Users wireless with peap authentication problem

Good afternoon

I am currently trying to authenticate users wireless using PEAP and an external RADIUS server. The problem is when I try to authenticate that I get this error:

AAA/AUTHENTIC/PPP: List of selection method "permanent premises.

Dot11-7-AUTH_FAILED: Station... Failed authentication

Should not use local authentication, but the aaa server that I set up.

I looked on the internet but have not found a working solution.

Does anyone know why it does not work?

Here is my configuration running:

Current configuration: 4276 bytes
!
! Last modification of the configuration at 00:45:40 UTC Monday, March 1, 1993
! NVRAM config update at 16:38:23 UTC Thursday, July 24, 2014
! NVRAM config update at 16:38:23 UTC Thursday, July 24, 2014
version 15.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
host ap name
!
!
Pulse 9 logging console
enable secret 5 $1$ QVC3$ dIVAarlXOo52rN3ceZm1k0
!
AAA new-model
!
!
AAA rad_eap radius server group
192.168.2.2 Server ACCT-port auth-port 1812 1813
!
AAA rad_mac radius server group
!
AAA rad_acct radius server group
!
AAA rad_admin radius server group
!
AAA server Ganymede group + tac_admin
!
AAA rad_pmip radius server group
!
RADIUS server AAA dummy group
!
AAA authentication login eap_methods group rad_eap
AAA authentication login mac_methods local
AAA authorization exec default local
AAA accounting network acct_methods power group rad_acct
!
!
!
!
!
AAA - the id of the joint session
no ip Routing
no ip cef
!
!
!
dot11 syslog
!
ssid dot11 test
authentication open eap eap_list
authentication-key wpa version2 management
Comments-mode
!
!
EAP peap profile
peap method
!
Crypto pki token removal timeout default 0
!
...
!
!
Bridge IRB
!
!
!
interface Dot11Radio0
no ip address
no ip route cache
!
encryption ciphers aes - ccm mode
!
SSID test
!
gain of antenna 0
STBC
beamform ofdm
root of station-role
Bridge-Group 1
Bridge-group subscriber-loop-control 1
Bridge-Group 1 covering-disabled people
Bridge-Group 1 block-unknown-source
No source of bridge-Group 1-learning
unicast bridge-Group 1-floods
!
interface Dot11Radio1
no ip address
no ip route cache
Shutdown
gain of antenna 0
no block of dfs
channel SFR
root of station-role
Bridge-Group 1
Bridge-group subscriber-loop-control 1
Bridge-Group 1 covering-disabled people
Bridge-Group 1 block-unknown-source
No source of bridge-Group 1-learning
unicast bridge-Group 1-floods
!
interface GigabitEthernet0
no ip address
no ip route cache
automatic duplex
automatic speed
dot1x EAP authenticator
Bridge-Group 1
Bridge-Group 1 covering-disabled people
No source of bridge-Group 1-learning
!
interface BVI1
192.168.3.10 IP address 255.255.255.0
no ip route cache
!
The default gateway IP
IP forward-Protocol ND
IP http server
IP http secure server
IP http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
radius of the IP source-interface BVI1
!
format of server RADIUS attribute 32 include-in-access-req hour
RADIUS-server host 192.168.2.2 auth-port 1812 acct-port 1813 borders 7 140441081E501F0B7D
RADIUS vsa server send accounting
!
1 channel ip bridge
!
!
!
Line con 0
line vty 0 4
transport of entry all
!
end

Thank you

I don't have installation autonomous APs before but I think I see the problem. You define a list of authentication , called "eap_methods" but you never call for it in the settings of your SSID. Instead he call you a list named "eap_list" in addition, I think that you might miss one order more. So maybe try this:

 dot11 ssid test authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa version 2 guest-mode

I hope this helps!

Thank you for evaluating useful messages!

Tags: Cisco Security

Similar Questions

802. 1 x EAP-PEAP authentication problem

Hi Experts,

I'm having a problem where the authentication process for two of my wireless networks prompts the user to enter their credentials at least twice before letting them on the network.

The networks in question are configured in the same way, here is an overview:

Layer 2 security is WPA & WPA2

WPA - TKIP

WPA2 - AES

East of authentication key 802 management. 1 X

RADIUS servers are microsoft Windows 2008 Network Policy Service (used for IAS) - all users are Active Directory and IAS strategy enables access absed on ad group.

This has all worked well before and still works fine, if you enter the name of username/password combo at least twice on the original profile configuration. (For the record, once the wireless profile is configured, you should I not get guest credentials once again, this problem not ony during initial installation)

We have recently added an another WLAN that uses web authentication, pointing to a RADIUS server to. In order to get it going, we changed the setting to 'Web Radius Authentication' to the 'BOY' for "PAP" under the controller. General config.

That's the only change I can think of that might be relevant.

Anyone would be able to shed some light on why I would be prompted to authenticate twice? Affected clients are Windows 7 and Mac OSX at the mo.

Debugs as follows:

* 11 Oct 16:12:10.237: 00:23:12:08:25:28 adding mobile on 00:13:5f:fb:0f:40 (0) LWAPP AP
* 11 Oct 16:12:10.237: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 23) in 5 seconds
* 11 Oct 16:12:10.237: 00:23:12:08:25:28 apfProcessProbeReq (apf_80211.c:4598) State of change for mobile 00:23:12:08:25:28 on 00:13:5f:fb:0f:40 of Idle to probe AP

