802.1x Empty userId

Similar Messages

• Assign users to jobs C#

  I have a user table that contains active and disabled users(tblUsers), I also have a transaction table(tblTransactions) with rows of records and an empty UserId colunm.
  I want to select from UserId of active users from tblUsers and distribute those Id's across UserId column of tblTransactions.
  Am basically trying to assign jobs from tblTransaction to active users in tblUsers. Am coding a C# and building a windows service to do this task.

  1) Create an Entity Framework model for your database.  Head here
  https://msdn.microsoft.com/en-us/data/ef to learn how.
  2) Then you will be able to write C# like this
  using (var db = new MyDbContext())
  var activeUsers = db.tblUsers.Where(u => u.IsActive).ToList();
  var unassignedTransactions = db.tblTransactions.Where(t => t.UserId == null).ToList();
  var numActiveUsers = activeUsers.Count;
  for (int i=0;i<unassignedTransactions.Count;i++)
  var tran = unassignedTransactions[i];
  tran.User = activeUsers[i % numActiveUsers];
  db.SaveChanges();
  Also if you can, remove the "tbl" prefix from all your tables.  It's not helpful.
  David
  David http://blogs.msdn.com/b/dbrowne/

• Redirect to error.jsp

  Hi,
  I am getting Http 500 Internal server error from tomcat. I have follwing Jsp fragment, that is throwing this error.
  <c:if test="${ empty userId}">
       <c:forEach var='thisCookie' items='${cookie}'>
       <c:if test='${thisCookie.key == "NWPUSERNAME"}'>
  <c:set target='${SharedCookieBean}' property='val' value='${thisCookie.value.value}' />
            <c:if test='${SharedCookieBean.valid == "true"}'>
       <c:set target='${UserBean}' property='userId' value='${SharedCookieBean.username}' />                
                 <c:if test='${SharedCookieBean.fflag == "true"} || ${UserBean.userFlag == "true"}'>
                 <c:redirect url="error.jsp?error=2" />               
                 </c:if>
       <c:set target='${UpdateUserAuthenticatedBean}' property='userId' value='${SharedCookieBean.username}' />
  <c:set target='${SetSessionParamsBasedOnUserIdBean}' property='req' value='${pageContext.request}' />
  <c:set target='${SetSessionParamsBasedOnUserIdBean}' property='userId' value='${SharedCookieBean.username}' />
  </c:if>
  </c:if>
  </c:forEach>
  </c:if>
  This happend when I give a bogus userid say xdf which is NOT present in the database during the authentication. server sends error 500, which i like to suppress and rather redirect to error.jsp(My redirect attempt in above code is NOT working). It does not redirect to error.jsp. It shows errro 500 Internal server error in the browser.
  any help in redirecting it correctly to error.jsp??
  pp

  My guess would be there is an exception happening in the database lookup code. If you set a generic errorPage for your jsp page, you should be able to redirect properly.
  Where does this occur - when you set the SharedCookieBean value?
  You might also try the <c:catch> tag. Put it around the bit of code creating the error.
  eg...
  <c:catch var="except">
      // the bit of code that creates the exception
     <c:set target='${SharedCookieBean}' property='val' value='${thisCookie.value.value}' />
  </c:catch>
  <c:if ${not empty except}">
    An exception occured - <c:out value="${except.message}"/>
  </c:if>Cheers,
  evnafets

• USERID is transfered as empty .....

  Hi all,
  I am working on the File2 Proxy Interface.....
  My Interface is working good, except I have a field as user Id coming from Legacy and when the File XML Data is transferred to Proxy is coming as empty for USERID Field.....
  Did anyone get this type of issue before.....Please do give some input to solve this issue.....
  <removed_by_moderator>
  Read the "Rules of Engagement"
  Thank you,
  Mili-
  Edited by: Juan Reyes on Oct 21, 2008 3:04 PM

  Hi Bhavesh,
  Thank you for the quick reply.....
  The reason is the Field name is wrongly spelled in File Adpter, so causing the issue....
  I really appreciate your quick response......
  I have read many of your blogs and really enjoyed as well learned lots of things....
  Full points to you....
  Mili-

• Ticket contains no or empty Abap userid (see note 1159962)

  hi
  i am swapna
  while performing sso i got this error.
  i have gone through the note. but i didnt get clear idea.
  can u people guide me how to solve?
  thankyou.
  plz let me know as early as posible.

