ACS 4.1 Server and WLAN Bridge

Similar Messages

• Integration of Cisco ACS SE 4.2 and RSA SecurID Token Server

  Hi,
  I would be very appreciated if anyone can share their experience. Thanks in advance.
  Issue:
  I am trying to configure the ACE SE 4.2 to authenticate using RSA SecurID Token Server.
  Problems encountered:
  Authentication failed. In the failed logged attempt the error "External Database not operational" was next to the login name.
  In the auth.log, there was "External DB [SecurID.dll]: aceclnt.dll callback returned error [23]".
  Questions:
  1. Please kindly advise how I should resolve this problem.
  2. Also, is there any successful message once ACS get the sdconf.rec? Will the "Purge Node Secret" button be enabled?
  Troubleshooting steps I have done:
  Below is the steps I took to setup the external DB.
  1. Verified sdconf.rec is not a garbage file using the Test authentication function in RSA client.
  2. FTP sdconf.rec in the external database configuration. (Had used Wireshark and confirm file transfered successfully.)
  2. Defined unknown user policy to check RSA SecurID Token Server to authenticate.
  Thank you.

  I have NO experience with ACS SE 4.2 and
  RSA SecurID Token Server BUT I have
  experiences with Cisco ACS 4.1 running on
  Windows 2003 SP2 Enterprise Edition and
  RSA SecurID Token Server.
  All the troubleshoot you've done is correct.
  In Windows 2003 running Cisco ACS, you can
  install the test authentication RSA client
  and that you can verify that the setup
  is correct (by verifying that the sdconf.rec
  is not corrupted).
  One thing I can think of is that when you
  setup the ACS SE box, under external
  database, configure unknown user policy,
  did you check it to tell how to define users
  when they are not found in the ACS internal
  database. Did you select RSA SecurID token
  server?
  Other than that, from what I understand,
  you've done everything correctly.

• Web gallery upload problem - the server switched to FTPS and now Bridge CS6 won't recognize it.

  I use Bridge CS6 on a Mac to create & upload web galleries directly to my website. My web server just changed and they no longer support FTP, only FTPS. When I try to upload a web gallery now, Bridge gives me the message that my username/password is incorrect. I have tested the server and can connect via Fetch so I know that it's possible to connect to the server. Is there anywhere in Bridge that allows you to change the FTP settings to allow it to recognize the FTPS? I cannot seem to find any information, I feel like there should be a simple fix and I'm probably overlooking it. Any help would be greatly appreciated!!

  Fondation RetroActif wrote:
  I Have a Master collection license. Is there a possibility to install Bridge separately ? There is no option to install it separately during the install process :-/
  Bridge is not a seperate program.  It is part of Photoshop.  That is why some users have to  launch Bridge the first time from PS to make it work. 
  Not familliar with the Suite, but if there are other applications where you can launch Bridge from the program try it.
  Also, make sure you have uninstalled any Adobe trials that may cause a conflict with permissions.

• Mountain Lion calendar and notes sync problems with exchange server via WLAN

  After upgrading to Mountain Lion calendar and notes do not sync anymore with my exchange server via WLAN. There are no syncing problems via ethernet if WLAN is deactivated. Mail works fine with both connection types. Similar problems known? Solutions?
  Thanks for any ideas.

  Exact same issue ... cropped up in the past 2 weeks. Constantly syncing and re syncing. Watching calendar events show up and disappear. Tried all the normal stuff including deleting and re setting up the entire acct ... no luck. It built out the whole calendar correctly ( from what I could tell) and then started to sync again and appointments randomly appeared and disappeared .....

• ACS and WLAN

  We have a customer who has several remote locations all connected via private links. In those remote locations they will have Aironet 1200 series APs. Will we be able to have those wireless users authenticate to an ACS server at the main location?

  You can use the ACS server at the main location. The only problem that I can think of that may be an issue would be caused by latency of the link back to the main site. You may need to adjust your radius timeout values if the links have high utilization or an latency issues.
  The other thing I would do is implement WDS at the remote sites. This will cause the first authentication to get passed to the ACS server and subsequent authentications to occur locally to the WDS master AP at the remote site for the specific account.
  I have a similar setup at many of my remote sites. All of my remote sites connect back to the main site via T1's that have AP's deployed. I have not heard of any problems from my users with this setup.
  HTH
  Steve