* 11 Oct 16:12:10.237: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:10.238: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:10.247: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:10.247: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:10.247: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:10.388: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:11.076: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:11.076: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:11.076: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:11.077: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:11.086: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:11.086: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:11.228: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:11.229: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:11.239: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:14.296: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:14.305: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:14.306: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:14.306: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:14.317: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:14.448: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:14.449: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:14.458: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:14.459: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:14.600: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:14.610: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:16.715: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:16.715: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:16.715: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:16.725: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:16.725: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:16.725: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:16.868: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:16.878: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:17.031: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:19.927: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:19.934: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:19.938: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:19.938: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:20.080: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:20.080: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:20.090: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:20.233: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:20.243: 00:23:12:08:25:28 removal of Scheduling of Station Mobile: (callerId: 24) in 5 seconds
* 11 Oct 16:12:24.941: 00:23:12:08:25:28 apfMsExpireCallback (apf_ms.c:417) expires Mobile!
* 11 Oct 16:12:24.941: 00:23:12:08:25:28 0.0.0.0 START (0) deleted LWAPP mobile to the rule on the AP [00:13:5f:fb:0f:40]
* 11 Oct 16:12:24.941: 00:23:12:08:25:28 remove mobile on AP 00:13:5f:fb:0f:40 (0)
* 11 Oct 16:12:25.219: 00:23:12:08:25:28 adding mobile on 00:11:5c:14:6d:d0 (0) LWAPP AP
* 11 Oct 16:12:25.219: 00:23:12:08:25:28 the reassociation received from a mobile phone on AP 00:11:5 c: d 14:6: d0
* 11 Oct 16:12:25.219: 00:23:12:08:25:28 STA - rates (8): 139 150 24 36 48 72 96 108 0 0 0 0 0 0 0 0
* 11 Oct 16:12:25.219: 00:23:12:08:25:28 STA - rates (10): 139 150 24 36 48 72 96 108 12 18 0 0 0 0 0 0
* 11 Oct 16:12:25.219: 00:23:12:08:25:28 treatment RSN IE type 48, length 20 for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.219: 00:23:12:08:25:28 IE RSN received with mobile 00:23:12:08:25:28 PMKIDs 0
* 16:12:25.219 Oct 11: policy of STARTING (0) initialization 00:23:12:08:25:28 0.0.0.0
* 11 Oct 16:12:25.219: 00:23:12:08:25:28 0.0.0.0 START (0) change the State last status of AUTHCHECK (2), AUTHCHECK (2)

* 11 Oct 16:12:25.219: 00:23:12:08:25:28 0.0.0.0 AUTHCHECK (2) change the State of 8021X_REQD (3) the last State 8021X_REQD (3)

* 11 Oct 16:12:25.219: 8021X_REQD 00:23:12:08:25:28 0.0.0.0 (3) mobile devices rule LWAPP on AP 00:11:5 c: d 14:6: tasteless d0 4 apVapId 4
* 11 Oct 16:12:25.220: 00:23:12:08:25:28 apfPemAddUser2 (apf_policy.c:208) State of change for mobile 00:23:12:08:25:28 on AP 00:11:5 c: d 14:6: Idle associated d0

* 11 Oct 16:12:25.220: 00:23:12:08:25:28 stop deletion of Station Mobile: (callerId: 48)
* 11 Oct 16:12:25.220: 00:23:12:08:25:28 send Assoc response to station BSSID 00:11:5 c: d 14:6: d0 (State 0)
* 11 Oct 16:12:25.220: 00:23:12:08:25:28 apfProcessAssocReq (apf_80211.c:4310) State of change for mobile 00:23:12:08:25:28 on AP 00:11:5 c: d 14:6: d0 of associated Associated

* 11 Oct 16:12:25.223: 00:23:12:08:25:28 Disable re-auth, use life PMK.
* 11 Oct 16:12:25.223: 00:23:12:08:25:28 Station 00:23:12:08:25:28 setting dot1x timeout = 7200 reauth
* 11 Oct 16:12:25.223: 00:23:12:08:25:28 dot1x - penetrating mobile 00:23:12:08:25:28 of connection state
* 11 Oct 16:12:25.223: 00:23:12:08:25:28 send request/identity EAP to mobile 00:23:12:08:25:28 (EAP Id 1)
* 11 Oct 16:12:25.243: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.243: 00:23:12:08:25:28 response received identity (count = 1) 00:23:12:08:25:28 mobile
* 11 Oct 16:12:25.243: 00:23:12:08:25:28 EAP State Update connection for mobile 00:23:12:08:25:28 authentication
* 11 Oct 16:12:25.243: 00:23:12:08:25:28 dot1x - penetrating mobile 00:23:12:08:25:28 of State authentication
* 11 Oct 16:12:25.243: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.250: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.250: 00:23:12:08:25:28 State entering Backend Auth Req (id = 2) for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.251: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 2)
* 11 Oct 16:12:25.260: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.262: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (2 Id EAP, EAP Type 25)
* 11 Oct 16:12:25.262: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.265: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.265: 00:23:12:08:25:28 State entering Backend Auth Req (id = 3) for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.265: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 3)
* 11 Oct 16:12:25.269: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.269: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (3 Id EAP, EAP Type 25)
* 11 Oct 16:12:25.269: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.270: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.271: 00:23:12:08:25:28 State entering Backend Auth Req (id = 4) for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.271: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 4)
* 11 Oct 16:12:25.274: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.274: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (4 Id EAP, EAP Type 25)
* 11 Oct 16:12:25.274: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.275: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.275: 00:23:12:08:25:28 State entering Backend Auth Req (id = 5) for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.275: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 5)
* 11 Oct 16:12:25.285: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.286: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (5 Id EAP, EAP Type 25)
* 11 Oct 16:12:25.286: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.292: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.292: 00:23:12:08:25:28 State entering Backend Auth Req (id = 6) for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.292: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 6)
* 11 Oct 16:12:25.318: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.318: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (6 EAP, EAP Type 25 Id)
* 11 Oct 16:12:25.318: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.320: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.320: 00:23:12:08:25:28 State entering Backend Auth Req (id = 7) for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.320: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 7)
* 11 Oct 16:12:25.321: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.323: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (7 Id EAP, EAP Type 25)
* 11 Oct 16:12:25.323: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.326: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
* 11 Oct 16:12:25.326: 00:23:12:08:25:28 State entering Backend Auth Req (id = 8) for mobile 00:23:12:08:25:28

* 11 Oct 16:12:25.326: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 8)

At this point, the user name and password dialog box appears again.

If the credentials are not entered, the following timeout message appears...

