NAC appliance local authentication does not

Hello

I try a test for the NAC scenario. It's the gateway virtual oob

I get the login page when trying to access the web, but when I try to authenticate to the local db that I get an error message and I am on the authentication screen.

I listened with tcpdump on both interfaces. on the unreliable side, I see traffic but on the side confidence no difference in traffic doesn't appear (but maybe that's normal)

can someone please help with detailed steps that follows authentication

not only host--> nas--> nam (localdb)

or some ideas

Thank you!

check the teporary certificates that you generated and set the field of domain name FULL to the nas ip address and so the nam

Tags: Cisco Security

Similar Questions

  • WLC Flex connect local authentication does not work

    Hi guys,.

    I'll give you a brief description of our current flexconnect configuration. We have APs configured mode flexconnect in the remote office and in local mode in the local office. Wireless LANs are the same in both locations and we have detected a problem in one specific SSID. It is a voice SSID and configured in 802.1 x mode that authenticates to a RADIUS server in the remote desktop.

    We detected only when the WAN line gets collapsed the IP phones unplugged wireless SSID and when the WAN line become free, reconnected.

    We have seen that we can configure Flexconnect local auth mode to avoid this problem, but it of esn can't work properly. We have set up APs in remote site with an IP address static and configured as NAS in the RADIUS server, but we did not see any which authenticayion in th RADIUS server package when change us the SSID to «FlexConnect auth» local

    Can you give me an idea to help solve this problem?

    Thanks in advance.

    Joel

    I suppose that clients connected by access points Flexconnect have problems where the WAN connection is down (?)

    It depends on your current configuration and security policy what are the feasible options in this scenario. If there is an available RADIUS server - who can still authenticate your users while the WAN line is down, you can configure your access points to access this server directly. You must use a FlexConnect for this group and configure the external server on the general tab, in the menu "AAA". You already made the point of access-static IP addresses and add them as clients on the RADIUS server, then it should work.

    Another option is that in the event of failure, access points to will authenticate the client based on a local data base and/or certificate. Also, this requires a FlexConnect group and the option 'Enable local authentication AP'. For example: If you are using PEAP and a specific user for VoWLAN account you can download the server and the certificates of CA to the WLC and add the credentials of this account to build the same configuration with the external server. Downside of this is the lack of central logging that may not match your security policy.

    Remember that the access point itself can't remember the relationship between the access point and FlexConnect group, in both scenarios, you need to configure all controllers manually with these MAC to the Group mappings. This behavior is different in comparison with the "groups of AP" what access point you remember during the passage of the controllers.

    The "FlexConnect local authentication" option on the SSID itself forces always use local authentication that has been configured on the FlexConnect group even if the connection with the WLC is available. I don't think that it is feasible to use it in your scenario.

    Please rate helpful messages... :-)

  • Question SCCM - "LANG_LIST a certain locale that does not match the regional settings of the serial number.

    I have a problem with the error 'LANG_LIST a certain locale that does not match the regional settings of the serial number' recurring.

    I'm trying to install Acrobat XI Std silently by SCCM.

    I used the Adobe Customization Wizard to create an STD which include the serial number of the volume that we have with our license purchases. Note that I am in Australia. I use the command line in SCCM for installation as "msiexec /i"AcroStan.msi"TRANSFORMS = /'D & B_AcroStd.mst' SB ' fails silently. If I install on a local computer using an admin command prompt and replacing /qb in the end, I get the above error.

    I have a few things to try to solve, after searching the forums adobe and other forums for the solution. The mst is only trying to install U.S. English & I even went up to use the Editor directly in the Customization Wizard and change some values in the property table for this problem. In the property table, I can confirm that LANG_SEL_DEFAULT = FRA, REGIONAL_LIST = FRA, LANG_LIST = en_US, ProductLanguage = 1033

    Is there a way to check the language specified for the ym serial number?

    Linda

    I contacted customer service and a live chat session. It turns out that the problem is to use a key volume license, you must download the installer from portal licenses on the adobe Web site. Once I downloaded from there, extract the msi file and used the same transformation, the installation worked.

    In other words, other downloads probably won't work for the silent installation of volume but works by Manuel installs. You will need to download it from https://licensing2.adobe.com/

  • Fonts/text resize function works on my local machine, does not work on others.

