RADIUS authentication problem

I have a C6509 with switch IOS sup32 base. I also allows RADIUS authentication on the switch. But whenever I have telnet to the switch brings the following:

Username: XXXXXXXX

Password: XXXXXXXX

Quick > activate

User access audit

Username: XXXXXXXX

Password: XXXXXXXX

I don't like the second username. I was expecting after the enable command, I should just be asked to enter my password and do not ask me a username again.

Here is the version of IOS of the switch:

s3223-adventerprisek9_wan - mz.122 - 33.SXH3a.bin

Here is the config of aaa:

AAA new-model

AAA authentication login default group Ganymede + line activate

the AAA authentication enable default group Ganymede + activate

AAA authorization exec default group Ganymede + authenticated if

AAA authorization commands 15 default group Ganymede + authenticated if

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 15 by default start-stop Ganymede group.

Kind regards

Enrico

you run may be in bug CSCsu21040. This problem is fixed in SXH4.

Tags: Cisco Security

Similar Questions

  • VMWare View 5.1 and authentication RADIUS - password problem

    I use Trustwave for 2-factor authentication on a Server View 5.1.1.  The Server Proxy of Trustwave requires that you enter your password to Active Directory followed by a comma, then the access provided by Trustwave code.  After that, you get the VMWare View normal login where you have to put your password in Active Directory.  Is there a way to remove the comma and the password of the first login box and simply pass the Active Directory password for the 2nd dialog box?  See the following two dialog boxes.

    NOTE: All works fine, but it is confusing for the user to enter his password to Active Directory twice.

    NOTE: When I check the box in the authenticators, manage, use the same username and password for Windows and RADIUS authentication, I naturally get an error because it is passing the password to Active Directory, the comma and the password of Trustwave at the 2nd fret of the connection.

    taopiglet wrote:

    ... Is there a way to remove the comma and the password of the first login box and simply pass the Active Directory password for the 2nd dialog box?

    ...

    Laughing out loud

    What happens with multiple RADIUS servers, is that the first guest username and password in AD. There is then a Challenge to get the access token code. In this case, you can configure view to ignore the next AD password prompt that the view can take the original RADIUS (AD password) authentication code and use it for the part of the AD authentication.

    A certain RADIUS vendors operate in this way.

    If the RADIUS of Trustwave server can be configured to do a Challenge of access, it would be a more standard approach to try to analyze the fields password in this way.

    I can see why this would not be irritating to users.

    Select this option.

  • WiFi WPA2 Enterprise with RADIUS - connection problem

    Hello

    I have here a new ISA 570w with the latest firmware (1.2.17).

    Anyway, I can't get wifi to work in mode WPA2 Enterprise with RADIUS authentication.

    Mode WPA2 PSK are not a problem.

    I have configured the BEAM properly and I can connect directly to him via NTRadPing without any problem. Also the test in the web interface works without any problem (see Figure 2, 3).

    The RADIUS server is a server Synology RADIUS on a Synology NAS, which is a FreeRADIUS server under the hood.

    In the settings of the ISA wireless, I put this RADIUS server for authentication (see screenshot 1, 4).

    However, I can not connect to connect to the network:

    On the iPhone (iOS 6.1.3) I get a prompt for a user name and password, but when I click on connect, it says 'connect to 'cisco3'... ". "and stays there.

    In ISA 570w newspaper, he said:

    Information

    Wireless

    MSG = add MAC station in the list of the ATU. VID = 5; MAC = 5 C: 59:48:02:78:3E;

    Information

    Wireless

    MSG = Wireless mode is a 802.11 mixed b_g_n

    When I cancel the connection attempt, he said:

    Information

    Wireless

    MSG = the Client has dissociated;

    On my Thinkpad with Windows 7 Professional I have everything configured as usual (see screenshots 5,6,7,8) but when I try to connect I do not get a command prompt where I wonder username and password, and finally the connection cannot be established (see Figure 9). Also tried with the same configuration on an another Windows 7 Pro installed costs for laptop with the same problem.

    I can't see any attempt of 570w ISA to authenticate anything in the logs of the RADIUS.

    Also the capture of network traffic on the LAN to the Synology NAS port does not show the RADIUS datagrams.

    I already disabled COP because I read that it can cause problems, but it did not help.

    Can you please suggest something else I can try?

    Thanks in advance!

    Kind regards

    Dominik

    I saw these screenshots, but that screen settings just select the button set up next to the authentication method in the section user authentication, under users.  In each of your screenshots, the RADIUS server identification number is 1, so I would also ensure that I configured the server ID RADIUS 1 that can be configured by going to users-> RADIUS servers.

    All that said, I have seen that your tests have passed and I also do not understand the point of having the RADIUS settings on other screens and then to have info ID RADIUS.  My thought is that you'd be able to pre-set RADIUS users of-> screen RADIUS servers and then select the RADIUS server ID in all other screens without having to enter the RADIUS news over and over again.  He also thinks that you could ignore the users-> screen RADIUS server and enter RADIUS information over and over again and it should work... as you set up initially.  However, based on the past experience of programming errors, I recommend configuring the ID from RADIUS server 1 under user-> RADIUS servers if you have not already... just in case where.