* 11 Oct 16:12:53.973: 00:23:12:08:25:28 802. 1 x "timeoutEvt" Timer expired for station 00:23:12:08:25:28

If the credentials are entered again the computer continues:

* 11 Oct 16:12:53.975: 00:23:12:08:25:28 relay 1 of EAP-Request (length 79) for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.093: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.093: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (8 Id EAP, EAP Type 25)
* 11 Oct 16:13:01.094: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.098: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.098: 00:23:12:08:25:28 State entering Backend Auth Req (id = 9) for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.098: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 9)
* 11 Oct 16:13:01.102: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.102: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (9 Id EAP, EAP Type 25)
* 11 Oct 16:13:01.102: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.106: 00:23:12:08:25:28 treatment Access-Challenge for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.106: 00:23:12:08:25:28 State entering Backend Auth Req (id = 10) for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.106: 00:23:12:08:25:28 send EAP request of AAA to mobile 00:23:12:08:25:28 (EAP Id 10)
* 11 Oct 16:13:01.108: 00:23:12:08:25:28 EAPPKT EAPOL received from mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.108: 00:23:12:08:25:28 response EAP received from mobile 00:23:12:08:25:28 (10 Id EAP, EAP Type 25)
* 11 Oct 16:13:01.108: 00:23:12:08:25:28 State entering Backend Auth response for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.113: 00:23:12:08:25:28 Access-Accept treatment for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.113: 00:23:12:08:25:28 setting re-auth timeout to 7200 seconds, got config WLAN.
* 11 Oct 16:13:01.113: 00:23:12:08:25:28 Station 00:23:12:08:25:28 setting dot1x timeout = 7200 reauth
* 11 Oct 16:13:01.113: 00:23:12:08:25:28 creating a Cache PMKID PKC entry for station 00:23:12:08:25:28 (ARS 2)
* 11 Oct 16:13:01.113: 00:23:12:08:25:28 adding BSSID 00:11:5 c: 14:6 d: d3 to the PMKID cache for station 00:23:12:08:25:28
* 11 Oct 16:13:01.113: new PMKID: (16)

* 16:13:01.113 Oct 11: [0000] 15 9th 3d 61 e3 94 bb 82 2B 6f 7F 05 74 49 81 52

* 11 Oct 16:13:01.113: 00:23:12:08:25:28 disabling re-auth, given that life expectancy PMK can handle similarly.
* 11 Oct 16:13:01.116: 00:23:12:08:25:28 PMK sent to the mobility group
* 11 Oct 16:13:01.116: 00:23:12:08:25:28 send EAP-success in mobile 00:23:12:08:25:28 (EAP Id 10)
* 16:13:01.116 Oct 11: including PMKID in M1 (16)

* 16:13:01.116 Oct 11: [0000] 15 9th 3d 61 e3 94 bb 82 2B 6f 7F 05 74 49 81 52

* 11 Oct 16:13:01.116: 00:23:12:08:25:28 exchange of departure for 00:23:12:08:25:28 mobile key, data packages will be removed
* 11 Oct 16:13:01.116: 00:23:12:08:25:28 transmission of EAPOL-Key Message for mobile 00:23:12:08:25:28
INITPMK (message 1) State, counter replay 00.00.00.00.00.00.00.00
* 11 Oct 16:13:01.116: 00:23:12:08:25:28 State entering Backend Auth success (id = 10) for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.116: 00:23:12:08:25:28 success Auth received by authenticating the State for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.116: 00:23:12:08:25:28 dot1x - penetrating mobile 00:23:12:08:25:28 authenticated state
* 11 Oct 16:13:01.996: 00:23:12:08:25:28 802. 1 x "timeoutEvt" Timer expired for station 00:23:12:08:25:28
* 11 Oct 16:13:01.997: 00:23:12:08:25:28 1 retransmit of EAPOL M1 (length 121) key for mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.999: 00:23:12:08:25:28 received EAPOL-Key of mobile 00:23:12:08:25:28
* 11 Oct 16:13:01.999: 00:23:12:08:25:28 Ignoring EAPOL version invalid (1) in the mobile 00:23:12:08:25:28 EAPOL Key message
* 11 Oct 16:13:01.999: 00:23:12:08:25:28 key EAPOL received in State PTK_START (message 2) of 00:23:12:08:25:28 mobile
* 11 Oct 16:13:01.999: 00:23:12:08:25:28 for mobile 00:23:12:08:25:28 retransmission timer stop
* 11 Oct 16:13:02.000: 00:23:12:08:25:28 transmission of EAPOL-Key Message for mobile 00:23:12:08:25:28
PTKINITNEGOTIATING (message 3) State, counter replay 00.00.00.00.00.00.00.02
* 11 Oct 16:13:02.002: 00:23:12:08:25:28 received EAPOL-Key of mobile 00:23:12:08:25:28
* 11 Oct 16:13:02.002: 00:23:12:08:25:28 Ignoring EAPOL version invalid (1) in the mobile 00:23:12:08:25:28 EAPOL Key message
* 11 Oct 16:13:02.002: 00:23:12:08:25:28 key EAPOL received in State PTKINITNEGOTIATING (message 4) of mobile 00:23:12:08:25:28
* 11 Oct 16:13:02.002: 8021X_REQD 00:23:12:08:25:28 0.0.0.0 (3) change the State of L2AUTHCOMPLETE (4) State last, L2AUTHCOMPLETE (4)

* 11 Oct 16:13:02.004: 00:23:12:08:25:28 0.0.0.0 L2AUTHCOMPLETE (4) mobile devices rule LWAPP on AP 00:11:5 c: d 14:6: tasteless d0 4 apVapId 4
* 11 Oct 16:13:02.004: 00:23:12:08:25:28 0.0.0.0 L2AUTHCOMPLETE (4) change the State of the last State DHCP_REQD (7) DHCP_REQD (7)