    I have embedded fonts (and yet he's pushing me always missing fonts by saying whenever I open the flash, but not the fonts that are not correctly resize)

    I have a function that takes in a textfield, resizes the police to adapt to the text box, works fine on my local machine, does NOT work on other machines.

    Does he know about reasons why it does not work? Here's the function

    function fontSizeChanger(dtb,myWidth)
{
     dtb.embedFonts = true;
     
     var myFormat:TextFormat = dtb.getTextFormat();
     var metrics:Object = myFormat.getTextExtent(dtb.text); 
     
     while (metrics.textFieldWidth>myWidth) 
     { 
          myFormat.size--; 
          metrics = myFormat.getTextExtent(dtb.text);
     } 
     
     dtb.setTextFormat(myFormat);
     dtb.embedFonts = true;
}

    Please mark this thread as answered, if you can.

  • RADIUS authentication does not

    We currently have a switch - ms duncan, who has been put in place for GANYMEDE and works very well.  We have the same command on another switch - sw-SPARE parts and it does not work:

    !
    enable secret 5 $1$ lyQB$ OUFCNrTeluAVeH9R1Grjm0
    !
    username privilege 15 secret 5 netadmin $1$ urJC LbxLOoBdoG1064QFcjTRe1 $
    username admin privilege 15 secret 5 LGPp $1$$ QbOZQ8Ch2kpEj.tLKsp1m.
    !
    !
    AAA new-model
    !
    !
    AAA authentication login default group Ganymede + local
    authorization AAA console
    AAA authorization config-commands
    AAA authorization exec default group Ganymede + local
    AAA authorization commands 15 default group Ganymede + local
    orders accounting AAA 15 by default start-stop Ganymede group.
    !
    !
    !
    AAA - the id of the joint session
    !
    !
    single-connection host key 10.223.8.29 radius-server CiscoCisco
    RADIUS-server application made

    !

    Here's the Ganymede of ms-duncan debugging:

    MS duncan #.
    11w5d: MORE: authentication request treatment 344 AAA queues
    11w5d: MORE: treatment demand beginning 344 authentication id
    11w5d: MORE: authentication start package created for 344 (reed.vendor)
    11w5d: MORE: using the 10.223.8.29 Server
    11w5d: HIGHER (00000158) / 0/IDLE / 4383A 40: obtained immediately connect on the new 0
    11w5d: HIGHER (00000158) / 0/WRITING / 4383A 40: started 5 sec timeout
    11w5d: HIGHER (00000158) 0 / / WRITING: has written 47 bytes any request
    11w5d: HIGHER (00000158) 0 / / READ: read all header 12-byte (wait 16 bytes)
    11w5d: HIGHER (00000158) 0 / / READ: read all the reply 28 bytes
    11w5d: HIGHER (00000158) / 0 / 4383A 40: the package of treatment response
    11w5d: MORE: received the authentic GET_PASSWORD response status (8)
    11w5d: MORE: authentication request treatment 344 AAA queues
    11w5d: MORE: treatment of authentication continue id 344 of demand
    11w5d: MORE: authentication continue package generated for 344
    11w5d: HIGHER (00000158) / 0/WRITING / 4383CA 8: started 5 sec timeout
    11w5d: HIGHER (00000158) 0 / / WRITING: wrote bytes 25 requests
    11w5d: HIGHER (00000158) 0 / / READ: read all 12 byte header (allow 6 bytes)
    11w5d: HIGHER (00000158) 0 / / READ: read all the reply 18 bytes
    11w5d: HIGHER (00000158) / 0 / 4383CA 8: the package of treatment response
    11w5d: MORE: received the status of response authentic PASS (2)
    11w5d: MORE: queues application of AAA 344 for transformation
    11w5d: HIGHER: processing of the application for authorization id 344
    11w5d: MORE: Protocol is set to None. Jump
    11w5d: MORE: sending service AV = shell
    11w5d: MORE: sending AV cmd *.
    11w5d: MORE: application created for 344 (reed.vendor)
    11w5d: MORE: previously set server group Ganymede 10.223.8.29 +.
    11w5d: HIGHER (00000158) / 0/IDLE/4384698: got immediately connect on the new 0
    11w5d: HIGHER (00000158) / 0/WRITING/4384698: started 5 sec timeout
    11w5d: HIGHER (00000158) 0 / / WRITING: wrote bytes 66 requests
    11w5d: HIGHER (00000158) 0 / / READ: read all header 12-byte (wait 18 bytes)
    11w5d: HIGHER (00000158) 0 / / READ: read all the answer 30 bytes
    11w5d: HIGHER (00000158) / 0/4384698: the package of treatment response
    11w5d: MORE: handled AV priv-lvl = 15
    11w5d: MORE: received permission to answer for 344: PASS
    MS duncan #.