  Hi Swapna ,
  The problem is caused by the Java system that issues the ticket - means the WAS/J2EE engine on which portal runs .
  The most probable reason for this error is that the specification of the ABAP reference system is missing - Check once in System admin-> system config-> ume configuration that the entry for the system alias is there or not ( for the system with which you want SSO) . Have you also configured a reference system for this ?? Please do it if you have not .
  Errors may also occur if the option "ume.configuration.active=true" is not set  - I guess you need to check this in VA or ask you basis team to check it
  Regards
  Mayank

• PHP Show if hides update fields, but they get overwritten with an empty string

  I have an issue with a page where some update fields are displayed depending on who is logged, for example:
  <?php if ($row_Users['UserID']=="101"){ ?>
  <input <?php if (!(strcmp($row_lodges['101_finalist'],"Yes"))) {echo "checked=\"checked\"";} ?> type="checkbox" name="101_finalist"  value="Yes"/>
  <input type="text" class="rankfield" name="101_rank" value="<?php echo($row_lodges['101_rank']); ?>" />
  <?php }  ?>
  <?php if ($row_Users['UserID']=="102"){ ?>
  <input <?php if (!(strcmp($row_lodges['102_finalist'],"Yes"))) {echo "checked=\"checked\"";} ?> type="checkbox" name="102_finalist"  value="Yes"/>
  <input type="text" class="rankfield" name="102_rank" value="<?php echo($row_lodges['102_rank']); ?>" />
  <?php }  ?>
  The issue I have is that if User101 is logged in and updates fields 101_finalist and 101_rank, it overwrites 102_finalist and 102_rank with an empty string.
  Is it possible to prevent each user from seeing the other fields for other users, and prevent the existing values for those other users not be overwritten?
  Hope that makes sense!
  Thank you.

  That would mean multiple nominations when really there only needs to be one nomination per category in any given country.
  It would be:
  1, 345, 101, Borana Lodge, 7, 2, Yes, 1
  1, 345, 102, Borana Lodge, 7, 2, Yes, 3
  1, 345, 103, Borana Lodge, 7, 2, No, NULL
  Instead of:
  1, 345, Borana Lodge, 7, 2, Yes, 1, Yes, 3, No, NULL
  Sorry, Lodge isn't in the nominations table, the list above is what is displayed on the site. Lodge gets looked up in the Ldoges table.
  At the moment it works like this:
  People can visit a website and vote for lodges in different categories, giving them a score out of 10 for each.
  If a lodge gets a vote in a particular category an admin person creates a nomination for that lodge, in that category.
  And the last bit is where judges login and tag the ones they think should be finalists.

• Sample Custom SSO not working for external userid mapped in userprofile in 11.1.1.8