• Bridge NOT able to connect to one server and send message

  I have configure JMS bridge between MQ queue and a distributed queue ( which is targeting JMS servers in a cluster ).
  Bridge is able to connect to all servers and transfer messages, except one.
  Messages arriving on the MQ queue are delivered by the JMS bridge to all the JMS servers except one
  We turned on debug on MessagingBridge on affected server and got the error msg in the attached log.
  Following is the exception strace:
  <Jan 21, 2010 7:22:19 PM EST> <Warning> <MessagingBridge> <BEA-200026> <Bridge "TsysTIPSBridge" encountered some problems in one of
  its adapters or underlying systems. It stopped transferring messages and will try to reconnect to the adapters shortly. (The excepti
  on caught was java.lang.Exception: javax.resource.ResourceException: Error sending message
  at weblogic.jms.adapter.JMSBaseConnection.throwResourceException(JMSBaseConnection.java:1470)
  at weblogic.jms.adapter.JMSBaseConnection.send(JMSBaseConnection.java:714)
  at weblogic.jms.adapter.JMSConnectionHandle.send(JMSConnectionHandle.java:144)
  at weblogic.jms.bridge.internal.MessagingBridge.onMessageInternal(MessagingBridge.java:1325)
  at weblogic.jms.bridge.internal.MessagingBridge.onMessage(MessagingBridge.java:1251)
  at weblogic.jms.adapter.JMSBaseConnection$29.run(JMSBaseConnection.java:2070)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
  at weblogic.jms.adapter.JMSBaseConnection.onMessage(JMSBaseConnection.java:2066)
  at com.ibm.mq.jms.MQMessageConsumer.receiveAsync(MQMessageConsumer.java:2969)
  at com.ibm.mq.jms.SessionAsyncHelper.run(SessionAsyncHelper.java:406)
  at java.lang.Thread.run(Thread.java:595)
  -------------- Linked Exception ------------
  javax.resource.ResourceException: Error creating producer or sending message
  at weblogic.jms.adapter.JMSBaseConnection.throwResourceException(JMSBaseConnection.java:1470)
  at weblogic.jms.adapter.JMSBaseConnection.sendInternal(JMSBaseConnection.java:815)
  at weblogic.jms.adapter.JMSBaseConnection.access$200(JMSBaseConnection.java:84)
  at weblogic.jms.adapter.JMSBaseConnection$6.run(JMSBaseConnection.java:707)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
  at weblogic.jms.adapter.JMSBaseConnection.send(JMSBaseConnection.java:704)
  at weblogic.jms.adapter.JMSConnectionHandle.send(JMSConnectionHandle.java:144)
  at weblogic.jms.bridge.internal.MessagingBridge.onMessageInternal(MessagingBridge.java:1325)
  at weblogic.jms.bridge.internal.MessagingBridge.onMessage(MessagingBridge.java:1251)
  at weblogic.jms.adapter.JMSBaseConnection$29.run(JMSBaseConnection.java:2070)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
  at weblogic.jms.adapter.JMSBaseConnection.onMessage(JMSBaseConnection.java:2066)
  at com.ibm.mq.jms.MQMessageConsumer.receiveAsync(MQMessageConsumer.java:2969)
  at com.ibm.mq.jms.SessionAsyncHelper.run(SessionAsyncHelper.java:406)
  at java.lang.Thread.run(Thread.java:595)
  -------------- Linked Exception 2 ------------
  javax.jms.MessageNotWriteableException: MQJMS0008: JMS Client attempts to write a read-only message
  at com.ibm.jms.JMSMessage.newMessageNotWriteableException(JMSMessage.java:4782)
  at com.ibm.jms.JMSMessage.setStringProperty(JMSMessage.java:5738)
  at weblogic.jms.client.WLProducerImpl.send(WLProducerImpl.java)
  at weblogic.jms.adapter.JMSBaseConnection.sendInternal(JMSBaseConnection.java:773)
  at weblogic.jms.adapter.JMSBaseConnection.access$200(JMSBaseConnection.java:84)
  at weblogic.jms.adapter.JMSBaseConnection$6.run(JMSBaseConnection.java:707)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
  at weblogic.jms.adapter.JMSBaseConnection.send(JMSBaseConnection.java:704)
  at weblogic.jms.adapter.JMSConnectionHandle.send(JMSConnectionHandle.java:144)
  at weblogic.jms.bridge.internal.MessagingBridge.onMessageInternal(MessagingBridge.java:1325)
  at weblogic.jms.bridge.internal.MessagingBridge.onMessage(MessagingBridge.java:1251)
  at weblogic.jms.adapter.JMSBaseConnection$29.run(JMSBaseConnection.java:2070)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
  at weblogic.jms.adapter.JMSBaseConnection.onMessage(JMSBaseConnection.java:2066)
  at com.ibm.mq.jms.MQMessageConsumer.receiveAsync(MQMessageConsumer.java:2969)
  at com.ibm.mq.jms.SessionAsyncHelper.run(SessionAsyncHelper.java:406)
  at java.lang.Thread.run(Thread.java:595)
  I am new to JMS
  Please help