    Here's the Ganymede of debugging of sw-SPARE PARTS:

    SW-SPARE #.
    17:17:49.477 Feb 2: MORE: Queuing AAA request authentication 42 for the treatment
    17:17:49.477 Feb 2: MORE: treatment demand beginning 42 authentication id
    17:17:49.477 Feb 2: MORE: authentication start package created for 42()
    17:17:49.477 Feb 2: MORE: using the 10.223.8.29 Server
    17:17:49.482 Feb 2: HIGHER (0000002 A) / 452B47C/NB_WAIT/0: started 5 sec timeout
    17:17:49.482 Feb 2: HIGHER (0000002 A) / 0/NB_WAIT: 36 bytes written requests
    17:17:49.482 Feb 2: MORE: block everything by reading the header pak
    17:17:49.487 Feb 2: HIGHER (0000002 A) / 0/452B47C: the package of treatment response
    17:17:58.437 Feb 2: MORE: Queuing AAA request authentication 42 for the treatment
    17:17:58.437 Feb 2: MORE: treatment demand beginning 42 authentication id
    17:17:58.437 Feb 2: MORE: authentication start package created for 42()
    17:17:58.437 Feb 2: MORE: using the 10.223.8.29 Server
    17:17:58.437 Feb 2: HIGHER (0000002 A) / 4165F60/NB_WAIT/0: started 5 sec timeout
    17:17:58.437 Feb 2: HIGHER (0000002 A) / 0/NB_WAIT: 36 bytes written requests
    17:17:58.437 Feb 2: MORE: block everything by reading the header pak
    17:17:58.442 Feb 2: HIGHER (0000002 A) / 0/4165F60: the package of treatment response
    SW-SPARE #.

    It seems that the problem is that there is no user name in the package of beginning of authentication for the sw-spare:

    17:17:49.477 Feb 2: MORE: authentication start package created for 42()

    What should we do to solve this problem and get GANYMEDE work on sw-SPARE parts?

    You can add another statement to the configuration:

    property intellectual Ganymede source interface vlan1

    The order is to specify an interface / IP for all GANYMEDE + outgoing packets.

    ~ Jousset

  • iPhone 6 on IOS 10, local weather does not.

    Update an iPhone 6 to 10.0.1 and everything looks good except for one thing that is bugging me.

    The weather app isn't picking up my local weather.

    I activated power on/off, disabled location services and allowed him for the app and reset the settings of my location and protection of personal information.

    I know it works because the BBC Weather app picks up my location instantly.

    When you open the weather app stock, the spinning wheel is displayed next to the Wifi icon, the icon of location but local weather remains empty.

    Can I add my location manually, and it shows my time.

    It is said in the notification "Tap to Set Up Weather" section.  I care and I'm back to the empty local weather.

    I tried to use the Wifi and 4G, still no joy.  He worked on IOS 9.3.5.

    The iPhone and 6s 5 home take local weather places no bother of IOS 10.

    I'm in Gibraltar, Europe.

    Any ideas?

    Restart your phone.

    If it does not, remove the application and then go into the app store and searching for it and redownload it.

    If this does not restore the network settings

    Settings > general > reset > reset network settings

  • Local network does not appear in my computer, as if it does not exist.

    "Help me please, I installed Windows XP on an old computer some time ago in an empty score, but then I tried to connect to the Internet, but he said that" the server is not found.

    or something like that. When I see the network he wasn't there Local network as if it does not exist. I already checked if the cable was not there or if the network card has been broken, but all his past well. I am connected to another PC and it works very well. Help me guys, am I supossed to do?
    Sorry for my bad English, Oscar

    Hi Oscar,.

    I suggest you to follow the steps in the Microsoft article and check if it helps.

    Windows wireless and wired network connection problems

    http://Windows.Microsoft.com/en-us/Windows/help/wired-and-wireless-network-connection-problems-in-Windows

    I hope this helps.