  Hi,
  WebCenter sites v: 11gR1 (11.1.1.8)
  I am in the process of validating Custom SSO Behaviour. I am facing hurdles. I have mentioned below the steps I preformed.
  1. Deployed customizable-sso-11.1.1.8.0 .jar in cas/WEB-INF/lib
  2. Copied SampleLoginform.jsp file to cas/fatwire
  3. Copied the customSampleSSObeans.xml configuration file into cas/WEB-INF/spring-configuration folder.
  4. Modified the following bean
          <bean id="customUserConfiguration" class="com.fatwire.wem.sso.cas.sample.SampleConfiguration"
                  p:casLoginUrl="http://xyz.com:7001/cas/login"
                  p:resolverUrl="http://xyz.com:7001/cs/custom/customCsResolver.jsp"
                  p:resolverCredential-ref="resolverCredential"
                  p:traceFlag="false"
                  p:sampleDomain="mydomain"
                  p:sampleFormUrl="http://xyz.com:7001/cas/fatwire/SampleLoginForm.jsp"
                  />
    Note: p:resolverCredential - I found it new in this bean, as it is not referenced anywhere in the WCS documentation. This resolverCredentail is actually another bean configured in customResolverCredentail.xml under spring-configuration folder. Also, I am not sure if p:sampleDomain has to be modified to suit the environment. Currently I have retained the default value of "mydomain".
  <?xml version="1.0" encoding="UTF-8"?>
  <beans xmlns="http://www.springframework.org/schema/beans"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
          xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
          <description>
                  This defines the SitesCS username/password credentials needed for identity resolution
          </description>
          <bean id="resolverCredential" class="com.fatwire.security.common.SecurityCredential">
                  <property name="username" value="fwadmin" />
                  <property name="password" value="xceladmin" />
                  </bean>
  </beans>
  The default value mentioned for property name username and password were "@username@" and "@password@" respectively. I changed them to fwadmin/xceladmin as in the file above.
  5. In WCS Admin UI, I added a user atribute "samplesso" and assigned unique value for couple of users
  6. Restarted CAS.
  7. On accessin wcs url, I am now redirected to custom sample login page(SampleLoginform.jsp)
      Following are the form fields: username, password, domain, external userid
  8. It works fine, if I submit wcs credentails for username,password and default domain (mydomain) and I am taken to the WCS Admin UI
  9. But if I submit domain(mydomain) and mapped user(unique value in sep 5) against userid, I get an error page. Following is the error
  org.springframework.webflow.engine.ActionExecutionException: Exception thrown executing [AnnotatedAction@5f82e73 targetAction = com.fatwire.wem.sso.cas.web.CustomLoginViewAction@68b18314, attributes = map[[empty]]] in state 'viewLoginForm' of flow 'login-webflow' -- action execution attributes were 'map[[empty]]'; nested exception is java.lang.SecurityException: java.lang.NullPointerException
  What is the cause and fix for the problem. Am I supposed to perform any other step?
  Is there anything specific to p:resolverUrl="http://xyz.com:7001/cs/custom/customCsResolver.jsp" ? I did not do any deployment corresponding to this, as there was no such step mentioned in documentation.
  Thanks

  I just recently implemnted this for my current client.
  http://xyz.com:7001/cs/custom/customCsResolver.jsp
  The context "cs" here is important. For my current client, we installed 11G with context "cm". So for us the the resolver URL is:
  http://xyz.com:7001/cm/custom/customCsResolver.jsp  and when we login into FatWire we use:
  http://xyz.com:7001/cm/login.
  If you look in your Sites application folder you should see <Sites App/Context>/custom/customcsResolver.jsp. In the Jsk it's located at:
  C:\Oracle\WebCenter\Sites\11gR1\App_Server\apache-tomcat-6.0.32\webapps\cs\custom\customCsResolver.jsp
  Regards,
  Robert Jackson

• Using XSLT to empty nodes with the exception of  specific node.