  What version of WebLogic and MQ are you using?
  Have you ensured that the target Destination and Connection Factory are both WebLogic artifacts (neither should reference an MQ resource)?
  Tom

• Bridging LAN and WLAN

  I am trying to get VNC working on my computers, but I need to bridge LAN and WLAN. I do not know how to do this. This is the first networking experience I have. Can someone point me in the right direction? I do not even know where to begin. Thank you in advance.

  Just go to your network connections, Highlight the two networks, Right click, and Hit "bridge connections" hope this helps.

• Certificate on wlan bridge 1400

  I have a wlan network with EAP-TLS Authentication. So any clients have a certificate, but some client's in the fabrik have no wlan Adapter,
  so i must use a wlan bridge (such as 1400 series). So is it possible to use a certificate on the wlan-bridge, to
  have a TLS Tunnel from the bridge ?
  regars Wolfgang

  Hello Wolfgang,
  do your wired clients already have a (legacy) e.g. RADIUS server to which they authenticate ?
  If not, you will need an authentication server that can 'distinguish between wired and wireless authentication requests for the same user and handle them appropriately. E.g. Interlink Networks’ RAD-Series and Secure.XS servers have the flexibility and power to configure both wireless and wired authentication for the same user groups.
  If you already have a legacy e.g. RADIUS server, both the EAP and the RADIUS have to work together, preferably by, as you suggested, a TLS tunnel.
  Is that what you are asking ?
  Regards,
  GP

• Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points

  Hi Guys,
  I would like to go for "Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points 1300". I want the AP to broadcast only 1 SSID. The client find the SSID ->put in his user credential->Raudius athentication->assign him to an specific vlan based on his groupship.
  The problem here is that I don't have a AP controller but only configurable Aironet Access Points 1300. I can connect to the radius server, but I am not sure how to confirgure the AP's port, radio port, vlan and SSID.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
  I go through some references:
  3.5  RADIUS-Based VLAN Access Control
  As discussed earlier, each SSID is mapped to a default VLAN-ID on the wired side. The IT administrator may wish to impose back end (such as RADIUS)-based VLAN access control using 802.1X or MAC address authentication mechanisms. For example, if the WLAN is set up such that all VLANs use 802.1X and similar encryption mechanisms for WLAN user access, then a user can "hop" from one VLAN to another by simply changing the SSID and successfully authenticating to the access point (using 802.1X). This may not be preferred if the WLAN user is confined to a particular VLAN.
  There are two different ways to implement RADIUS-based VLAN access control features:
  1. RADIUS-based SSID access control: Upon successful 802.1X or MAC address authentication, the RADIUS server passes back the allowed SSID list for the WLAN user to the access point or bridge. If the user used an SSID on the allowed SSID list, then the user is allowed to associate to the WLAN. Otherwise, the user is disassociated from the access point or bridge.
  2. RADIUS-based VLAN assignment: Upon successful 802.1X or MAC address authentication, the RADIUS server assigns the user to a predetermined VLAN-ID on the wired side. The SSID used for WLAN access doesn't matter because the user is always assigned to this predetermined VLAN-ID.
  extract from: Wireless Virtual LAN Deployment Guide
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html
  ==============================================================
  Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration Example
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
  ==============================================================
  Controller: Wireless Domain Services Configuration
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml
  Any help on this issue is appreicated.
  Thanks.