  • Control Panel is not on the list. Users and local groups does not appear in computer management.

    1. click on start, and then point to setting, control panel is not on the list.  When you try to get to the Panel of control via a link in Help and Support, had an error, "operation has been cancelled due to restrictions in effect on this computer.  Contact your system administrator. »

    2. local Users and Groups does not appear in computer management.

    There is only one profile on the PC, the OS is XP Home.  It seems lost his administrator privileges somehow my user profile.  Could you please suggest how to solve this problem?  Thanks in advance.

    Hi PJohnson,

    You can access the link below and follow the steps in the article to create a new user account and copy the data to the new account.

    http://support.Microsoft.com/kb/811151

    I hope this helps. Let us know the result.

    Thank you and best regards,

     

    Srinivas R

    Microsoft technical support.

    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Locale app does not change for QML strings

    Hello

    In my application, I need to change language(English/Arabic) with a Menu. It has worked well.

    In my QML, the text is defined as

    text: qsTr("Hello") + Retranslate.onLanguageChanged

    My application is installing new translators using following code.

    void LocaleTest::languageChanged(QLocale changedLocale) {

    QCoreApplication::instance()->removeTranslator(m_pTranslator);

    // Initiate, load and install the application translation files.
    QString locale_string = changedLocale.name();
    std::cout << "Locale is : " << locale_string.toStdString() << std::endl;
    QString file_name = QString("FileHandling_%1").arg(locale_string);
    if (m_pTranslator->load(file_name, "app/native/qm")) {
        QCoreApplication::instance()->installTranslator(m_pTranslator);
    }
    //   Here update text of dynamic text labels.
}

    It works exactly as expected when I change the language within the application works.

    Now, I changed the language of the system parameters. Once QML text is translated into Arabic... I'm changing the language using the Menu. It does not work. Please find below the image.

    Please help me.

    Kind regards

    SHA

    I understood the question. Desperate to first install by default and after Application translator: exec() change the file to the translator.

  • Re-evaluation of the NAC 4.8 Passive does not work

    Hello

    After an upgrade to 4.8.0, we would like to use the passive re-evaluation function with L2 OOB.

    Everything is configured properly according to the Cisco NAC docs (enable OOB Logoff, user roles-> activate Passive reassessment).

    However, the sign-out OOB feature works well, for example. What a victory of logoff user, the user disconnects NAC.

    In the first times that the PrA works well, the CAM poster report revaluation records failed with red flags, but now it shows nothing that associated PRA.

    (I know, the poster reports only PrA records failed.).

    Try to reload all the elements of the CAM CASE HA, HA, but nothing has changed.

    Any suggestion?

    Thank you very much

    Attila

    Hi Attila,

    The debugs Agent, I see that the Agent reports the failure for the following conditions:

    % NACAGENT-6-REQUIREMENT_PROC: % [sev = info] [func = Rqmt::completeCheck]: check the result of rqmt [MS: hianyzo Windows frissites Windows XP (BKV)]:FAILED

    That't the only requirement that fails and it is also reported on the "NACAgentReport.xml" file that is part of the package you uplaoded and it has not been quantified.

    I think the problem is actually with the following parameter "default PrA on failure action - continue '.

    Please, set it to "allow the user to fix" or "Logoff user immediately" and check if the behavior is different.

    If this does not help, please open a TAC service request in order to study it.

    Thank you

    Federico

    --

    If this answers your question please mark the question as "answered" and write it down, so other users can easily find it.

  • Operating system authentication does not not in SQL Developer 4.0.1.14

    I just tried to upgrade from the 4.0.0.12 version of the a 4.0.1.14 new and that doing so broke the OS authentication. I checked the settings and 'use Oracle Client' and 'use driver OIC/thickness' are both enabled, the correct paths.

    Launch of the previous version instead, the exact same connection works fine.

    I use the 11 GR 2 11.2.0.3 x 86 Windows 7 client, in a field. Two versions of the SQL Developer seem to be running in x 86 mode, so they should be able to use the Oracle client.

    I managed to make it work. It turned out that when I left my settings to import from the previous version, it does not seem that is imported correctly. It showed as active for the pilot of the OIC, but it was not in reality.

    So I had to disable (and restart), then turn it back on (and restart). After that, it worked fine.