  I have XSLT code working which will remove all the empty elements. My user wishes to exempt a specific node, <BypassDateEdits>. I can not figure out the correct syntax to do this.
  Source XML is:
  <?xml version="1.0" encoding="UTF-8"?>
  <IMDSCDB xmlns="http://xml.dod.mil/log/maint/fs/main/4.0.0">
  <EndItemTCTOReporting originator="EMOC">
  <PartialJobDataDocumentationData/>
  <JobControlNumber>
  <EventId>052790038</EventId>
  <WorkcenterEvent>001</WorkcenterEvent>
  </JobControlNumber>
  <End/>
  <HomeEnterpriseLocationCode>7494</HomeEnterpriseLocationCode>
  <CurrentEnterpriseLocationCode>7494</CurrentEnterpriseLocationCode>
  <HostUnitDateAndTime>2006-02-23T19:29:37</HostUnitDateAndTime>
  <TransactionOrdinalDate>06054</TransactionOrdinalDate>
  <ComponentPosition>0</ComponentPosition>
  <HowMalfunctionCode>802</HowMalfunctionCode>
  <UnitsProduced>01</UnitsProduced>
  <StartTime>0800</StartTime>
  <StopDate>05200</StopDate>
  <StopTime>0805</StopTime>
  <CrewSize>6</CrewSize>
  <CategoryOfLaborCode>1</CategoryOfLaborCode>
  <ActivityIdentifierCode>02</ActivityIdentifierCode>
  <CorrectedByIMDSCDBUserId>GU03CW</CorrectedByIMDSCDBUserId>
  <CorrectiveActionNarrative>Test Test</CorrectiveActionNarrative>
  <InspectedByIMDSCDBUserId>GU03CW</InspectedByIMDSCDBUserId>
  <DocumentMoreTCTOThisJobControlNumber/>
  <InspectionPassed>Y</InspectionPassed>
  <BypassDateEdits/>
  </EndItemTCTOReporting>
  </IMDSCDB>
  Desired output is:
  <?xml version="1.0" encoding="UTF-8"?>
  <IMDSCDB xmlns="http://xml.dod.mil/log/maint/fs/main/4.0.0">
  <EndItemTCTOReporting originator="EMOC">
  <PartialJobDataDocumentationData/>
  <JobControlNumber>
  <EventId>052790038</EventId>
  <WorkcenterEvent>001</WorkcenterEvent>
  </JobControlNumber>
  <HomeEnterpriseLocationCode>7494</HomeEnterpriseLocationCode>
  <CurrentEnterpriseLocationCode>7494</CurrentEnterpriseLocationCode>
  <HostUnitDateAndTime>2006-02-23T19:29:37</HostUnitDateAndTime>
  <TransactionOrdinalDate>06054</TransactionOrdinalDate>
  <ComponentPosition>0</ComponentPosition>
  <HowMalfunctionCode>802</HowMalfunctionCode>
  <UnitsProduced>01</UnitsProduced>
  <StartTime>0800</StartTime>
  <StopDate>05200</StopDate>
  <StopTime>0805</StopTime>
  <CrewSize>6</CrewSize>
  <CategoryOfLaborCode>1</CategoryOfLaborCode>
  <ActivityIdentifierCode>02</ActivityIdentifierCode>
  <CorrectedByIMDSCDBUserId>GU03CW</CorrectedByIMDSCDBUserId>
  <CorrectiveActionNarrative>Test Test</CorrectiveActionNarrative>
  <InspectedByIMDSCDBUserId>GU03CW</InspectedByIMDSCDBUserId>
  <InspectionPassed>Y</InspectionPassed>
  <BypassDateEdits/>
  </EndItemTCTOReporting>
  </IMDSCDB>
  XSLT to remove all empty nodes is:
  <?xml version="1.0"?>
  <xsl:stylesheet
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
  version="1.0">
  <xsl:template match="@* | node()">
  <xsl:copy>
  <xsl:apply-templates select="@* | node()"/>
  </xsl:copy>
  </xsl:template>
  <xsl:template match="*[not(descendant::text()[normalize-space()])]" >
  </xsl:template>
  </xsl:stylesheet>
  I believe I need to use the | operator to select the additional node set of just the <BypassDateEdits> node, but repeated attempt and research on the web has enabled me to find a solution.
  Any assistance would be appreciated.
  Bill