  I'm not sure if the Autonomous APs have the option for AAA Override.  On the WLC, I can go into the BSSID, Security, Advanced, and there's a checkbox that I would check to allow a Radius server to send back the VLAN.
  I did a little research and it looks like the 1300 may give this option but instead is defined as "VLAN Override".  I've found the release notes for 12.3(7)JA5 (not sure what version you're running) that give mention and a link to configuring EAP on page 4: http://www.ciscosystems.ch/en/US/docs/wireless/access_point/1300/release/notes/o37ja5rn.pdf
  Hope this helps

• Weblogic 8.1 App Server and IBM MQ Series 5.2 Issue

  Hi All,
            I am trying to create a bridge between Weblogic 8.1 App Server and IBM MQ Series 5.2 and i am facing issues.
            Bridge works fine if i use QualityOfService="Atmost-once" and i am getting following error when i use
            QualityOfService="Duplicate-okay".
            Error:
            <Oct 16, 2003 6:03:35 PM PDT> <Error> <MessagingBridge> <BEA-200015> <An error occurred in bridge "MQSeries WebLogic Bridge" during the transfer of messages (java.lang.Exception: weblogic.jms.adapter.JMSConnectionHandle.acknowledge(Ljavax/jms/MessageV).>
            <Oct 16, 2003 6:03:35 PM PDT> <Warning> <MessagingBridge> <BEA-200026> <Bridge "MQSeries WebLogic Bridge" encountered some problems in one of its adapters or underlying systems. It stopped transferring messages and will try to reconnect to the adapters shortly. (The exception caught was weblogic.jms.bridge.internal.MessagingBridgeException.)>
            Any suggestions or comments will be really appreciated.
            Thanks
            Suresh
            

  It is weird that nothing shows up in the log after you turned on the debug.
            Actually I knew somebody has run into the same problem once.
            The problem disappeared after he did something on the MQSeries side (like
            restart the system and something else). I did not know exactly what he did.
            I am not sure if that will help you but worth trying.
            If that does work either, I'd suggest that you contact the BEA Customer Support
            and somebody will look at it for you in depth.
            Thanks,
            Dongbo
            Suresh wrote:
            > Thanks for following up on this.
            >
            > This bridge works with 6.1 app server and we are trying to use the same stuff
            > for 8.1 app server too. No, we are not using XAConnectionFactory.
            >
            > Suresh
            >
            > Dongbo Xiao <[email protected]> wrote:
            > >Is there any chance that the JMS connection factory on the MQSeries
            > >side is a XAConnectionFactory?
            > >
            > >Suresh wrote:
            > >
            > >> I am using the debug options (-Dweblogic.Debug.DebugMessagingBridgeStartup="true"
            > >> -Dweblogic.Debug.DebugMessagingBridgeRuntime="true") in my stratip
            > >script,
            > >> but, thats the maximum stack trace I can get. I am using jms-notran-adp.rar
            > >for
            > >> both QOS. Bridge is working fine when I use Exactly-once and repeatedly
            > >getting
            > >> the same message when I use Duplicate_okay. My destination queue is
            > >not able to
            > >> ackowledge the messge to the sender.
            > >>
            > >> Here I am giving nodes from my config.xml
            > >>
            > >> <MessagingBridge AsyncEnabled="false" BatchInterval="40000"
            > >> Name="MQSeries WebLogic Bridge"
            > >> QualityOfService="Duplicate-okay"
            > >> SourceDestination="MQSeries Inbound Destination" Started="true"
            > >> TargetDestination="WebLogic Inbound Destination" Targets="myserver"/>
            > >> <JMSBridgeDestination
            > >> AdapterJNDIName="eis.jms.WLSConnectionFactoryJNDINoTX"
            > >> ConnectionFactoryJNDIName="jms.InboundMessageConnectionFactory"
            > >> ConnectionURL="t3://myserver:7001"
            > >> DestinationJNDIName="jms.InboundMessageQueue"
            > >> DestinationType="Queue"
            > >> InitialContextFactory="weblogic.jndi.WLInitialContextFactory"
            > >> Name="WebLogic Inbound Destination" UserName="username" UserPassword="pwd"/>
            > >> <JMSBridgeDestination
            > >> AdapterJNDIName="eis.jms.WLSConnectionFactoryJNDINoTX"
            > >> ConnectionFactoryJNDIName="cn=MQ_BROKER_1,ou=inboundConnectionFactories,ou=mqseries,ou=jms,ou=Systems"
            > >> ConnectionURL="ldap://ldapServer:389/o=myroot"
            > >> DestinationJNDIName="cn=queue2,ou=queue,ou=mqseries,ou=jms,ou=Systems"
            > >> InitialContextFactory="com.sun.jndi.ldap.LdapCtxFactory"
            > >> Name="MQSeries Inbound Destination"
            > >> UserName="cn=admin,o=myroot" UserPassword="pwd"/>
            > >> <Application Name="jms-notran-adp"
            > >> Path="C:\bea\weblogic81\server\lib" StagingMode="nostage" TwoPhase="true">
            > >> <ConnectorComponent Name="jms-notran-adp"
            > >> Targets="rdoddapaneni3" URI="jms-notran-adp.rar"/>
            > >> </Application>
            > >>
            > >> Thanks
            > >>
            > >> Tom Barnes <[email protected]> wrote:
            > >> >By the way, if you are looking to improve performance, transactional
            > >> >mode may actually be the fastest. See the JMS Performance
            > >> >Guide white-paper on dev2dev for details.
            > >> >
            > >> >Suresh wrote:
            > >> >
            > >> >> Hi All,
            > >> >>
            > >> >> I am trying to create a bridge between Weblogic 8.1 App Server and
            > >> >IBM MQ Series 5.2 and i am facing issues.
            > >> >>
            > >> >> Bridge works fine if i use QualityOfService="Atmost-once" and i
            > >am
            > >> >getting following error when i use
            > >> >> QualityOfService="Duplicate-okay".
            > >> >>
            > >> >> Error:
            > >> >>
            > >> >> <Oct 16, 2003 6:03:35 PM PDT> <Error> <MessagingBridge> <BEA-200015>
            > >> ><An error occurred in bridge "MQSeries WebLogic Bridge" during the
            > >transfer
            > >> >of messages (java.lang.Exception: weblogic.jms.adapter.JMSConnectionHandle.acknowledge(Ljavax/jms/MessageV).>
            > >> >
            > >> >> <Oct 16, 2003 6:03:35 PM PDT> <Warning> <MessagingBridge> <BEA-200026>
            > >> ><Bridge "MQSeries WebLogic Bridge" encountered some problems in one
            > >> >of its adapters or underlying systems. It stopped transferring messages
            > >> >and will try to reconnect to the adapters shortly. (The exception
            > >caught
            > >> >was weblogic.jms.bridge.internal.MessagingBridgeException.)>
            > >> >>
            > >> >> Any suggestions or comments will be really appreciated.
            > >> >>
            > >> >> Thanks
            > >> >> Suresh
            > >> >
            > >
            