  • All local storage does not appear

    Greetings to all

    We have a new Dell with ESXi5.1 Server preloaded.

    He has installed locally 6 x 300 GB SAS disks. There is no external storage.

    When I go into a store of configuration data, it shows only ~1.1TB of storage. (see att)

    No idea why the other ~ 600 GB of storage does not appear.

    It has something to do with Dell configuration a LUN with only 1.1 TB?

    If so is there a way for me to vCenterServer5.1 for local storage LUN configuration?

    Thanks in advance

    Ooops solved this.

    It's because of the whole through iDrac RAID

  • Address deposit not set for a virtual appliance (CIQ), it does not support updates by CR

    I have a CapacityIQ evaluation courses. I need revoot our vCenter server this weekend and I got some errors.

    (1) repository address not defined for the virtual appliance for upgrades of WILL.

    Someone at - it understand why I see this error. Also, I'm not sure why VUM even tries to analyze the VA?

    Why you see the error: you see the error it's because our WILL is not configured to make the VUM updates and does not point to a repository VUM.

    Why VUM attempts to analyze this GOES: because it assumes that all going to will be set to VUM updated. As far as I KNOW, they will improve on this message error/logic in the near future. During this time you will see this error if you installed VUM.

  • .swf plays locally but does not play on the web!

    Hello

    I have this site here: www.claudechalhoub.com/videos.php

    If you scroll down you can see the last video, there is all the information like title and performers, but the video does not at all!

    I have the flv file, I imported in flash and used a flash player template then published swf files and html. The swf file is read normally locally, but after downloading ALL files (flv, fla, swf, html and swf player file), there is still no video site! I also tried to preview the swf file in the file manager on my webhost, and nothing happens. I get a blank page.

    It is mind boggling! Any help?

    Are you talking about the video for Kalindadri now?  This is totally when I watch it.

    Have you tried to clear the cache of your browser?

  • Win 7 remote desktop and Local printing does not

    I cannot using the network printer locally when I use remote desktop to connect to a Vista computer.  Tab resources for RD, I checked the printers.  The only thing I can understand is that my local network printer, not directly connected to my machine.  Whenever I try to print over my remote desktop session, I can not access my local network printer.

    I installed the printer drivers on the remote computer and when I try to locate the printer, I get the following error message: "Windows cannot connect to the printer.  Print Server Spooler service is not running... "but the spooler service IS running Board.

    Any advice would be greatly appreciated.  I spent a few hours on this one and am at a loss at this point.

    UPDATE: I tried to connect my printer to the local USB port this morning.  Still would not work.  I get the same error of queue.  The drivers are not corrupt, as others have indicated may be the cause.  They work very well on my system locally with 7.

    I also found a post elsewhere that he issue 'sharing permissions' and 'network permissons' setting to resovle the spooler error.  Still no go.

    Help, please.  I really need to print locally.

    I finally have figued try after four days and many hours on the phone with Microsoft.  Microsoft said it was related to my router settings, but I didn't believe it because the remote computer has seen my iPhone very well when it was connected locally.  After just playing, here is what I found... it was pretty basic!

    On the remote system, when you try to add a 'local' printer, it has a drop-down list with a list of local ports who sees your system remotely.  Some of those who will be on the remote system, but others will be on your local system.  Take note of those that are visible on your local system.  In my case, LPT1 was not visible, but was COM3.

    Then, on your local system, in the settings of your printer works (printer, Ports tab properties), there is a checkbox indicating "Enable Printer Pooling."  When you check this box, you can select multiple ports on your local computer.  Here, you must check the box that shows your remote system (in my case, this is COM3), but make sure your exisitng port is checked as well as (in my case, an IP port for my wireless router).  Basically what you do is on your local system, you are pooling your installation existing printer with a port that can be seen by your system remotely.

    Then, on the remote system, install the printer drivers, but do not select a port.  Then go to printers and add a printer.  Select 'local' facility for whom and when asked for the port, use the port that you checked in the previous step on your local system (in my case, I chose COM3 on my local system).  Select your printer from the list.  It will ask you if you want to use the existing drivers... say Yes.  Print a test page to make sure it works.  Worked fine for me.

    I can simply not believe how obvsious this solution has been!  If the remote system is unable to see the port that you are using currently, pool your configuration with a port that he can see!

Maybe you are looking for