  having gotten a big clue from tsuji, I finally achieved the correct XSLT.
  This XSLT:
  <?xml version="1.0"?>
  <xsl:stylesheet
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
  version="1.0">
  <xsl:template match="@* | node()">
  <xsl:copy>
  <xsl:apply-templates select="@* | node()"/>
  </xsl:copy>
  </xsl:template>
  <xsl:template match="*[not(local-name()='BypassDateEdits') and namespace-uri()='http://xml.dod.mil/log/maint/fs/main/4.0.0'][not(descendant::text()[normalize-space()])]" >
  </xsl:template>
  </xsl:stylesheet>
  Yields the desired results:
  <?xml version="1.0" encoding="UTF-8"?><IMDSCDB xmlns="http://xml.dod.mil/log/maint/fs/main/4.0.0">
  <EndItemTCTOReporting originator="EMOC">
  <JobControlNumber>
  <EventId>052790038</EventId>
  <WorkcenterEvent>001</WorkcenterEvent>
  </JobControlNumber>
  <HomeEnterpriseLocationCode>7494</HomeEnterpriseLocationCode>
  <CurrentEnterpriseLocationCode>7494</CurrentEnterpriseLocationCode>
  <HostUnitDateAndTime>2006-02-23T19:29:37</HostUnitDateAndTime>
  <TransactionOrdinalDate>06054</TransactionOrdinalDate>
  <ComponentPosition>0</ComponentPosition>
  <HowMalfunctionCode>802</HowMalfunctionCode>
  <UnitsProduced>01</UnitsProduced>
  <StartTime>0800</StartTime>
  <StopDate>05200</StopDate>
  <StopTime>0805</StopTime>
  <CrewSize>6</CrewSize>
  <CategoryOfLaborCode>1</CategoryOfLaborCode>
  <ActivityIdentifierCode>02</ActivityIdentifierCode>
  <CorrectedByIMDSCDBUserId>GU03CW</CorrectedByIMDSCDBUserId>
  <CorrectiveActionNarrative>Test Test</CorrectiveActionNarrative>
  <InspectedByIMDSCDBUserId>GU03CW</InspectedByIMDSCDBUserId>
  <InspectionPassed>Y</InspectionPassed>
  <BypassDateEdits/>
  </EndItemTCTOReporting>
  </IMDSCDB>
  Thank you tsuji,
  Bill

• Unable to export empty tables

  I use this command:
  exp userid=clix_db file=clix.dmp log=dump.log consistent=y
  to export all tables from user "clix_db".
  But when I take a look into the log file, I notice that not all tables have been exported. All empty tables are missed.
  e.g. the table "LIC_REPORTLOG" does exists! OK, the table is empty.
  But it is not exported. When I import the clix.dmp into another empty database, there is no table "LIC_REPORTLOG"
  When I export only this table with
  exp userid=clix_db file=clix_lic.dmp log=dump_lic.log consistent=y tables=LIC_REPORTLOG
  I get an error message:
  EXP-00011: CLIX_DB.LIC_REPORTLOG does not exist
  If I take a look into the table "all_tables", everything is fine:
  Enter user-name: clix_db
  Enter password:
  Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> select table_name from all_tables where table_name='LIC_REPORTLOG';
  TABLE_NAME
  LIC_REPORTLOG
  SQL> select * from CLIX_DB.LIC_REPORTLOG;
  no rows selected
  Any ideas?

  Hello,
  I think that with such a new release you should use DataPump (expdp/impdb) to
  export Tables.
  For exporting a complete Schema you may use the following syntax:
  expdp {color:red}+user+{color}/{color:red}+password+{color} PARFILE=pfexport.txt_With pfexport.txt as bellow:_
  SCHEMAS={color:red}+schema_name+{color}
  FLASHBACK_TIME="TO_TIMESTAMP(to_char(SYSDATE,'DD-MM-YYYY HH24:MI:SS'),'DD-MM-YYYY HH24:MI:SS')"
  CONTENT=ALL
  DIRECTORY=EXP_DIR
  DUMPFILE={color:red}+dump_file_name+{color}
  LOGFILE={color:red}+log_file_name+{color}Then, in this example, you'll get the "dump file" and the "log file" into the EXP_DIR Oracle directory (if it exists).
  You can check your Oracle Directories with the following query:
  select * from dba_directories;Then, you can use one of these Directories or create a new one with the following statement
  CREATE OR REPLACE DIRECTORY {color:red}+directory_name+{color} AS '{color:red}+directory_path+{color}';
  GRANT READ,WRITE ON DIRECTORY {color:red}+directory_name+{color} TO {color:red}+user_name+{color};Hope it can help,
  Best regards,
  Jean-Valentin
  Edited by: Lubiez Jean-Valentin on Nov 28, 2009 12:08 PM

• Cfprocparam type="OUT" brings back empty value

  ISSUE OBJECTIVE:
  After conversion from CF 5 to CFMX 7, <cfprocparam
  type="OUT" brings back empty value
  OUR STORED PROC:
  <cfstoredproc procedure="sp_rass_user_guidance"
  datasource="#rass_data_source#" returncode="YES">
  <cfprocparam type="IN" dbvarname="@status" value="2"
  cfsqltype="CF_SQL_INTEGER">
  <cfprocparam type="IN" dbvarname="@addname"
  value="#form.newVersionName#" cfsqltype="CF_SQL_CHAR">
  <cfprocparam type="IN" dbvarname="@userid"
  value="#client.userid#" cfsqltype="CF_SQL_CHAR">
  <cfprocparam type="OUT" dbvarname="@rc" variable="rc"
  cfsqltype="CF_SQL_SMALLINT">
  <cfprocparam type="OUT" dbvarname="@reason"
  variable="reason" cfsqltype="CF_SQL_VARCHAR">
  <cfprocresult name="retrieveVersions">
  </cfstoredproc>
  In SQL query anylizer this stored proc brings back some
  values for variables rc and reason, but empty values on CF pages.
  Cf gurus please help

  Something sounds fishy. I'm not sure what more you could do
  at the database, since PL/SQL VARCHAR2 variables have a max length
  of 32,767 (as opposed to the VARCHAR2 data type limit of 4000
  bytes). Should let you return more than 900 bytes! Perhaps you may
  need to look into your kernal parameters, or Oracle parameters like
  sga_max_size, etc.
  You say that "Long Buffer Varchar is checked and set to
  max"... what value? Also, what version of ColdFusion are you using,
  as I can not "check" Long Text Buffer (chr) but only supply a
  value, or I can check CLOB (or BLOB), where checking CLOB will
  override the Long Text Buffer (chr) value.
  Phil

• Row template showing always additional empty row

  Hi everybody,
  When I used row templates with apex 3 it worked fine. With apex 4, I always get an empty row in addition to the ones I query.
  This behavior appears with firefox 3.6.7 as well as with ie 8. The standard report template "value attribute pairs" causes the same wrong behavior.
  I appreciate any hints.
  Robert

  Hi Dan
  Thank you very much for looking at my problem. I have created an example. Please have a look under:
  workspace: processlink
  userid: admin
  password: admin
  application no: 395
  Thank you
  Robert

• 802.1x ISE with computer certificates

  Hello,
  I'm trying to configure 802.1x policy on Cisco ISE (v1.2.x) which will authenticate devices using computer certificates.
  i have configured the AP and the policy on the ISE server and when i'm trying to connect i'm getting an error message says:
  "11514 Unexpectedly receive empty TLS message; treating as a rejection by the client"
  Did anyone encountered this message with this kind of setup?
  Thx,
  Tal

  You didn't revealed even the basic things like the OS you have on client machine. It mean you have a version of Windows. Unfortunately, I'm no windows expert.
  Your client needs to recognize Cisco ISE certificate as trusted. Root CA needs to be placed in appropriate certificate store - the machine store if you are configuring machine-level authentication, or the user store if you are configuring user-level authentication. Or elsewhere according requirements of your authentication client. Consult the documentation related to your OS and it's client setup. If there is a intermediate certificate then it needs to be delivered from server side to client during TLS handshake.
  I wish a more skilled Windows user will give you better advice. I'm familiar with the principles, but I don't know where to click in Windows.