• Client server and database

  Hi im just still a beginner with java and ive a project that requires me to set up a client and server and store location information over gprs to a database. all the talk of drivers and sdks etc is very confusing trying toread through it. I've the java sdk 1.4.2-06 downloaded and as far as i can determine this contains the jdbc api. not sure which one though. whats the next step? download a driver, i dont know which one, can anyone help???? please

  Yes, J2SE does contain JDBC. It does have one driver, the JDBC-ODBC bridge, which requires that you have ODBC installed on the client machine.
  But you'll probably want an all-Java JDBC driver that's written for your database. Every database vendor has one, usually free for the download. It'll come in the form of a Java JAR file, which you'll have to put in the CLASSPATH of your client when you run it.
  Which database are you using?
  PS - What's a "GPRS"?

• BES and Blackberry Bridge conflict

  I have a blackberry 9810. I have configured the bridge and the data is appearing on my playbook but it is not opening. The issue was the IP policy when trying to open messages and accepting the BBM licence. I tried the reset to factory setting and the bridge worked well all data was being viewed.
  My next step was to sync the Enterprise mail. once this was done using the Blackberry desktop manager the bridge returned to the state prior to the reset.
  Why is this happening and how to get pass it.

  Hello...and apologies for the delayed reply!
  Hopefully you already have this resolved...but just in case.
  From your description, this definitely sounds like a limitation imposed by the IT (not "IP") Policy, which is placed by the BES server at activation of the BB device. You need to discuss this with your BES admins, and they can seek help from other BES admins in the BES section of this site.
  Good luck!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Error with Sql Server and Java App

