the firewall, that is the actualy VPN server, I can see RAD_ACCESS_DENIED and from the DC running NPS (acting as a RADIUS server for the firewall with MS-CHAP-v2 enabled with the "User can change password after it has expired" checked) I cannot see a request to change the password. I can only see Event ID 4776, 4625 and 6273 (reason 16). I can log in with out the change password flag fine so I know logins are being authenticated. Really hoping someone might be able to assist in tracking down the lack of password change processin gon the DC.

    Read the article

  • Zip codes in Radius Google Map

    - by Lee
    Hope someone can advise, I would like to be able to use google map API to find all Zip codes/cities with x Miles of a point. Has anyone done such a thing with google map or maybe some other type of service. Would love to know if so how you have achieved it ! Thank you if you can advise.

    Read the article

  • Setting Corner Radius on UIImageView not working

    - by MarkPowell
    I'm at a bit of a loss. I've used the layer property of UIView to round the corners of multiple elements in my app. However, this one UIImageView is simply not complying. Not sure what I am missing. The UIImageView (called previewImage) is contained in a Table View Cell. I've tried setting the cornerRadius property multiple location (in the cell itself and in the controller that creates the cell) to no avail. static NSString *CellIdentifier = @"MyTableViewCell"; MyTableViewCell *cell = (MyTableViewCell *)[tableView dequeueReusableCellWithIdentifier:CellIdentifier]; if (cell == nil) { NSArray *topLevelObjects = [[NSBundle mainBundle] loadNibNamed:CellIdentifier owner:self options:nil]; cell = [topLevelObjects objectAtIndex:0]; cell.previewImage.layer.cornerRadius = 20; //Made it 20 to make sure it's obvious. } Is there something about the way cells are loaded that I'm missing?

    Read the article

  • Store latitudes and longitudes in database for proximity/radius search using Google Maps API, .NET a

    - by poojad
    What is the approach for storing the latitudes and longitudes for multiple addresses as a one time set up. I need to find the nearby stores using Google Maps and I have to get the latitudes and longitudes of all the available stores. As the data is huge and may increase or change in future, can anyone suggest an approach taking performance and maintenance into consideration. Thank you.

    Read the article

  • Html 5 ping pong game side collision problem

    - by Gurjit
    I am making a simple ping pong game where I am facing a side collision problem means when the ball collides with the either side of the paddle . Although I have written code for making it works but something is failing....I want plz someone to give suggestions and tell how to avoid it. Means while trying to hit the ball with side face of the paddle poses a problem.!! Here is the main part of the code causing problem function checkCollision(){ ///// This is collision detection for the upper part ///// if( cy + radius >= paddleTop && cx + radius > paddleLeft && cy + radius >= paddleTop + 5 && cx - radius <= paddleLeft + paddleWidth ) { dy = -dy; ++hits; /// On collision we are increasing the Score playSound(); } else if( cy + radius >= paddleTop && cy + radius <= paddleTop + paddleHeight && cx + radius >= paddleLeft && cy - radius <= paddleLeft - (radius + 1) ) { dx = -dx; } } here is working fiddle for it :- http://jsfiddle.net/gurjitmehta/orzpzf69/

    Read the article

  • Wireless AAA for a small, bandwidth-limited hotel.

    - by Anthony Hiscox
    We (the tech I work with and myself) live in a remote northern town where Internet access is somewhat of a luxury, and bandwidth is quite limited. Here, overage charges ranging from few hundreds, to few thousands of dollars a month, is not uncommon. I myself incur regular monthly charges just through my regular Internet usage at home (I am allowed 10G for $60CAD!) As part of my work, I have found myself involved with several hotels that are feeling this. I know that I can come up with something to solve this problem, but I am relatively new to system administration and I don't want my dreams to overcome reality. So, I pass these ideas on to you, those with much more experience than I, in hopes you will share some of your thoughts and concerns. This system must be cost effective, yes the charges are high here, but the trust in technology is the lowest I've ever seen. Must be capable of helping client reduce their usage (squid) Allow a limited (throughput and total usage) amount of free Internet, as this is often franchise policy. Allow a user to track their bandwidth usage Allow (optional) higher speed and/or usage for an additional charge. This fee can be obtained at the front desk on checkout and should not require the use of PayPal or Credit Card. Unfortunately some franchises have ridiculous policies that require the use of a third party remote service to authenticate guests to your network. This means WPA is out, and it also means that I do not auth before Internet usage, that will be their job. However, I do require the ABILITY to perform authentication for Internet access if a hotel does not have this policy. I will still have to track bandwidth (under a guest account by default) and provide the same limiting, however the guest often will require a complete 'unlimited' access, in terms of existence, not throughput. Provide firewalling capabilities for hotels that have nothing, Office, and Guest network segregation (some of these guys are running their office on the guest network, with no encryption, and a simple TOS to get on!) Prevent guests from connecting to other guests, however provide a means to allow this to happen. IE. Each guest connects to a page and allows the other guest, this writes a iptables rule (with python-netfilter) and allows two rooms to play a game, for instance. My thoughts on how to implement this. One decent box (we'll call it a router now) with a lot of ram, and 3 NIC's: Internet Office Guests (AP's + In Room Ethernet) Router Firewall Rules Guest can talk to router only, through which they are routed to where they need to go, including Internet services. Office can be used to bridge Office to Internet if an existing solution is not in place, otherwise, it simply works for a network accessible web (webmin+python-webmin?) interface. Router Software: OpenVZ provides virtualization for a few services I don't really trust. Squid, FreeRADIUS and Apache. The only service directly accessible to guests is Apache. Apache has mod_wsgi and django, because I can write quickly using django and my needs are low. It also potentially has the FreeRADIUS mod, but there seems to be some caveats with this. Firewall rules are handled on the router with iptables. Webmin (or a custom django app maybe) provides abstracted control over any features that the staff may need to access. Python, if you haven't guessed it's the language I feel most comfortable in, and I use it for almost everything. And finally, has this been done, is it a overly massive project not worth taking on for one guy, and/or is there some tools I'm missing that could be making my life easier? For the record, I am fairly good with Python, but not very familiar with many other languages (I can struggle through PHP, it's a cosmetic issue there). I am also an avid linux user, and comfortable with config files and command line. Thank you for your time, I look forward to reading your responses. Edit: My apologies if this is not a Q&A in the sense that some were expecting, I'm just looking for ideas and to make sure I'm not trying to do something that's been done. I'm looking at pfSense now as a possible start for what I need.