• 802.1x accounting does not reflect correct port status

  Hi,
  I've just discovered an issue when trying to use MSFT supplicant and Cisco 802.1x accounting. This makes 802.1x accounting completely unusable.
  Facts:
  1. MSFT supplicant does not send EAPOL-Logoff messages and there's no way to enable this (btw. Aegis client does not send it either, except when disabling interface).
  2. I am doing machine authentication along with domain authentication.
  3. Windows XP SP2 is used with EAP registry hacks applied.
  4. PEAP/MS-CHAPv2 method is used.
  Now when the computer is started it is logged into 802.1x with 'host/machine' account and RADIUS accounting start is sent by the switch. That's fine.
  When a user logs on with its 'domain\user' identity, then EAPOL-Start is sent from the host triggering new EAP message exchange and the user is authenticated correctly. However the switch sends Interim Accounting still using 'host/machine' credentials which is obviously wrong.
  Even more bizarre accounting happens when the user subsequently logs off from the machine. The EAPOL-Start is sent from the host triggering new authentication process for 'host/machine' identity and the host is authenticated ok. The accounting being sent is:
  - first Accounting Stop for 'host/machine' User-Name
  - then strange Interim Accounting with most attributes empty or missing
  256970: Jul 10 15:56:41.211 MET-DST: RADIUS: authenticator 68 CA 1A 46 85 4F F5 95 - 87 B4 84 61 72 85 42 F3
  256971: Jul 10 15:56:41.211 MET-DST: RADIUS: Acct-Session-Id [44] 10 "013F0000"
  256972: Jul 10 15:56:41.211 MET-DST: RADIUS: Vendor, Cisco [26] 34
  256973: Jul 10 15:56:41.211 MET-DST: RADIUS: Cisco AVpair [1] 28 "connect-progress=Auth Open"
  256974: Jul 10 15:56:41.211 MET-DST: RADIUS: Acct-Session-Time [46] 6 0
  256975: Jul 10 15:56:41.211 MET-DST: RADIUS: Acct-Input-Octets [42] 6 0
  256976: Jul 10 15:56:41.211 MET-DST: RADIUS: Acct-Output-Octets [43] 6 0
  256977: Jul 10 15:56:41.211 MET-DST: RADIUS: Acct-Input-Packets [47] 6 0
  256978: Jul 10 15:56:41.211 MET-DST: RADIUS: Acct-Output-Packets [48] 6 0
  256979: Jul 10 15:56:41.211 MET-DST: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
  256980: Jul 10 15:56:41.211 MET-DST: RADIUS: Acct-Status-Type [40] 6 Watchdog [3]
  256981: Jul 10 15:56:41.211 MET-DST: RADIUS: Vendor, Cisco [26] 24
  256982: Jul 10 15:56:41.211 MET-DST: RADIUS: cisco-nas-port [2] 18 "FastEthernet0/11"
  256983: Jul 10 15:56:41.211 MET-DST: RADIUS: NAS-Port [5] 6 50011
  256984: Jul 10 15:56:41.211 MET-DST: RADIUS: NAS-Port-Type [61] 6 Eth [15]
  256985: Jul 10 15:56:41.211 MET-DST: RADIUS: Class [25] 27
  256986: Jul 10 15:56:41.215 MET-DST: RADIUS: 43 41 43 53 3A 30 2F 32 39 32 66 2F 61 38 31 38 [CACS:0/292f/a818]
  256987: Jul 10 15:56:41.215 MET-DST: RADIUS: 30 32 38 2F 35 30 30 31 31 [028/50011]
  256988: Jul 10 15:56:41.215 MET-DST: RADIUS: Service-Type [6] 6 Framed [2]
  256989: Jul 10 15:56:41.215 MET-DST: RADIUS: NAS-IP-Address [4] 6 10.129.128.40
  256990: Jul 10 15:56:41.215 MET-DST: RADIUS: Acct-Delay-Time [41] 6 0
  256991: Jul 10 15:56:41.239 MET-DST: RADIUS: Received from id 1646/238 10.129.128.38:1813, Accounting-response, len 20
  256992: Jul 10 15:56:41.239 MET-DST: RADIUS: authenticator ED 8E 8B 15 28 5F E4 37 - BF A8 F5 9E 10 43 5E A8
  So that the accounting sent from the switch does not reflect current status of the authenticated user on a given port.
  How to deal with this issue? Any ideas?
  thanks,
  robert