  Hi i have a java based multithread application which comunicate with SQL SERVER via DSN bridge , some time my application crashes with this error any idea what its happend and how to remove it .
  Thanks
  ************* Exception ********************************8
  An unexpected exception has been detected in native code outside the VM.
  Unexpected Signal : EXCEPTION_ACCESS_VIOLATION occurred at PC=0x77F87EEB
  Function=RtlEnterCriticalSection+0xB
  Library=F:\WINNT\system32\ntdll.dll
  Current Java thread:
  at sun.jdbc.odbc.JdbcOdbc.numResultCols(Native Method)
  at sun.jdbc.odbc.JdbcOdbc.SQLNumResultCols(JdbcOdbc.java:4625)
  at sun.jdbc.odbc.JdbcOdbcStatement.getColumnCount(JdbcOdbcStatement.java:1235)
  at sun.jdbc.odbc.JdbcOdbcStatement.execute(JdbcOdbcStatement.java:352)
  - locked <04DC3EE0> (a sun.jdbc.odbc.JdbcOdbcStatement)
  at sun.jdbc.odbc.JdbcOdbcStatement.executeUpdate(JdbcOdbcStatement.java:288)
  at advcomm.advrad.DBParams.Ltht(Unknown Source)
  at advcomm.advrad.DBParams.BDhb(Unknown Source)
  at advcomm.advrad.DlkhlHz.run(Unknown Source)
  Dynamic libraries:
  0x00400000 - 0x00406000 F:\j2sdk1.4.1_03\bin\java.exe
  0x77F80000 - 0x77FFC000 F:\WINNT\system32\ntdll.dll
  0x7C2D0000 - 0x7C335000 F:\WINNT\system32\ADVAPI32.dll
  0x7C570000 - 0x7C623000 F:\WINNT\system32\KERNEL32.dll
  0x77D30000 - 0x77DA8000 F:\WINNT\system32\RPCRT4.dll
  0x78000000 - 0x78045000 F:\WINNT\system32\MSVCRT.dll
  0x75030000 - 0x75044000 F:\WINNT\system32\WS2_32.DLL
  0x75020000 - 0x75028000 F:\WINNT\system32\WS2HELP.DLL
  0x6D340000 - 0x6D46B000 F:\j2sdk1.4.1_03\jre\bin\client\jvm.dll
  0x77E10000 - 0x77E79000 F:\WINNT\system32\USER32.dll
  0x77F40000 - 0x77F7C000 F:\WINNT\system32\GDI32.dll
  0x77570000 - 0x775A0000 F:\WINNT\system32\WINMM.dll
  0x6D1E0000 - 0x6D1E7000 F:\j2sdk1.4.1_03\jre\bin\hpi.dll
  0x6D310000 - 0x6D31E000 F:\j2sdk1.4.1_03\jre\bin\verify.dll
  0x6D220000 - 0x6D239000 F:\j2sdk1.4.1_03\jre\bin\java.dll
  0x6D330000 - 0x6D33D000 F:\j2sdk1.4.1_03\jre\bin\zip.dll
  0x6D260000 - 0x6D26B000 F:\j2sdk1.4.1_03\jre\bin\JdbcOdbc.dll
  0x1F7A0000 - 0x1F7DA000 F:\WINNT\system32\ODBC32.dll
  0x71710000 - 0x71794000 F:\WINNT\system32\COMCTL32.dll
  0x7CF30000 - 0x7D175000 F:\WINNT\system32\SHELL32.dll
  0x70A70000 - 0x70AD6000 F:\WINNT\system32\SHLWAPI.dll
  0x76B30000 - 0x76B6E000 F:\WINNT\system32\comdlg32.dll
  0x1F840000 - 0x1F857000 F:\WINNT\system32\odbcint.dll
  0x1F9C0000 - 0x1FA27000 F:\WINNT\System32\SQLSRV32.dll
  0x41090000 - 0x410BD000 F:\WINNT\System32\SQLUNIRL.dll
  0x77800000 - 0x7781E000 F:\WINNT\System32\WINSPOOL.DRV
  0x76620000 - 0x76631000 F:\WINNT\system32\MPR.DLL