    Shawn Eftink
    CCNA/CCDA

    Please note all useful messages and mark the correct answers to help others looking for solutions in the community.

  • 802. 1 x EAP-PEAP authentication problem

    Hi Experts,

    I'm having a problem where the authentication process for two of my wireless networks prompts the user to enter their credentials at least twice before letting them on the network.

    The networks in question are configured in the same way, here is an overview:

    Layer 2 security is WPA & WPA2

    WPA - TKIP

    WPA2 - AES

    East of authentication key 802 management. 1 X

    RADIUS servers are microsoft Windows 2008 Network Policy Service (used for IAS) - all users are Active Directory and IAS strategy enables access absed on ad group.

    This has all worked well before and still works fine, if you enter the name of username/password combo at least twice on the original profile configuration. (For the record, once the wireless profile is configured, you should I not get guest credentials once again, this problem not ony during initial installation)

    We have recently added an another WLAN that uses web authentication, pointing to a RADIUS server to. In order to get it going, we changed the setting to 'Web Radius Authentication' to the 'BOY' for "PAP" under the controller. General config.

    That's the only change I can think of that might be relevant.

    Anyone would be able to shed some light on why I would be prompted to authenticate twice? Affected clients are Windows 7 and Mac OSX at the mo.

    Debugs as follows:

    * 11 Oct 16:12:10.237: 00:23:12:08:25:28 adding mobile on 00:13:5f:fb:0f:40 (0) LWAPP AP
    * 11 Oct 16:12:10.237: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 23) in 5 seconds
    * 11 Oct 16:12:10.237: 00:23:12:08:25:28 apfProcessProbeReq (apf_80211.c:4598) State of change for mobile 00:23:12:08:25:28 on 00:13:5f:fb:0f:40 of Idle to probe AP

    * 11 Oct 16:12:10.237: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:10.238: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:10.247: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:10.247: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:10.247: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:10.388: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:11.076: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:11.076: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:11.076: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:11.077: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:11.086: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:11.086: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:11.228: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:11.229: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:11.239: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:14.296: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:14.305: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:14.306: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:14.306: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:14.317: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:14.448: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:14.449: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:14.458: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:14.459: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:14.600: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:14.610: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:16.715: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:16.715: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:16.715: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:16.725: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:16.725: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:16.725: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:16.868: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:16.878: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:17.031: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:19.927: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:19.934: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:19.938: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:19.938: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:20.080: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:20.080: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:20.090: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:20.233: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:20.243: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
    * 11 Oct 16:12:24.941: 00:23:12:08:25:28 apfMsExpireCallback (apf_ms.c:417) expires Mobile!
    * 11 Oct 16:12:24.941: 00:23:12:08:25:28 0.0.0.0 START (0) deleted LWAPP mobile to the rule on the AP [00:13:5f:fb:0f:40]
    * 11 Oct 16:12:24.941: 00:23:12:08:25:28 remove mobile on AP 00:13:5f:fb:0f:40 (0)
    * 11 Oct 16:12:25.219: 00:23:12:08:25:28 adding mobile on 00:11:5c:14:6d:d0 (0) LWAPP AP
    * 11 Oct 16:12:25.219: 00:23:12:08:25:28 the reassociation received from a mobile phone on AP 00:11:5 c: d 14:6: d0
    * 11 Oct 16:12:25.219: 00:23:12:08:25:28 STA - rates (8): 139 150 24 36 48 72 96 108 0 0 0 0 0 0 0 0
    * 11 Oct 16:12:25.219: 00:23:12:08:25:28 STA - rates (10): 139 150 24 36 48 72 96 108 12 18 0 0 0 0 0 0
    * 11 Oct 16:12:25.219: 00:23:12:08:25:28 treatment RSN IE type 48, length 20 for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.219: 00:23:12:08:25:28 IE RSN received with mobile 00:23:12:08:25:28 PMKIDs 0
    * 16:12:25.219 Oct 11: policy of STARTING (0) initialization 00:23:12:08:25:28 0.0.0.0
    * 11 Oct 16:12:25.219: 00:23:12:08:25:28 0.0.0.0 START (0) change the State last status of AUTHCHECK (2), AUTHCHECK (2)

    * 11 Oct 16:12:25.219: 00:23:12:08:25:28 0.0.0.0 AUTHCHECK (2) change the State of 8021X_REQD (3) the last State 8021X_REQD (3)

    * 11 Oct 16:12:25.219: 8021X_REQD 00:23:12:08:25:28 0.0.0.0 (3) mobile devices rule LWAPP on AP 00:11:5 c: d 14:6: tasteless d0 4 apVapId 4
    * 11 Oct 16:12:25.220: 00:23:12:08:25:28 apfPemAddUser2 (apf_policy.c:208) State of change for mobile 00:23:12:08:25:28 on AP 00:11:5 c: d 14:6: Idle associated d0