  Does your radius proxy-table is populated wrong for EAP- SIM users ?

• Wired 802.1x EAP-TLS Server Certificate Problem

  I have setup wired 802.1x authentication using EAP-TLS with ACS 3.3 and backend link to Active Directory. Root CA certificates are installed on the ACS and Client PC. Machine certificates and user certificates are also installed on Client PC. A Server certificate is installed on the ACS. All has been configured as detailed on the Cisco Web Site (numerous documents).
  If I set the client to authenticate the Servers certificate I get a failure. The clients log (Cisco Secure Services Client) states:
  11:48:53.088 Validating the server.
  11:48:53.088 Server list is empty, trusted server can not be validated.
  11:48:53.088 Server list is empty, trusted server can not be validated.
  11:48:53.088 The server certificate is invalid, the common name ACS-One.rotherham.gov.uk does not match.
  11:48:54.776 Port state transition to AC_PORT_STATE_UNAUTHENTICATED(AC_PORT_STATUS_ERR_SERVER_TLS_CERTIFICATE_REJECTED)
  11:48:54.776 The authentication process has failed.
  If I look at the Auth log on ACS (set to full logging) it states:
  AUTH 08/27/2008 14:09:04 I 0701 1492 AuthenProcessResponse: process response for 'paul.kyte@domain' against Windows NT/2000
  AUTH 08/27/2008 14:09:04 E 0350 1492 EAP: TLS: ProcessResponse: SSL handshake failed, status = 3 (SSL alert fatal:bad certificate)
  If I configure the client to not check the servers certificate it all works ok.
  Can anyone tell me why my server certificate is getting rejected?
  Thanks,
  Paul

  If Cisco Secure ACS runs on a member server and any user is to be authenticated using EAP-TLS, you must complete additional configuration in Active Directory of the domain containing Cisco Secure ACS. The username that you configured to run all Cisco Secure ACS services must also have permission to read user properties in Active Directory, else EAP-TLS authentication fails.

• 802.1X network

  Dear fellow members,
  I am working at a university where they work with certificates to connect to a 802.1X wifi netwerk trough TTLS.
  We are working with 15 MBP's with 10.6.7 on it. They are all rent notebooks, so the 802.1X profile needs to be empty of credentials so they need to login again after restart/reboot.
  So i made a profile on TTLS with PAP without credentials and after that i try to connect and yes, there it is, a credential login box. So far so good. Even the authentication works great, so the connection to the wifi network is quickly made.
  But when i restart the MBP, the first thing the OS is doing is showing me the credential login box. Hey, no problem at all, that is exactly wat i need. Only this time, when i fill in my credentials, it isnt connecting to the network. I have to cancel the login box, going to the netwerk preferences and push the connect button which shows me again a credential login box. I fill in the credentials and yes, it is working again.
  So, few questions about this. Why is the first login box not working? It is a login box which ask me for credentials for the network i want, so i really dont understand why it isn't working. And how can i remove the first login box screen?

  http://www.google.ca/url?q=http://h20000.www2.hp.c​om/bc/docs/support/SupportManual/c00731218/c007312​...