  0x77820000 - 0x77827000 F:\WINNT\system32\VERSION.dll
  0x759B0000 - 0x759B6000 F:\WINNT\system32\LZ32.DLL
  0x779B0000 - 0x77A4B000 F:\WINNT\system32\OLEAUT32.dll
  0x7CE20000 - 0x7CF0F000 F:\WINNT\system32\ole32.dll
  0x7CDC0000 - 0x7CE13000 F:\WINNT\System32\NETAPI32.dll
  0x77980000 - 0x779A4000 F:\WINNT\System32\DNSAPI.dll
  0x75050000 - 0x75058000 F:\WINNT\System32\WSOCK32.dll
  0x751C0000 - 0x751C6000 F:\WINNT\System32\NETRAP.dll
  0x77BF0000 - 0x77C01000 F:\WINNT\System32\NTDSAPI.dll
  0x77950000 - 0x7797B000 F:\WINNT\system32\WLDAP32.DLL
  0x7C340000 - 0x7C34F000 F:\WINNT\System32\SECUR32.DLL
  0x75150000 - 0x75160000 F:\WINNT\System32\SAMLIB.dll
  0x769A0000 - 0x769A7000 F:\WINNT\system32\NDDEAPI.DLL
  0x1FA30000 - 0x1FA46000 F:\WINNT\System32\sqlsrv32.rll
  0x1F7F0000 - 0x1F80A000 F:\WINNT\system32\odbccp32.dll
  0x74CB0000 - 0x74CCA000 F:\WINNT\system32\DBNETLIB.DLL
  0x75500000 - 0x75504000 F:\WINNT\system32\security.dll
  0x782D0000 - 0x782F2000 F:\WINNT\system32\msv1_0.dll
  0x7C740000 - 0x7C7CC000 F:\WINNT\system32\CRYPT32.dll
  0x77430000 - 0x77441000 F:\WINNT\system32\MSASN1.dll
  0x77340000 - 0x77353000 F:\WINNT\system32\iphlpapi.dll
  0x77520000 - 0x77525000 F:\WINNT\system32\ICMP.DLL
  0x77320000 - 0x77337000 F:\WINNT\system32\MPRAPI.DLL
  0x773B0000 - 0x773DF000 F:\WINNT\system32\ACTIVEDS.DLL
  0x77380000 - 0x773A3000 F:\WINNT\system32\ADSLDPC.DLL
  0x77830000 - 0x7783E000 F:\WINNT\system32\RTUTILS.DLL
  0x77880000 - 0x7790E000 F:\WINNT\system32\SETUPAPI.DLL
  0x7C0F0000 - 0x7C154000 F:\WINNT\system32\USERENV.DLL
  0x774E0000 - 0x77514000 F:\WINNT\system32\RASAPI32.DLL
  0x774C0000 - 0x774D1000 F:\WINNT\system32\rasman.dll
  0x77530000 - 0x77552000 F:\WINNT\system32\TAPI32.dll
  0x77360000 - 0x77379000 F:\WINNT\system32\DHCPCSVC.DLL
  0x74CD0000 - 0x74CD8000 F:\WINNT\system32\DBmsLPCn.dll
  0x0B990000 - 0x0B9E6000 F:\WINNT\system32\MSVCR71.dll
  0x6D2E0000 - 0x6D2EE000 F:\j2sdk1.4.1_03\jre\bin\net.dll
  0x782C0000 - 0x782CC000 F:\WINNT\System32\rnr20.dll
  0x777E0000 - 0x777E8000 F:\WINNT\System32\winrnr.dll
  0x777F0000 - 0x777F5000 F:\WINNT\system32\rasadhlp.dll
  0x74FD0000 - 0x74FEE000 F:\WINNT\system32\msafd.dll
  0x75010000 - 0x75017000 F:\WINNT\System32\wshtcpip.dll
  0x77920000 - 0x77943000 F:\WINNT\system32\imagehlp.dll
  0x72A00000 - 0x72A2D000 F:\WINNT\system32\DBGHELP.dll
  0x690A0000 - 0x690AB000 F:\WINNT\system32\PSAPI.DLL
  Local Time = Wed Mar 08 17:24:41 2006
  Elapsed Time = 9294
  # The exception above was detected in native code outside the VM
  # Java VM: Java HotSpot(TM) Client VM (1.4.1_03-b02 mixed mode)
  #