    * 11 Oct 16:12:25.220: 00:23:12:08:25:28 stop deletion of Station Mobile: (callerId: 48)
    * 11 Oct 16:12:25.220: 00:23:12:08:25:28 send Assoc response to station BSSID 00:11:5 c: d 14:6: d0 (State 0)
    * 11 Oct 16:12:25.220: 00:23:12:08:25:28 apfProcessAssocReq (apf_80211.c:4310) State of change for mobile 00:23:12:08:25:28 on AP 00:11:5 c: d 14:6: d0 of associated Associated

    * 11 Oct 16:12:25.223: 00:23:12:08:25:28 Disable re-auth, use life PMK.
    * 11 Oct 16:12:25.223: 00:23:12:08:25:28 Station 00:23:12:08:25:28 setting dot1x timeout = 7200 reauth
    * 11 Oct 16:12:25.223: 00:23:12:08:25:28 dot1x - penetrating mobile 00:23:12:08:25:28 of connection state
    * 11 Oct 16:12:25.223: 00:23:12:08:25:28 send request/identity EAP to mobile 00:23:12:08:25:28 (EAP Id 1)
    * 11 Oct 16:12:25.243: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.243: 00:23:12:08:25:28 response received identity (count = 1) 00:23:12:08:25:28 mobile
    * 11 Oct 16:12:25.243: 00:23:12:08:25:28 EAP State Update connection for mobile 00:23:12:08:25:28 authentication
    * 11 Oct 16:12:25.243: 00:23:12:08:25:28 dot1x - penetrating mobile 00:23:12:08:25:28 of State authentication
    * 11 Oct 16:12:25.243: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.250: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.250: 00:23:12:08:25:28 State entering Backend Auth Req (id = 2) for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.251: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 2)
    * 11 Oct 16:12:25.260: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.262: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (2 Id EAP, EAP Type 25)
    * 11 Oct 16:12:25.262: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.265: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.265: 00:23:12:08:25:28 State entering Backend Auth Req (id = 3) for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.265: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 3)
    * 11 Oct 16:12:25.269: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.269: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (3 Id EAP, EAP Type 25)
    * 11 Oct 16:12:25.269: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.270: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.271: 00:23:12:08:25:28 State entering Backend Auth Req (id = 4) for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.271: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 4)
    * 11 Oct 16:12:25.274: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.274: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (4 Id EAP, EAP Type 25)
    * 11 Oct 16:12:25.274: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.275: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.275: 00:23:12:08:25:28 State entering Backend Auth Req (id = 5) for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.275: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 5)
    * 11 Oct 16:12:25.285: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.286: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (5 Id EAP, EAP Type 25)
    * 11 Oct 16:12:25.286: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.292: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.292: 00:23:12:08:25:28 State entering Backend Auth Req (id = 6) for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.292: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 6)
    * 11 Oct 16:12:25.318: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.318: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (6 EAP, EAP Type 25 Id)
    * 11 Oct 16:12:25.318: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.320: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.320: 00:23:12:08:25:28 State entering Backend Auth Req (id = 7) for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.320: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 7)
    * 11 Oct 16:12:25.321: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.323: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (7 Id EAP, EAP Type 25)
    * 11 Oct 16:12:25.323: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.326: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
    * 11 Oct 16:12:25.326: 00:23:12:08:25:28 State entering Backend Auth Req (id = 8) for mobile 00:23:12:08:25:28

    * 11 Oct 16:12:25.326: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 8)

    At this point, the user name and password dialog box appears again.

    If the credentials are not entered, the following timeout message appears...

    * 11 Oct 16:12:53.973: 00:23:12:08:25:28 802. 1 x "timeoutEvt" Timer expired for station 00:23:12:08:25:28

    If the credentials are entered again the computer continues:

    * 11 Oct 16:12:53.975: 00:23:12:08:25:28 relay 1 of EAP-Request (length 79) for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.093: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.093: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (8 Id EAP, EAP Type 25)
    * 11 Oct 16:13:01.094: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.098: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.098: 00:23:12:08:25:28 State entering Backend Auth Req (id = 9) for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.098: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 9)
    * 11 Oct 16:13:01.102: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.102: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (9 Id EAP, EAP Type 25)
    * 11 Oct 16:13:01.102: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.106: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.106: 00:23:12:08:25:28 State entering Backend Auth Req (id = 10) for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.106: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 10)
    * 11 Oct 16:13:01.108: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.108: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (10 Id EAP, EAP Type 25)
    * 11 Oct 16:13:01.108: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.113: 00:23:12:08:25:28 Access-Accept treatment for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.113: 00:23:12:08:25:28 setting re-auth timeout to 7200 seconds, got config WLAN.
    * 11 Oct 16:13:01.113: 00:23:12:08:25:28 Station 00:23:12:08:25:28 setting dot1x timeout = 7200 reauth
    * 11 Oct 16:13:01.113: 00:23:12:08:25:28 creating a Cache PMKID PKC entry for station 00:23:12:08:25:28 (ARS 2)
    * 11 Oct 16:13:01.113: 00:23:12:08:25:28 adding BSSID 00:11:5 c: 14:6 d: d3 to the PMKID cache for station 00:23:12:08:25:28
    * 11 Oct 16:13:01.113: new PMKID: (16)

    * 16:13:01.113 Oct 11: [0000] 15 9th 3d 61 e3 94 bb 82 2B 6f 7F 05 74 49 81 52

    * 11 Oct 16:13:01.113: 00:23:12:08:25:28 disabling re-auth, given that life expectancy PMK can handle similarly.
    * 11 Oct 16:13:01.116: 00:23:12:08:25:28 PMK sent to the mobility group
    * 11 Oct 16:13:01.116: 00:23:12:08:25:28 send EAP-success in mobile 00:23:12:08:25:28 (EAP Id 10)
    * 16:13:01.116 Oct 11: including PMKID in M1 (16)

    * 16:13:01.116 Oct 11: [0000] 15 9th 3d 61 e3 94 bb 82 2B 6f 7F 05 74 49 81 52

    * 11 Oct 16:13:01.116: 00:23:12:08:25:28 exchange of departure for 00:23:12:08:25:28 mobile key, data packages will be removed
    * 11 Oct 16:13:01.116: 00:23:12:08:25:28 transmission of EAPOL-Key Message for mobile 00:23:12:08:25:28
    INITPMK (message 1) State, counter replay 00.00.00.00.00.00.00.00
    * 11 Oct 16:13:01.116: 00:23:12:08:25:28 State entering Backend Auth success (id = 10) for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.116: 00:23:12:08:25:28 success Auth received by authenticating the State for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.116: 00:23:12:08:25:28 dot1x - penetrating mobile 00:23:12:08:25:28 authenticated state
    * 11 Oct 16:13:01.996: 00:23:12:08:25:28 802. 1 x "timeoutEvt" Timer expired for station 00:23:12:08:25:28
    * 11 Oct 16:13:01.997: 00:23:12:08:25:28 1 retransmit of EAPOL M1 (length 121) key for mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.999: 00:23:12:08:25:28 received EAPOL-Key of mobile 00:23:12:08:25:28
    * 11 Oct 16:13:01.999: 00:23:12:08:25:28 Ignoring EAPOL version invalid (1) in the mobile 00:23:12:08:25:28 EAPOL Key message
    * 11 Oct 16:13:01.999: 00:23:12:08:25:28 key EAPOL received in State PTK_START (message 2) of 00:23:12:08:25:28 mobile
    * 11 Oct 16:13:01.999: 00:23:12:08:25:28 for mobile 00:23:12:08:25:28 retransmission timer stop
    * 11 Oct 16:13:02.000: 00:23:12:08:25:28 transmission of EAPOL-Key Message for mobile 00:23:12:08:25:28
    PTKINITNEGOTIATING (message 3) State, counter replay 00.00.00.00.00.00.00.02
    * 11 Oct 16:13:02.002: 00:23:12:08:25:28 received EAPOL-Key of mobile 00:23:12:08:25:28
    * 11 Oct 16:13:02.002: 00:23:12:08:25:28 Ignoring EAPOL version invalid (1) in the mobile 00:23:12:08:25:28 EAPOL Key message
    * 11 Oct 16:13:02.002: 00:23:12:08:25:28 key EAPOL received in State PTKINITNEGOTIATING (message 4) of mobile 00:23:12:08:25:28
    * 11 Oct 16:13:02.002: 8021X_REQD 00:23:12:08:25:28 0.0.0.0 (3) change the State of L2AUTHCOMPLETE (4) State last, L2AUTHCOMPLETE (4)

    * 11 Oct 16:13:02.004: 00:23:12:08:25:28 0.0.0.0 L2AUTHCOMPLETE (4) mobile devices rule LWAPP on AP 00:11:5 c: d 14:6: tasteless d0 4 apVapId 4
    * 11 Oct 16:13:02.004: 00:23:12:08:25:28 0.0.0.0 L2AUTHCOMPLETE (4) change the State of the last State DHCP_REQD (7) DHCP_REQD (7)