* 16:13:02.006 Oct 11: rule of TMP adding 4391, 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) pemAdvanceState2
* 16:13:02.007 Oct 11: rule DHCP_REQD (7) add Fast Path 00:23:12:08:25:28 0.0.0.0
type = Airespace AP - IP address learn
on AP 00:11:5 c: d 14:6: d0, location 0, interface = 29, QOS = 0
ACL Id = 255, Jumbo F
* 11 Oct 16:13:02.007: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) climbs with successful mobile rule (ACL ID 255)
* 11 Oct 16:13:02.007: 00:23:12:08:25:28 for mobile 00:23:12:08:25:28 retransmission timer stop
* 16:13:02.010 Oct 11: added entry NPU 00:23:12:08:25:28 9, dtlFlags 0x0 type 0.0.0.0
* 11 Oct 16:13:02.010: 00:23:12:08:25:28 sent an XID frame
* 11 Oct 16:13:02.283: 00:23:12:08:25:28 DHCP received op BOOTREQUEST (1) (len 308, port 29, encap 0xec03)
* 11 Oct 16:13:02.283: 00:23:12:08:25:28 package of DHCP drop due to the current mobility handshake Exchange, (siaddr 0.0.0.0, mobility status = "apfMsMmQueryRequested"
* 11 Oct 16:13:03.906: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD State (7) set a day of mobility-incomplete for complete mobility, mobility role = Local, client state = APF_MS_STATE_ASSOCIATED
* 16:13:03.906 Oct 11: rule of TMP adding 4072, 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) pemAdvanceState2
* 16:13:03.906 Oct 11: rule DHCP_REQD (7) replacing Fast Path 00:23:12:08:25:28 0.0.0.0
type = Airespace AP - IP address learn
on AP 00:11:5 c: d 14:6: d0, location 0, interface = 29, QOS = 0
ACL Id = 255, Jumb
* 11 Oct 16:13:03.906: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) climbs with successful mobile rule (ACL ID 255)
* 16:13:03.909 Oct 11: added entry NPU 00:23:12:08:25:28 9, dtlFlags 0x0 type 0.0.0.0
* 11 Oct 16:13:03.909: 00:23:12:08:25:28 sent an XID frame
* 11 Oct 16:13:04.879: 00:23:12:08:25:28 DHCP received op BOOTREQUEST (1) (len 308, port 29, encap 0xec03)
* 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP by selecting the relay 1 - control block parameters:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0
dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0 VLAN: 0
* 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP selected relay 1 - 172.19.0.50 (address local 172.23.24.2, gateway 172.23.24.1, 110 VLAN, port 29)
* 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP forwarding DHCP REQUEST (3)
* 11 Oct 16:13:04.880: 00:23:12:08:25:28 op DHCP: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
* 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP xid: 0x53839a5f (1401133663), dry: 4, flags: 0
* 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP CHADRR: 00:23:12:08:25:28
* 11 Oct 16:13:04.880: 00:23:12:08:25:28 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
* 11 Oct 16:13:04.881: 00:23:12:08:25:28 DHCP siaddr: 0.0.0.0, giaddr: 172.23.24.2
* 11 Oct 16:13:04.881: 00:23:12:08:25:28 requested DHCP ip: 172.23.26.53
* 11 Oct 16:13:04.881: 00:23:12:08:25:28 DHCP sends REQUEST to 172.23.24.1 (len 350, 29 port, vlan 110)
* 11 Oct 16:13:04.881: 00:23:12:08:25:28 selection of DHCP Relay 2 - control block parameters:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0
dhcpGateway: 0.0.0.0, dhcpRelay: 172.23.24.2 VLAN: 110
* 11 Oct 16:13:04.881: 00:23:12:08:25:28 DHCP selected Relay 2 - 172.19.0.51 (address local 172.23.24.2, gateway 172.23.24.1, 110 VLAN, port 29)
* 11 Oct 16:13:04.881: 00:23:12:08:25:28 DHCP forwarding DHCP REQUEST (3)
* 11 Oct 16:13:04.883: 00:23:12:08:25:28 op DHCP: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 2
* 11 Oct 16:13:04.883: 00:23:12:08:25:28 DHCP xid: 0x53839a5f (1401133663), dry: 4, flags: 0
* 11 Oct 16:13:04.883: 00:23:12:08:25:28 DHCP CHADRR: 00:23:12:08:25:28
* 11 Oct 16:13:04.883: 00:23:12:08:25:28 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
* 11 Oct 16:13:04.883: 00:23:12:08:25:28 DHCP siaddr: 0.0.0.0, giaddr: 172.23.24.2
* 11 Oct 16:13:04.883: 00:23:12:08:25:28 requested DHCP ip: 172.23.26.53
* 11 Oct 16:13:04.885: 00:23:12:08:25:28 DHCP sends REQUEST to 172.23.24.1 (len 350, 29 port, vlan 110)
* 11 Oct 16:13:04.890: 00:23:12:08:25:28 DHCP received op BOOTREPLY (2) (len 327, port 29, encap 0xec00)
* 11 Oct 16:13:04.890: 00:23:12:08:25:28 configuration server of ACK (172.19.0.50, 172.23.26.53 yiaddr) DHCP
* 11 Oct 16:13:04.890: 00:23:12:08:25:28 172.23.26.53 DHCP_REQD (7) change the State RUN (20) of the last RUN status (20)

* 11 Oct 16:13:04.890: 00:23:12:08:25:28 172.23.26.53 RUN Reached (20) PLUMBFASTPATH: 4856 line
* 11 Oct 16:13:04.891: 00:23:12:08:25:28 172.23.26.53 rule of RACE (20) replacing Fast Path
type = Airespace AP Client
on AP 00:11:5 c: d 14:6: d0, location 0, interface = 29, QOS = 0
ACL Id = 255, Jumbo = N frames
* 11 Oct 16:13:04.891: 00:23:12:08:25:28 172.23.26.53 rule RUN (20) correctly mobile ascent (ACL ID 255)
* 11 Oct 16:13:04.891: 00:23:12:08:25:28 address assignment 172.23.26.53 on mobile
* 11 Oct 16:13:04.891: 00:23:12:08:25:28 DHCP sending MEET STA (len 430, 29 port, vlan 0)
* 11 Oct 16:13:04.892: 00:23:12:08:25:28 DHCP forwarding DHCP ACK (5)
* 11 Oct 16:13:04.892: 00:23:12:08:25:28 op DHCP: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
* 11 Oct 16:13:04.892: 00:23:12:08:25:28 DHCP xid: 0x53839a5f (1401133663), dry: 0, flags: 0
* 11 Oct 16:13:04.892: 00:23:12:08:25:28 DHCP CHADRR: 00:23:12:08:25:28
* 11 Oct 16:13:04.892: 00:23:12:08:25:28 DHCP ciaddr: 0.0.0.0, yiaddr: 172.23.26.53
* 11 Oct 16:13:04.894: 00:23:12:08:25:28 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
* 11 Oct 16:13:04.894: 00:23:12:08:25:28 DHCP server id: 1.1.1.1 rcvd server id: 172.19.0.50
* 16:13:04.898 Oct 11: added entry NPU 00:23:12:08:25:28 172.23.26.53 type 1, dtlFlags 0 x 0
* 11 Oct 16:13:04.900: 00:23:12:08:25:28 send a free ARP to 172.23.26.53, VLAN Id 110
* 11 Oct 16:13:04.907: 00:23:12:08:25:28 DHCP received op BOOTREPLY (2) (len 327, port 29, encap 0xec00)
* 11 Oct 16:13:04.907: 00:23:12:08:25:28 DHCP ACK from 172.19.0.51 (yiaddr: 172.23.26.53)

At this point, the client is connected and everything works.

Hello

In Windows 7, in your properties of wireless network, on the Security tab, click Advanced settings and try to set the authentication as "The user authentication Mode" mode tab in 802. 1 x to see if it helps.

Kind regards

Bastien

Authentication problems with PEAP WLC IAS Windows 2 k 3

Hi all

I configured a WLC (6.0.182.0 model 2100) with authentiacion PEAP with IAS and DA of Microsoft Windows 2003. I read in the documentation "PEAP under Unified Wireless networks with Microsoft Authentication Service IAS (Internet)" in the process of installing Active Directory, it must select the "Permissions compatible with operating systems prior to Windows 2000 server". In my scenario the other option was selected "Permissions compatible only with Windows Server 2003 operating system or Windows 200".

I test this scenario and it does not work.

Is there a configuration in the WLC so that it can operate without having to reinstall the AD?

Thank you

In most cases the WLC does not care about the type of authentication is used. It's really just the transmission by proxy requests between the client and the Radius server.

I'll make sure that your timer EAP are extensive with the commands:

Advanced Configuration eap identity-request-timeout 10

Advanced Configuration eap request-timeout 10

Windows 7 slow login / delay authentication question user wireless via ACS 5.8

Just set up a new ACS 5.8 farm (only 2 servers) here and which I hope someone here can shed light on the difficulties.

The new ACS server is set up to correctly authenticate administration network device and I am currently working on the definition of profiles for our wireless users authentication and business laptops.

Being new to this version of ACS (we will migrate manually ACS 4) I followed an excellent example of this task described in a video on this site: http://www.labminutes.com/sec0044_ise_1_1_wireless_dot1x_machine_auth_peap

I managed to have a Windows XP sp3 client authenticate properly, first with the authentication of the computer, then the authentication of users... and the domain logon process takes place in a short period of time< 1min="" and="" the="" user="" gets="" all="" their="" networked="" drives="" via="" the="" domain="" login="">

However, I'm fighting to get our Windows 7 clients to authenticate properly. It seems that the machine authentication does not work as expected (I can ping the laptop test from another machine on the network while the test machine is sitting at the login screen; and I see Authentication host recorded in the papers of authentication Radius ACS). But, when a domain user logs in with his credentials, the connection process takes 4-5 minutes before an event to authenticate the user is entered in the register authentication Radius ACS, after which the login process completes, except that the domain logon script does not work and the user does not receive the drive mappings.

Can someone point me in the right direction here? I would be grateful any entry on this.

Thanks in advance,

John

I had a similar problem with Wireless 802.1 x Win 7 clients unable to connect unless they had cached credentials of the AD. Authenticate in the machine, but the user would take a lot of time if the Windows credentials have been cached.

I could solve the problem by expanding the ACL of the air space used during the user authentication to include all DC in the environment.

Authentication of ACS with PEAP / MSCHAPv2 - customer rejecting Server

Hello

Have a network setup wireless with Cisco 1131AG towers, c6500 WISN module test (4404-WLC) is authenticating with a Cisco ACS appliance (1113) using PEAP and MSCHAPv2 authentication.

The laptops have the Cisco SSC customer (in collaboration with Mgmt SSC utility).

A self-signed certificate created on the fate of ACS and root exported and installed on the laptop computer of TCL.

IF CSSC box 'validation Server' is not selected, the authentication process works and I am able to connect to the network.

IF CSSC "Validation of server" is checked, the authentication will fail.

The problem, it appears that the customer refuses the server certificate:

"Server certificate chain is not valid.

The GBA, in the 'fail' authentication logs, message the following is stated:

"Authentication failed during SSL negotiation" (which obvioously refers to the strand of string not valid)

Any ideas?

When you create a self-signed certificate, is there a specific directory, when the server certificate must be located? as c:\cert\certificate.cer

Also, the certificate name must match host name of GBA?

i.e." CN ="

Any advice or pointers would be appreciated.

Thank you

Questions, it's that when you check the validation of server Box, you must make sure you have the certification authority in the root Certification Authority trusted. For example, in windows, there is a list of servers CA where you check the server certificate validation and also one of the root certification authority is on the list. If the root CA is not listed, then you must add to the list and check it out.

You are right on the client rejecting the sever cert... Authentication failed during SSL negotiation

This doc will give you an overview:

http://www.Cisco.com/en/us/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml

Authentication with 4.1 problem

We use a custom authentication scheme. He calls the api authenticatin to authenticate agains ActiveDirectory.

He worked in several apex applications in version 3.2 of the apex. We have created a new installation of the 4.1 and imported 3.2 apps

I can't get this authentication works in 4.1. Here is the code that works in point 3.2, but not in 4.1

This code is in the process of connection of the 101 page.

The error msg I get is Invalid Login Credentials

I created the application on the oracle website hosted. ID/wd id comments/Lock01$

Out of the running for the simplicity, the code does emualte how I connect installation 3.2. All other codes has not been copied to. This application works on our 3.2 install, but not the 4.1! Help!

{declare

Boolean b_result: = false;
Boolean c_result: = false;
Boolean d_result: = false;

Start
-: IS_ADMIN_USER: = 0;
-: IS_IE_USER: = 0;

: USERNAME: =: P101_USERNAME;
: PASSWORD: =: P101_PASSWORD;

-for security reasons, I commented on the domain server information and base. in this appeal.
b_result: = LDAP2. AUTHENTICATE_ADUSER (: P101_USERNAME,: P101_PASSWORD,: P101_DOMAIN, ' #. # .com ',' DC = #, DC = #, DC = com "");

If (b_result = true) then
-I know that the session is valid that I posted a mesg if it was valid to be sure.
If APEX_CUSTOM_AUTH.IS_SESSION_VALID

-It was the old 3.2 way that worked, but isn't in 4.1
-wwv_flow_custom_auth_std.post_login)
-P_UNAME = >: USER name,.
-P_PASSWORD = >: PASSWORD,.
-P_SESSION_ID = > v ('APP_SESSION').
-P_FLOW_PAGE = >: APP_ID | » : 1'
-- );

-I tried this in 4.1, but still does not work
APEX_CUSTOM_AUTH. () POST_LOGIN
p_uname = >: USER name,.
p_session_id = > V ('APP_SESSION').
p_app_page = >: APP_ID | » :1');

End if;
on the other
owa_util. REDIRECT_URL ('f? p = & APP_ID.: & LOGIN_PAGE.: & SESSION.) ") ;
apex_util.set_session_state ('LOGIN_MESSAGE ',' your ID or PASSWORD is incorrect.) Please try again. ") ;
end if;
-: PASSWORD: = null;
end;

Edited by: ashalon on Mar 16, 2012 11:23 AM

Edited by: ashalon on Mar 16, 2012 11:25 AM

Edited by: ashalon on Mar 16, 2012 12:20 PM

Edited by: ashalon on Mar 16, 2012 3:46 PM

Hi ashalon,

Thank you for connection information, I could access the application now.

As you write a custom authentication, I assumed that you have created a CUSTOM type authentication model. This application has a type authentication scheme 'Application Express', but the app doesn't really use it that way. The process to submit on the login page shows just apex_custom_auth.post_login to keep the user name of the session.

I created a sample application with the authentication of the apex and a process to submit on the login page that says only:

apex_custom_auth.post_login (
    p_uname      => 'HELLO',
    p_session_id => V('APP_SESSION'),
    p_app_page   => :APP_ID||':1');

It works very well, so in principle, this type of authentication should be ok.

What is an uncorrected 4.1 version? If so, you probably use in the bug
>
13045147 APEX_CUSTOM_AUTH. POST_LOGIN SHOULD NOT CALL AUTHENTICATION

In version 4.1, the calls to wwv_flow_custom_auth_std.post_login () behave like calls to login()). The called functions of prior authentication and the authentication procedure. It therefore required a combination of username/password valid and could not be used to simply change the user, as in previous versions.
>
(see http://www.oracle.com/technetwork/developer-tools/apex/application-express/41-known-issues-485406.html)

In this case, you could either install the fix for this bug to Support Oracle or install 4.1.1 both solve this problem.

Kind regards
Christian

ACS 5.2 PEAP with the authentication of the computer

Can someone point me in the direction of a good guide for configuring PEAP with Machine authentication to connect to the domain?

This is a clean install on a new installation of 5.2.

We move from 4.X to 5.2 and I want to make sure I don't miss anything.

Thanks in advance for any help.

Basics of infrastructure;
- 440 x & 5508
- ACS 5.2 VMWare
- AD is used as the external database for the PEAP and Machine auth.
This link might help. I would like to know if that's what you're looking for. It is not the exact game until you use but should be a grand of the directive.

http://wnbu-press.Cisco.com/files/2010/09/CUWN_PEAPv1.PDF

Grace and peace,

Robert Roulhac Jr E

connection problems with an authentication token.

I have a test application that creates a House of Java. It generates the following authentication token.
String roomName = "dynamically_created_room1";

Contact collabAcctMngr = new AccountManager (CollaborationConstants.COLLABORATION_ACCT_URL);
collabAcctMngr.login (CollaborationConstants.COLLABORATION_ACCT_ID, CollaborationConstants. COLLABORATION_ACCT_PASSWORD);
collabAcctMngr.createRoom (roomName, true); / /: removes the room to the exit
Session collabSession = collabAcctMngr.getSession (roomName);
collabSession.secret = CollaborationConstants.COLLABORATION_ACCT_SHARED_SECRET;

String token = collabSession.getAuthenticationToken (CollaborationConstants.COLLABORATION_ACCT_SHARED_SEC PENSION,
("jeff -" + "-phelps", "uid1", UserRoles.PUBLISHER);

log.info ("token =" + token);
The room is created fine.
I then run my flex app CollaborationTest
" < = xmlns:fx s:WindowedApplication ' http://ns.Adobe.com/MXML/2009 "
xmlns:s = "library://ns.adobe.com/flex/spark".
xmlns:rtc=" http://ns.Adobe.com/RTC "
xmlns:MX = "library://ns.adobe.com/flex/mx" >
< fx:Declarations >
<! - Place non-visual elements (e.g., services, items of value) here - >
"< rtc:AdobeHSAuthenticator id ="auth"userName =" "password =" "protocol ="rtmfp"authenticationKey ="{AUTH_KEY}"/ >
< rtc:RoomSettings id = "roomSettings" self-promotion = "true" guestsMustKnock = "false" / >
< / fx:Declarations >

< fx:Script >

<! [CDATA]

public const COLLABORATION_ACCT_URL:String = " " https://collaboration.adobelivecycle.com/endlessmind ";

public const AUTH_KEY:String = 'exx = eDpqZWZmLS1waGVscHM6OmVuZGxlc3NtaW5kOnVpZDE6ZHluYW1pY2FsbHlfY3JlYXRlZF9yb29tMTo1MDo 0YTI4NmFjN2FkYzk4ZTI3YTZkNWYwMmVhYWE5ZTgwNzUwYjRiZjFl';

private var testRoomURL:String = " " https://collaboration.adobelivecycle.com/endlessmind/dynamically_created_room1 ";
protected function button1_clickHandler(event:MouseEvent):void {}
cSession.roomURL = testRoomURL;
cSession.login ();
}
[]] >
< / fx:Script >

< mx:Panel title = "Test the ability to connect to a room with an authentication key" >
< s:Button label = "PUSH THE LOGIN" click = "button1_clickHandler (event)" / >
< rtc:ConnectSessionContainer authenticator = initialRoomSettings '{auth}"="{roomSettings}"id ="cSession' width = '100% '.
Height = "100%" autoLogin = "false" >

< / rtc:ConnectSessionContainer >
< / mx:Panel >

< / s:WindowedApplication >
When I push the button to connect, I got the following exception
requestInfo https://collaboration.adobelivecycle.com/endlessmind/dynamically_created_room1?Exx=eDpqZWZ mLS1waGVscHM6OmVuZGxlc3NtaW5kOnVpZDE6ZHluYW1pY2FsbHlfY3JlYXRlZF9yb29tMTo1MDo0YTI4NmFjN2FkY zk4ZTI3YTZkNWYwMmVhYWE5ZTgwNzUwYjRiZjFl & mode = x & xml = 0.6030149115249515
11:51:46 GMT - 0600 #THROWING ERROR # bad authentication key
Error: Invalid username or password: login again
at com.adobe.rtc.authentication::AbstractAuthenticator/onLoginFailure() [/ users/arun/work/apo nnusa_theoden.corp.adobe.com_1666/depot/branches/connect/1104/cocomoPlayer10.1/src/com/ado be/rtc/authentication/AbstractAuthenticator.as:200]
at com.adobe.rtc.authentication::AbstractAuthenticator/onAuthorizationFailure() [/ Users/arun/Work/aponnusa_theoden.corp.adobe.com_1666/depot/branches/connect/1104/cocomoPlayer10.1/src com/adobe/rtc/authentication/AbstractAuthenticator.as:215]
at com.adobe.rtc.session.sessionClasses::MeetingInfoService/onComplete() [/ users/arun/work/ap onnusa_theoden.corp.adobe.com_1666/depot/branches/connect/1104/cocomoPlayer10.1/src/com/ad obe/rtc/session/sessionClasses/MeetingInfoService.as:331]
at flash.events::EventDispatcher/dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at flash.net::URLLoader/onComplete()
Any help is greatly appreciated.
Thank you.
Jeff

I watched the news and I see a lot of message about invalid tokens. The main reason is usually that the 'shared secret' you use is bad. If please, check the value for the secret shared in the DevPortal and make sure it is what you use in your application.

Also, remember that the external authentication tokens are 'one shot': they are valid for the duration of a single session of the specified room, so if you start a room, stop it and start it again, you will have to generate new tokens.

Problems with external authentication!

Hi all!
I tried to experiment with external authentication with PHP using the examples provided with the LCCS SDK Navigator.
I changed the page "index.php" to include all my account info. and checked twice! However, when I download on my server, I get the following error every time I click on the button send the form:
Warning: fopen() [function.fopen]: URL file-access is disabled in the server configuration in /home/tueslcom/public_html/LoginTest2/lccs.php on line 690
Warning : fopen (https://collaboration.adobelivecycle.com/myusername? mode = xml & accountonly = true &) [function.fopen]: failed to open stream: no suitable wrapper could be found in/home/tueslcom/public_html/LoginTest2/lccs.php on line 690
Fatal error : Eception exception 'RTCError' with the message "connection failed" in /home/tueslcom/public_html/LoginTest2/lccs.php:695 trace stack: #0 home/tueslcom/public_html/LoginTest2/lccs.php(587): RTC::http_get('https://collabo...', Array) #1 home/tueslcom/public_html/LoginTest2/lccs.php(254): RTCAccount-> do_initialize() #2 home/tueslcom/public_html/LoginTest2/index.php(33): RTCAccount-> __construct ('https://collabo...') #3 {main} thrown in /home/tueslcom/public_html/LoginTest2/lccs.php on line 695
I have some experience with PHP, however, through lccs.php and trying to reverse engineer everything to know what is happening is a bit beyond my skill level! Any idea what could be past/missing here? It seems that this should be a no-brainer!
Thanks in advance for any help that anyone can give.
Matt

No, it's really that on a certain system curl works and waterways only and on some curl does not work.

I chose the 'flow' as a default way because that's what worked on my machine

There is really no difference in how the two methods work, they are all two the same way https requests and curl is one of the best clients available http anyway.

-Raffaele

WiFi WPA2 Enterprise with RADIUS - connection problem

Hello

I have here a new ISA 570w with the latest firmware (1.2.17).

Anyway, I can't get wifi to work in mode WPA2 Enterprise with RADIUS authentication.

Mode WPA2 PSK are not a problem.

I have configured the BEAM properly and I can connect directly to him via NTRadPing without any problem. Also the test in the web interface works without any problem (see Figure 2, 3).

The RADIUS server is a server Synology RADIUS on a Synology NAS, which is a FreeRADIUS server under the hood.

In the settings of the ISA wireless, I put this RADIUS server for authentication (see screenshot 1, 4).

However, I can not connect to connect to the network:

On the iPhone (iOS 6.1.3) I get a prompt for a user name and password, but when I click on connect, it says 'connect to 'cisco3'... ". "and stays there.

In ISA 570w newspaper, he said:

Information

Wireless

MSG = add MAC station in the list of the ATU. VID = 5; MAC = 5 C: 59:48:02:78:3E;

Information

Wireless

MSG = Wireless mode is a 802.11 mixed b_g_n

When I cancel the connection attempt, he said:

Information

Wireless

MSG = the Client has dissociated;

On my Thinkpad with Windows 7 Professional I have everything configured as usual (see screenshots 5,6,7,8) but when I try to connect I do not get a command prompt where I wonder username and password, and finally the connection cannot be established (see Figure 9). Also tried with the same configuration on an another Windows 7 Pro installed costs for laptop with the same problem.

I can't see any attempt of 570w ISA to authenticate anything in the logs of the RADIUS.

Also the capture of network traffic on the LAN to the Synology NAS port does not show the RADIUS datagrams.

I already disabled COP because I read that it can cause problems, but it did not help.

Can you please suggest something else I can try?

Thanks in advance!

Kind regards

Dominik

I saw these screenshots, but that screen settings just select the button set up next to the authentication method in the section user authentication, under users. In each of your screenshots, the RADIUS server identification number is 1, so I would also ensure that I configured the server ID RADIUS 1 that can be configured by going to users-> RADIUS servers.

All that said, I have seen that your tests have passed and I also do not understand the point of having the RADIUS settings on other screens and then to have info ID RADIUS. My thought is that you'd be able to pre-set RADIUS users of-> screen RADIUS servers and then select the RADIUS server ID in all other screens without having to enter the RADIUS news over and over again. He also thinks that you could ignore the users-> screen RADIUS server and enter RADIUS information over and over again and it should work... as you set up initially. However, based on the past experience of programming errors, I recommend configuring the ID from RADIUS server 1 under user-> RADIUS servers if you have not already... just in case where.

Shawn Eftink
CCNA/CCDA

Please note all useful messages and mark the correct answers to help others looking for solutions in the community.

SONY VAIO VGN-SZ28 cannot connect wireless with WPA encryption

Hi guys

I have a sony VAIO PC is unable to connect wireless if I have WPA and WPA2 encryption. When I decrease the security WEP device connects well. the laptop never asks the user name and password of the ad

The type of security, I use WPA2 802. 1 x with PEAP-EAP-MSCHAPv2

Please note the following:
1. Wireless driver is updated to the latest version. I see EAP and WPA Press Cordless screwdriver
2. Windows XP service pack 3 operating system
no idea why I am facing this problem?

Thank you very much

Elijah

Hi Elijah

You can deal with a number of certificate on the laptop.

If the wireless client is configured to use PEAP Protocol as you suggested the default setting is usually to check the certificate of the server. This would mean that you need to install a certificate on the laptop. However, there should be a setting on the client to disable the server certificate 'validate' If you do not want to (or cannot) to install a certificate on the laptop.

See attached some screenshots.

Concerning

Roger

EAP-FAST EAP and PEAP authentication configuration

Hello world

I'm pretty well EAP works, however with the help of LEAP
When I get to PEAP and EAP-FAST, I can't make it work

What am I missing, I don't know that EAP-FAST and PEAP require certificates. However, how to configure their client side?
Hope you guys can help me on this point, stuck on this part xD

First of all I would make that PEAP or FAST is configured correctly. Debugs them when test pay close attention to the newspapers on the WLC or do what is necessary to solve the problems.

Good read on local eap...
http://www.Cisco.com/c/en/us/TD/docs/wireless/controller/7-4/configurati...

To set up your client I'll assume it windows 7 or newer?

https://supportforums.Cisco.com/document/68096/PEAP-authentication-confi...

Cannot access wireless with linksys WRT54GS router

Hello

I just installed a Linksys WRT54GS router on my connection, the problem I have is to be able to access with my wireless on my laptop.

I kept getting a message saying 'connection unindentified' 'access '. I did most of what is already on your forum that such a power out of my rooter, my modem and such and still nothing. I am able to access wireless with my girlfriend Mac laptop, my playstation 3 and my desktop computer which uses Windows X. I initially thought that it my be a problem with my security but even when the connection is unprotected I still have this error. I am trying to disable the IpV6but that didn't ' dot something or the other.

My laptop is a Toshiba Qosmio X 300 PQX32C-033019 with Vista and my router is a Linksys WRT54GS to. 6

Here is my connection connect you, sorry if this is in French:

Try this-

Open an Internet Explorer browser on your computer (desktop) wired page. In the address bar type - 192.168.1.1 and press ENTER...
Let the empty user name & password use admin lowercase...
For wireless settings, follow these steps: -.
Click on the Wireless tab
-Here, select manual configuration... Wireless network mode must be mixed...
-Provide a unique name in the name box of the wireless network (SSID) in order to differentiate your network from your network of neighbors...

-Set the Standard - 20 MHz Radio band and change the Standard channel to 11-2, 462 GHz... Wireless SSID broadcast should be enabled and then click on save settings...
Please take note of the name of the wireless network (SSID) because it's the network identifier...
For wireless security: -.
Click the sub-tab under wireless > Wireless Security...
Change the mode of WEP wireless security, encryption must be 64-bit. Let the empty password, do not type in anything...
Under type of WEP Key 1 in all 10 numbers please (numbers only and no mailbox for example: your 10-digit phone number) and click on save settings...
Please note the 1 WEP key as it comes to the security key for the wireless network...

Click the settings advanced wireless
Change the interval of tag to 75 > change the Fragmentation threshold to 2304, change the RTS threshold to 2304 > click 'save settings '...

On your Vista laptop, first turn off the wireless network connection and restart the laptop, and then enable the wireless connection...

Then click Start > Control Panel > Network and Sharing Center > manage wireless network and click Add, select manually create a network profile and click Next, enter the name of your network SSID/network, select WEP for security type and enter your 10-digit network key and click Next, it should say 'Connected successfully to _' close all windows , and then restart the laptop, now see if you can connect to the Internet wireless...

Windows 7 Home Premium - cannot change the user name in the authentication dialog box

I was hoping someone might be able to answer a question on how to get a computer running Windows 7 Home Premium to display both the username and password fields when attempting to authenticate on another Windows computer.

Here's the situation: allow us that the leaders and other members of the staff allowed our Organization to establish a VPN connection to our corporate network (via Fortinet Forticlient, for what it's worth.) Once the VPN connection is established, on the remote computer, the user must be able to access the UNC path to our file (\\servername\share) server.

Because the remote user has not yet authenticated on the domain Active Directory of business, a dialog box should appear to the user input a user name and password. Enter the user name (domain\username) and password and share should open, and the user must then be able to access the files in the share.

I (and several other members of the staff) have been using this method successfully to access files via the VPN connection, and it works very well. However, it does not work whenever the President of the company will connect to the VPN from his computer at home.

Whenever the President connects the VPN and attempts to access the UNC path, he reports that the dialog box which appears on his computer at home has only one field for a password; the user name field appears to be on his local user account, and it doesn't have the ability to change. (I have him asked if there is an option 'use authentication information', and he declares that there is not just a dialog box with a single field, the field of password.)

The President is running Windows 7 Home Premium on his computer at home, so I thought that the problem could be because he was running this edition of Windows. However, I have installed VPN client and test the connection on the server share file using the computer of my wife, who is also running Windows 7 Home Premium, and I received the two fields as expected authentication dialog box and has been able to authenticate to the domain successfully and open files from the share with no problems.

Does anyone have recommendations on what I can try to allow the President to authenticate successfully to our server share? I am confused, and it is eager to be able to get remote access to files on his home computer.

Hello

Please contact Microsoft Community.

I suggest you to ask your question in the Technet Forums, where we are the support technicians who are well equipped with the knowledge on these issues. Please visit the following link to go to them and post your query there:

https://social.technet.Microsoft.com/forums/Windows/en-us/home?category=w7itpro

Have a great day.

Getting started with PEAP and Tablet PC

I tried to get PEAP works with the following devices:

CiscoSecure ACS 3.1

Compaq TC1000 Tablet PC with the latest drivers for the integrated wireless card

Cisco Aironet 1100 AP

I think that everything is configured correctly on the AP - I checked network EAP and open. No VLANS configured. The ACS has the AP registered as a network device with the same key, as written on the access point itself and with RADIUS (Cisco Aironet) selected.

Unfortunately, my clients associate but fail to obtain a DHCP address, then pass traffic.

The Tablet PC is configured for windows XP networking, use of PEAP and dynamic wep key (or the key is provided for me).

Someone had experience with these devices? We managed to bring the LEAP collaborated with Cisco ACU on a full laptop. The Tablet PC does not have the software of the ACU.

Edit:

Just found a few past responses that helped a little clear things upward. Could someone tell me if my reasoning below is correct please?

ACS version 3.1 supports PEAP for Cisco wireless cards/customers only and doesn't support PEAP for 3 part cards and begging him to Microsoft.

ACS version 3.2 supports PEAP for Cisco cards, but also supports PEAP Protocol with cards of third parties and the begging of Microsoft.

So in theory, upgrading to 3.2 would allow us to use Tablet PC as the TC1000 with our wireless access points and the PEAP authentication.

Kind regards

ACS 3.2 upgrade should enable PEAP work with your TabletPCs.

Users wireless with peap authentication problem

Similar Questions

Maybe you are looking for