  I'm having the same problem.
  One potential solutions is to use a custom SQL server JDBC driver instead of going through the ODBC bridge. This will minimize dependencies and should also improved performance. Hope this helps.
  - Joe

• ACS v5.1 - LDAP and PEAP

  Hi!
  I'm trying to authenticate a WinXP client with PEAP.
  And since it is only possible to define only one Active Directory in ACS v5.1 ( why on earth is that???), I had to define my other AD domain through LDAP.
  But when I try to authenticate, this is what happens:
  11001  Received RADIUS  Access-Request
  11017  RADIUS created a new  session
  Evaluating Service Selection  Policy
  15004  Matched rule
  15012  Selected Access  Service - Policy-SwitchAccess-Testdomain
  11507  Extracted  EAP-Response/Identity
  12500  Prepared EAP-Request  proposing EAP-TLS with challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an  existing session
  12301  Extracted  EAP-Response/NAK requesting to use PEAP instead
  12300  Prepared EAP-Request  proposing PEAP with challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an  existing session
  12302  Extracted EAP-Response  containing PEAP challenge-response and accepting PEAP as negotiated
  12318  Successfully  negotiated PEAP version 0
  12800  Extracted first TLS  record; TLS handshake started.
  12805  Extracted TLS  ClientHello message.
  12806  Prepared TLS  ServerHello message.
  12807  Prepared TLS  Certificate message.
  12810  Prepared TLS  ServerDone message.
  12305  Prepared EAP-Request  with another PEAP challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an  existing session
  12304  Extracted EAP-Response  containing PEAP challenge-response
  12305  Prepared EAP-Request  with another PEAP challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an  existing session
  12304  Extracted EAP-Response  containing PEAP challenge-response
  12318  Successfully  negotiated PEAP version 0
  12812  Extracted TLS  ClientKeyExchange message.
  12804  Extracted TLS Finished  message.
  12801  Prepared TLS  ChangeCipherSpec message.
  12802  Prepared TLS Finished  message.
  12816  TLS handshake  succeeded.
  12310  PEAP full handshake  finished successfully
  12305  Prepared EAP-Request  with another PEAP challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an  existing session
  12304  Extracted EAP-Response  containing PEAP challenge-response
  12313  PEAP inner method  started
  11521  Prepared  EAP-Request/Identity for inner EAP method
  12305  Prepared EAP-Request  with another PEAP challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an  existing session
  12304  Extracted EAP-Response  containing PEAP challenge-response
  11522  Extracted  EAP-Response/Identity for inner EAP method
  11806  Prepared EAP-Request  for inner method proposing EAP-MSCHAP with challenge
  12305  Prepared EAP-Request  with another PEAP challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an  existing session
  12304  Extracted EAP-Response  containing PEAP challenge-response
  11808  Extracted EAP-Response  containing EAP-MSCHAP challenge-response for inner method and accepting  EAP-MSCHAP as negotiated
  Evaluating Identity Policy
  15006  Matched Default Rule
  15013  Selected Identity  Store -
  22043  Current Identity Store  does not support the authentication method; Skipping it.
  22056  Subject not found in  the applicable identity store(s).
  22058  The advanced option  that is configured for an unknown user is used.
  22061  The 'Reject' advanced  option is configured in case of a failed authentication request.
  11815  Inner EAP-MSCHAP  authentication failed
  11520  Prepared EAP-Failure  for inner EAP method
  22028  Authentication failed  and the advanced options are ignored.
  12305  Prepared EAP-Request  with another PEAP challenge
  11006  Returned RADIUS  Access-Challenge
  11001  Received RADIUS  Access-Request
  11018  RADIUS is re-using an  existing session
  12304  Extracted EAP-Response  containing PEAP challenge-response
  12307  PEAP authentication  failed
  11504  Prepared EAP-Failure
  11003  Returned RADIUS  Access-Reject
  What does this mean? Is it possible that ACS *STILL* does not support PEAP authentication agains LDAP??
  The other thing that bothers me, is that the matching rule is Default.
  But when I go into the matching Policy to see the hit count, none of the rules (including Default) has increased its Hit Count.. very strange.
  Thanks.

  LDAP as an external database never supports PEAP with  Mschap. The client should  be installed with the EAP-GTC supplicant.
  Peap Mschapv2 only works with Active Directory.
  Its an LDAP limitation, not ACS- there is no LDAP API to do it.
  Supported LDAP server and 802.1x clients:
  http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/de
  vice_support/sdt51.html#wp71123
  You may check PEAP FAQ's, please take a look under EAP TYPE comparison chart:
  http://www.cisco.biz/en/US/prod/collateral/wireless/ps5678/ps430/prod_qas0900aecd801764fa_
  ps2706_Products_Q_and_A_Item.html
  Regds,
  JK
  Do rate helpful posts-

• What attributes are shared between a Radius Server and a WLC?

  I have a customer who is trying to setup a Radius server to authenticate Management users for the controller,
  she is using a Microsoft NPS R2 server. All good at this point.
  She needs to know what attributes are shared between the server and the WLC to complete the authentication
  because she is being successfully authenticated, but still unable to access the WLC.
  Someone knows what those attributes are?
  The only information at the moment that I found, was on a document that said that different management
  users can receive different Vendor-specific Attributes. That means that the returned attributes to the WLC
  will depend of what radius server model or platform you are using.

  Robin,
  For using Microsoft radius to authenticate management users, you can reference this document, which shows you the steps involved.
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/91392-airespace-vsa-msias-config.html
  Thanks,
  Scott
  *****Help out other by using the rating system and marking answered questions as "Answered"*****