    * 16:13:02.006 Oct 11: rule of TMP adding 4391, 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) pemAdvanceState2
    * 16:13:02.007 Oct 11: rule DHCP_REQD (7) add Fast Path 00:23:12:08:25:28 0.0.0.0
    type = Airespace AP - IP address learn
    on AP 00:11:5 c: d 14:6: d0, location 0, interface = 29, QOS = 0
    ACL Id = 255, Jumbo F
    * 11 Oct 16:13:02.007: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) climbs with successful mobile rule (ACL ID 255)
    * 11 Oct 16:13:02.007: 00:23:12:08:25:28 for mobile 00:23:12:08:25:28 retransmission timer stop
    * 16:13:02.010 Oct 11: added entry NPU 00:23:12:08:25:28 9, dtlFlags 0x0 type 0.0.0.0
    * 11 Oct 16:13:02.010: 00:23:12:08:25:28 sent an XID frame
    * 11 Oct 16:13:02.283: 00:23:12:08:25:28 DHCP received op BOOTREQUEST (1) (len 308, port 29, encap 0xec03)
    * 11 Oct 16:13:02.283: 00:23:12:08:25:28 package of DHCP drop due to the current mobility handshake Exchange, (siaddr 0.0.0.0, mobility status = "apfMsMmQueryRequested"
    * 11 Oct 16:13:03.906: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD State (7) set a day of mobility-incomplete for complete mobility, mobility role = Local, client state = APF_MS_STATE_ASSOCIATED
    * 16:13:03.906 Oct 11: rule of TMP adding 4072, 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) pemAdvanceState2
    * 16:13:03.906 Oct 11: rule DHCP_REQD (7) replacing Fast Path 00:23:12:08:25:28 0.0.0.0
    type = Airespace AP - IP address learn
    on AP 00:11:5 c: d 14:6: d0, location 0, interface = 29, QOS = 0
    ACL Id = 255, Jumb
    * 11 Oct 16:13:03.906: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) climbs with successful mobile rule (ACL ID 255)
    * 16:13:03.909 Oct 11: added entry NPU 00:23:12:08:25:28 9, dtlFlags 0x0 type 0.0.0.0
    * 11 Oct 16:13:03.909: 00:23:12:08:25:28 sent an XID frame
    * 11 Oct 16:13:04.879: 00:23:12:08:25:28 DHCP received op BOOTREQUEST (1) (len 308, port 29, encap 0xec03)
    * 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP by selecting the relay 1 - control block parameters:
    dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0
    dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0 VLAN: 0
    * 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP selected relay 1 - 172.19.0.50 (address local 172.23.24.2, gateway 172.23.24.1, 110 VLAN, port 29)
    * 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP forwarding DHCP REQUEST (3)
    * 11 Oct 16:13:04.880: 00:23:12:08:25:28 op DHCP: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
    * 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP xid: 0x53839a5f (1401133663), dry: 4, flags: 0
    * 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP CHADRR: 00:23:12:08:25:28
    * 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
    * 11 Oct 16:13:04.881: 00:23:12:08:25:28 DHCP siaddr: 0.0.0.0, giaddr: 172.23.24.2
    * 11 Oct 16:13:04.881: 00:23:12:08:25:28 requested DHCP ip: 172.23.26.53
    * 11 Oct 16:13:04.881: 00:23:12:08:25:28 DHCP sends REQUEST to 172.23.24.1 (len 350, 29 port, vlan 110)
    * 11 Oct 16:13:04.881: 00:23:12:08:25:28 selection of DHCP Relay 2 - control block parameters:
    dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0
    dhcpGateway: 0.0.0.0, dhcpRelay: 172.23.24.2 VLAN: 110
    * 11 Oct 16:13:04.881: 00:23:12:08:25:28 DHCP selected Relay 2 - 172.19.0.51 (address local 172.23.24.2, gateway 172.23.24.1, 110 VLAN, port 29)
    * 11 Oct 16:13:04.881: 00:23:12:08:25:28 DHCP forwarding DHCP REQUEST (3)
    * 11 Oct 16:13:04.883: 00:23:12:08:25:28 op DHCP: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 2
    * 11 Oct 16:13:04.883: 00:23:12:08:25:28 DHCP xid: 0x53839a5f (1401133663), dry: 4, flags: 0
    * 11 Oct 16:13:04.883: 00:23:12:08:25:28 DHCP CHADRR: 00:23:12:08:25:28
    * 11 Oct 16:13:04.883: 00:23:12:08:25:28 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
    * 11 Oct 16:13:04.883: 00:23:12:08:25:28 DHCP siaddr: 0.0.0.0, giaddr: 172.23.24.2
    * 11 Oct 16:13:04.883: 00:23:12:08:25:28 requested DHCP ip: 172.23.26.53
    * 11 Oct 16:13:04.885: 00:23:12:08:25:28 DHCP sends REQUEST to 172.23.24.1 (len 350, 29 port, vlan 110)
    * 11 Oct 16:13:04.890: 00:23:12:08:25:28 DHCP received op BOOTREPLY (2) (len 327, port 29, encap 0xec00)
    * 11 Oct 16:13:04.890: 00:23:12:08:25:28 configuration server of ACK (172.19.0.50, 172.23.26.53 yiaddr) DHCP
    * 11 Oct 16:13:04.890: 00:23:12:08:25:28 172.23.26.53 DHCP_REQD (7) change the State RUN (20) of the last RUN status (20)

    * 11 Oct 16:13:04.890: 00:23:12:08:25:28 172.23.26.53 RUN Reached (20) PLUMBFASTPATH: 4856 line
    * 11 Oct 16:13:04.891: 00:23:12:08:25:28 172.23.26.53 rule of RACE (20) replacing Fast Path
    type = Airespace AP Client
    on AP 00:11:5 c: d 14:6: d0, location 0, interface = 29, QOS = 0
    ACL Id = 255, Jumbo = N frames
    * 11 Oct 16:13:04.891: 00:23:12:08:25:28 172.23.26.53 rule RUN (20) correctly mobile ascent (ACL ID 255)
    * 11 Oct 16:13:04.891: 00:23:12:08:25:28 address assignment 172.23.26.53 on mobile
    * 11 Oct 16:13:04.891: 00:23:12:08:25:28 DHCP sending MEET STA (len 430, 29 port, vlan 0)
    * 11 Oct 16:13:04.892: 00:23:12:08:25:28 DHCP forwarding DHCP ACK (5)
    * 11 Oct 16:13:04.892: 00:23:12:08:25:28 op DHCP: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
    * 11 Oct 16:13:04.892: 00:23:12:08:25:28 DHCP xid: 0x53839a5f (1401133663), dry: 0, flags: 0
    * 11 Oct 16:13:04.892: 00:23:12:08:25:28 DHCP CHADRR: 00:23:12:08:25:28
    * 11 Oct 16:13:04.892: 00:23:12:08:25:28 DHCP ciaddr: 0.0.0.0, yiaddr: 172.23.26.53
    * 11 Oct 16:13:04.894: 00:23:12:08:25:28 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
    * 11 Oct 16:13:04.894: 00:23:12:08:25:28 DHCP server id: 1.1.1.1 rcvd server id: 172.19.0.50
    * 16:13:04.898 Oct 11: added entry NPU 00:23:12:08:25:28 172.23.26.53 type 1, dtlFlags 0 x 0
    * 11 Oct 16:13:04.900: 00:23:12:08:25:28 send a free ARP to 172.23.26.53, VLAN Id 110
    * 11 Oct 16:13:04.907: 00:23:12:08:25:28 DHCP received op BOOTREPLY (2) (len 327, port 29, encap 0xec00)
    * 11 Oct 16:13:04.907: 00:23:12:08:25:28 DHCP ACK from 172.19.0.51 (yiaddr: 172.23.26.53)

    At this point, the client is connected and everything works.

    Hello

    In Windows 7, in your properties of wireless network, on the Security tab, click Advanced settings and try to set the authentication as "The user authentication Mode" mode tab in 802. 1 x to see if it helps.

    Kind regards

    Bastien

  • Authentication problem when you try to connect

    I have a Linksys router. Connected WN2000RPT as described in the instructions of Netgear. Everything went through the lights very well, good, EXT appears on the scan available networks, etc. Tried to connect a Smart TV Vizio and burn TV Amazon tablet Asus. All 3 devices show... EXT with a strong signal. However, each device does not, connect with an error message 'Authentication problem' or simply 'cannot connect."

    My router is connected using personal safety ' WPA2/WPA mixed. " When you configure the wifi extender, I said to use the same SSID and the security that the router setting. Online reading on the settings available on the WN2000 and decided that the problem was perhaps a "lag" in the security implementation because WN2000 is not the same as available router setting. Do you have a factory reset on extension and returned to through the procedure, only not selected use the same level of security as a router, but manually selected WPA/PSK (AES) for the Extender. Same exact error of my devices as before.

    I thought that maybe by using the security settings of the router it was to spoil the Extender because they do not have the same settings available. But perhaps using different parameters (when the Extender receives the signal from the router, but perhaps on a "pass-through" only basis?) problems as well?

    So, can someone tell me if there is a way to get my devices to connect to the Extender, or this is always going to be a problem because the router has a security setting, and if I manually set the security OR say scope to use the same security settings, it will not work because the two units are not compatible? I'm doing something wrong? Any ideas? Thank you!

    Hello RealisticDave

    Did you have a different SSID on the router and not the same as routers SSID?

    DarrenM

  • Yoga of 1050F WiFi authentication problem 2

    Hello

    I am a new Member and just upgraded to 5 android. Seems a big mistake because it is unable to connect to the internet (no problem with android 4) says authentication problem. Tried cancellation and re - enter password, router turning on and off power and factory reset. Nothing. If Lenovo come with a repair how will I be able to get into the Tablet when I have no internet connection. For the moment, I have a tablet which is equally useful as a tile. Help

    Hello

    Just disable IPV6 in your Inbox, because Lollipop use IPV6 (default) and some box are not entirely compatible.

  • RADIUS authentication

    Hello world

    I want to implement RADIUS authentication for my companies Cisco devices. Could someone give me some examples of configuration of how to point my switches and routers on a RADIUS server, and also to try RADIUS authentication. Only by using a locally configured account if RADIUS fails?

    My undertsnading would be to use the following configuration;

    AAA new-model

    AAA authentication login default local radius group

    start-stop radius group AAA accounting network default

    RADIUS RADIUS-server host 1.1.1.1 key auth-port 1812 acct-port 1813

    RADIUS server retransmit 3

    Thanks in advance,

    Dan

    Hello Dan,.

    your configuration seems to be OK...

    more information you can find here

    http://www.Cisco.com/en/us/products/SW/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7ab.html

  • RADIUS authentication question

    Hello world

    I'm learning the Radius Authentication. Here are my updated laboratory in place:

    R1 (107.107.107.10)-(107.107.107.4) - WIN2008 (RADIUS SERVER)

    Here is the config of RADIUS on the R1:

    AAA authentication login default local radius group

    RADIUS-server host 107.107.107.4 auth-port 1645 acct-port 1646
    key cisco RADIUS server

    I have a few questions:

    (1) above, I do not specify encryption on R1, R1 will use this as the default encryption?

    In the attached file, we see the password is encrypted, but there is no config on R1 to use particular encryption

    (2) we also see "authenticator", which is I think is R1 host name i.e encrypted with the shared secret. I'm wrong?

    Much appreciated and have a great weekend!

    Hello

    The Protocol Radius encrypts the password for the default user. I think that Radius uses MD5.

    The authenticator is a random string generated by the client and is used in the encryption of the password process.

    Thank you

    John

  • WLAN 4402 for Radius Authentication

    Hi guys,.

    Please help me on how I can install my WLAN 4402 controller for Radius Authentication, if you have links or procedures that you can share, which will be very appreciated. :-)

    Thanks in advance.

    It depends on if you are using Cisco ACS or Windows IAS. Controller configuration is the same but the side RADIUS is different.

    Also what you are trying to configure, systems users, PEAP etc. through RADIUS

    PEAP via ACS is here

    http://www.Cisco.com/en/us/partner/products/ps6366/products_configuration_example09186a00807917aa.shtml

    PEAP via IAS is here

    http://www.Cisco.com/en/us/partner/products/ps6366/products_configuration_example09186a0080921f67.shtml

    Hope that helps

  • RADIUS authentication for the switch using ISE

    Hi guys,.

    Someone did he do Radius Authentication for switch cli connection using ISE?

    We did it in our environment with ISE, but it is a challenge to give read-only access / Priv-1.

    If some users know the enable password, they can use and earn full privilege.

    Anyway to get around this other than to change the enable password?

    We have thousands of switches and won't change on each of them.

    If you have another method please advice.

    Thank you in advance.

    Well, you can set the "enable" function also be controlled via the AAA server with the following command:

    AAA authentication enable... This way server AAA will be checked for authentication for the secret to activate and use the local database as a last resort

    I hope this helps!

    Thank you for evaluating useful messages!

  • 5.2 ACS with different RADIUS authentication servers

    Hello

    I want to migrate from ACS ACS 5.2 4.1. I have already configured authentication GANYMEDE +, but now I've stuck to the RADIUS authentication for remote access WebVPN configuration. Please see the following diagram:

    I want to configure ACS to use Server Token WBS first. If authentication fails or the user is not found, ACS must use IAS in Windows Server. If this server fails also ACS must use internal DB. Additional attributes as belonging to a group or ACL downloadable should be taken from internal ACS DB.

    Is it possible to configure ACS like that? ACS 4.1 it is very easy to configure by selecting the per user authentication method.

    Thanks for your help!

    There is an option in the Advanced tab of definition 'RADIUS Identity server' th:

    This storage of identity differentiates between 'authentication failed' and 'user not found' when an authentication attempt is rejected. Among the options below, select how a rejection of authentication of the identity store must be interpreted by FAC for the politics of identity of treatment and reports.
    Releases to treat as 'authentication failed' treat dismisses them as "user not found".

    In order to continue in the sequence, I think you have to select the option "user not found".

  • Using CHAP with RADIUS authentication

    Hello

    I configured a Cisco 877 router to send the RADIUS requests when a user connects to the console (Console line) or VTY Line using the following configuration:

    AAA new-model

    Group AAA authentication login default RADIUS

    Group AAA authentication ppp default of RADIUS

    RADIUS-server host 10.0.0.1 auth-port 1812 acct-port 1812 mysharedkey key

    When I connect the RADIUS packets I see the Cisco router sends the initial AccessRequest using PAP.

    How can I configure my router to send it's original AccessRequest package with CHAP?

    My apologies if this has already been discussed, I searched high and low for an answer.

    Thanks in advance.

    John

    Hi John,.

    PPP connection supported by CHAP because a configuration command to activate the CHAP protocol as Protocol of stimulus / response. However, the Console VTY connections and to THE will always go on PAP when using RADIUS authentication. There is no command to activate the CHAP protocol for these types of connections.

    Best regards.

  • RADIUS authentic works not 3560

    Hello world.

    The switch's config for RADIUS authentic.

    When I try here is the log

    % SSH-SSH2_USERAUTH 5: 'xy' authentication SSH2 Session 192.168.x.x (ATS = 1) using crypto cipher "aes256-cbc" hmac "hmac-sha1' Failed

    What should I check now

    Concerning

    Mahesh

    You must post a few outings until I'd suggest something. If SSH works very well with the local database which means the keys RSA are fine.

    If you can't attach the executed full show. Attach the bottom of the outputs listed in your next reply.

    See the race | in aaa

    See the race | Please line vty 0 4

    Debug RADIUS

    Debug aaa authentic

    Debug aaa approval

    The radius, if any server error.

    ~ BR
    Jatin kone

    * Does the rate of useful messages *.

  • VPN Site to Site Secret shared and can co-exist RADIUS authenticated VPN?

    Hello

    I have a setup VPN site to site between two offices on 515Es PIX (v.6.2 software) and has recently added a vpngroup/shared secret based VPN remote access to one of the offices. Given that just forced me to add a number of different policies to my existing crypto card, it was a plant direct and easily implemented. For more security, I want to use a RADIUS server to give to each remote user their own connections and profiles rather than a group on all password is configured. To do this, however, it seems that I have to add the following additional commands to my existing crypto card:

    client configuration address map mymap crypto initiate

    client card crypto mymap RADIUS authentication

    These do not correspond to the policy number (my site-to-site is 10, and remote access policy is political 20), so I don't know what the effect would be if I added the. It would cause my connection from site to site for authentication RADIUS request (a very bad thing)? If so, do I need another interface to bind a new encryption card to? The answer to this would be greatly appreciated!

    Also, if anyone knows an example configuration for a similar configuration, I can look at, please let me know! Thank you.

    -A.Hsu

    For the site to site connection, you change line isakmp keys and add the parameters of "No.-xauth No.-config-mode" at the end of this one, which tells the PIX not to do the auth RADIUS or assign an IP address, etc. for the specific site-to-site tunnel.

    Example of config is here:

    http://www.Cisco.com/warp/public/110/37.html

    Note that there is no command options I have just said, I just sent an email to the web guys to fix this. Basically, your config will look with the options "No.-xauth No.-config-mode" on the line «isakmp x.x.x.x key...» "for LAN-to-LAN tunnel.

  • BIAPPS-ODI authentication problem

    Hi friends,

    IM at biapps 11g with ODI 11 g. I configured connection odi in the studio and can properly connect to see these maps std BIAPPS in ODI.

    But 2 days before, im in the face of an authentication problem by connecting the ODI studio with the user who I connected successfully forward.

    The error that I'm facing here is the

    ODI: 26130: could not connect to the repository, ODI-10190: user dev_biadmin has his account has expired.


    Im getting the error above and the user tried to connect is "dev_biadmin" in the studio of ODI.


    Therefore, to the question above, I followed the MOS score below



    IM facing the same error explained in the note above, but force helped me because it treats FUSIONAPPS BI I guess.


    Kindly advice me friends, to solve this problem.


    Brgds,

    Saro

    Hi, Saro,

    Connection to studio ODI as a SUPERVISOR user. Go to ODI--> Switch authentication mode--> give your contact information to ODIREPO and sign in.

    You will get the message properly connected. Click the Security tab. try to connect as a SUPERVISOR. Once the connection is successful. Go to the user of the cprresponding (dev_biadmin) account and change the password.

    Logout and go to ODI--> switch authentication mode. Give the details. It will change external authentication. Now you should be able to log in as dev_biadmin.

    Hope this will solve your problem...

    Kind regards

    Vanina

Maybe you are looking for

  • Firefox crashes at the start even in safe mode after upgrade to version 7.0.1

    Firefox crashes on startup after upgrade to version 7.0.1 It hangs at the start even in safe mode. I tried a complete uninstall and reinstall, but choose to keep all my settings (e.g. bookmarks) etc that I don't want to lose my favorites.

  • Skype WiFi - a tool of access only. Not to be confused with WiFi providers. It is not the case.

    Skype WiFi does, is provide a way to pay for access to the internet; rather than enter a credit card number in a public place. You use your Skype credit to pay the costs of access and only for the minutes you need rather than having to buy a day pass

  • My iMac can't eject the disc

    I read and try all the method to eject the CD in the drive, I mean just the sound of ejection and reloading, but the drive never go out. Help! He has been reading the disc all the time but cannot eject.

  • Chart with multiple scales of Y

    Hello As you can see in the excerpt, I'm trying to plot a graph with several scales of Y. What do you think is wrong with it to get the following error. Possible reasons: LabVIEW: invalid property value.

  • How can I select a path to save the images of USB camera

    Hello I am using USB camera for my project, I want to control this camera to detect a human body, with a motion detector and capture images. My question is how can I select a path to save these images captured from USB camera? in the figure below, th