    Read the article

  • Freeradius authentication failed for unknown reason

    - by Moein7tl
    I followed this instruction to force freeradius to use mysql database. and run freeradius in debug mod. but it rejects all authentication. mysql database : mysql select * from radcheck; +----+----------+-----------+----+---------+ | id | username | attribute | op | value | +----+----------+-----------+----+---------+ | 1 | test | Password | == | test123 | | 2 | test | Auth-Type | == | Local | +----+----------+-----------+----+---------+ 2 rows in set (0.02 sec) radtest command : # radtest test test123 localhost 0 testing123 Sending Access-Request of id 235 to 127.0.0.1 port 1812 User-Name = "test" User-Password = "test123" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=235, length=20 radiusd debug mod log: rad_recv: Access-Request packet from host 127.0.0.1 port 51034, id=235, length=74 User-Name = "test" User-Password = "test123" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0xbf111cbbae24fb0f0a558bfa26f53476 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - test attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 20 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 20 Sending Access-Reject of id 235 to 127.0.0.1 port 51034 Waking up in 4.9 seconds. Cleaning up request 20 ID 235 with timestamp +4325 Ready to process requests. where is the problem and how should I solve it?

    Read the article

  • Using NPS to restrict access to WLAN

    - by eric.s
    We currently have one WLAN that only domain users can connect to. We will be adding a guest WLAN and would like all non-domain machines to use this, even if a user has a domain account. We have set up NPS and can log in against it, but we can not restrict the connection option to be a domain computer AND a domain account. As a network policy it states that it moves along through each policy until it finds one that it accepts or runs out. For connection request policies Domain Computers is not an option. This is where I thought I may be able to stop it. Has anyone been able to successfully restrict this without manually adding MACs to the WLAN Controller?

    Read the article

  • Can Linux works as 802.1X authenticator in bridge mode ?

    - by Kartoch
    I want to create a lab for my students with netkit (a network emulator based on 802.1X) to study 802.1X. I can create the authentication server (FreeRadius) and configure the client with XSupplicant connected by a switch (a Linux in bridge mode). I'm looking to a way to configure the switch as Authenticator, i.e.: when the client is connected, the switch only forwards EAP packets to the authentication server. then the switch lets the user access to the local network when the authentication server authorizes the client. At the present time there is a lot of documentation to do this with a wireless point but no one for a switch. Does anyone have an idea or know the good software for it ?

    Read the article

  • Why would you use EAP-TTLS instead of PEAP?

    - by Ivan Macek
    As I understood EAP-TTLS and PEAP share same level of security when implemented in wireless networks. Both only provide server side authentication via certificate. The drawback of EAP-TTLS can be non native support in Microsoft Windows so every user has to install additional software. The benefit of EAP-TTLS can be support for less secure authentication mechanisms (PAP, CHAP, MS-CHAP) but why would you need them in modern and properly secure wireless system? What are you opinions? Why should I implement EAP-TTLS instead of PEAP? Let's say that I have most Windows users, medium Linux users and least iOS, OSX users.

    Read the article

  • Can a device (WAP or switch) be configured as an 802.1x supplicant?

    - by Allan Ross
    We are looking at implementing 802.1x on a wired/wireless network. What I am looking for is a device that can act as a supplicant and once authenticated on the network, is able to pass traffic from any downstream connected device. The point of doing this would be to allow a properly pre-configured device to be provided to a client user who could then connect any device on the downstream side of the device. We will be able to manage the aggregate traffic on the device without concern for what is connected on the far side. Am I dreaming; does every device out there support this and I just don't know it or is reality fall somewhere in the middle?

    Read the article

  • Network Role based routing

    - by Steve Butler
    Apologies my networking skills are a tad rusty. I'm looking for a way to setup a system that gives me the ability to setup Role-based access to specific network resources. For example, i have three private subnets for specific groups, users will need access to one one or more subnets. I'd like to have all client machines on the same subnet/vlan, and then use 802.1x to authorize into a router(NAC device/whatever), the router would then see what user had authenticated(huge plus if it could determine AD group), and then allow routing to one or more of the three private subnets based upon their group membership. I've looked at packetFence, and it appears to work by assigning a client to a VLAN, but i'd still need a way to route some users into different back-end networks.

    Read the article

  • Need help with ruby radiant cms

    - by AnimalCode
    I have some hidden pages like this: /staff John Bob Mike In all this pages i have extended content, like photo, bio and additional info. I make this, to have logical structure and quick edit without editing radiant code. My question is, how i can with base radius functional get access to this pages in this code: <r:find url="/staff"> <r:children:each by="title" order="asc"> <r:title /> </r:children:each> </r:find>

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >