ACS user unknown though username in Server

All, Im facing very strange issue with my TACACS authentication. Normaly i connect my DC via SSL Anyconnect VPN then access all the Network devices, but since last week when i try to connect ASA i couldnt log in. I have user name in ACS server and the password authentication would redirect to RSA server. I can access other devices using my TACACS username and RSA passcode, but not only the ASA box. As rest of my team member can still access the ASA with their userid and passcode i dont think any issue in ASA box.
The error log message in ACS server is ACS user unknown.

To me it seems the shared secret being used on ASA to communicate with tacacs is mis-matched and that's a reason you are getting "ACS user unknown". This should be a problem all users who are trying to do ssh on ASA and authenticating against tacacs server. Why share-secret could be an issue because the shared secret being used to encrypt the packet is not same while decryption and that's why we are seeing unknown username.
~BR
Jatin Katyal
**Do rate helpful posts**

Similar Messages

Mavericks mail server "user unknown" error

For some reason, the mail server bounces the email sent to local network users and returns a "user unknown" error. The same error is received when an email from an external domain is sent to one of the open directory associated email addresses.
However, sending email from these accounts works just fine, just like sending and receiving email associated with the diradmin account.

Hi Jeffrey,
Changed the mx record to the juffrou......net domain, without succes.
Please find the export below.
Regards,
Lex
juffrouwjannie:~ xandstorm-juffrpuw-jannie$ sudo serveradmin settings mail
Password:
mail:postfix:smtpd_pw_server_security_options:_array_index:0 = "cram-md5"
mail:postfix:smtpd_pw_server_security_options:_array_index:1 = "digest-md5"
mail:postfix:smtpd_pw_server_security_options:_array_index:2 = "gssapi"
mail:postfix:smtpd_pw_server_security_options:_array_index:3 = "login"
mail:postfix:smtpd_pw_server_security_options:_array_index:4 = "plain"
mail:postfix:spam_quarantine = "[email protected]"
mail:postfix:smtp_reject_list_enabled = no
mail:postfix:smtp_sasl_auth_enable = no
mail:postfix:submit_cred:juffrouwjannie.vanderwerff.net:username = "submit"
mail:postfix:submit_cred:juffrouwjannie.vanderwerff.net:password = "lvFBZ9973YcUBWtAPEX7Dq"
mail:postfix:submit_cred:XANDSTORM-JUFFRPUW-JANNIEs-Mac-mini.local:username = "submit"
mail:postfix:submit_cred:XANDSTORM-JUFFRPUW-JANNIEs-Mac-mini.local:password = ""
mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_userid = ""
mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_pwd = ""
mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_host = ""
mail:postfix:client_permit_mynetworks = yes
mail:postfix:smtpd_tls_cert_file = "/etc/certificates/juffrouwjannie.vanderwerff.net.69F8227930804D0241A279CBC08AF DFBA687F300.cert.pem"
mail:postfix:maps_rbl_domains_enabled = yes
mail:postfix:spam_subject_tag = "***JUNK MAIL*** "
mail:postfix:smtpd_tls_CAfile = "/etc/certificates/juffrouwjannie.vanderwerff.net.69F8227930804D0241A279CBC08AF DFBA687F300.chain.pem"
mail:postfix:message_size_limit_enabled = yes
mail:postfix:virus_db_last_update = "2014-04-19 19:50:45 +0000"
mail:postfix:mail_enabled_groups = _empty_array
mail:postfix:add_whitelist_domain:_array_index:0 = "XANDSTORM-JUFFRPUW-JANNIEs-Mac-mini.local"
mail:postfix:add_whitelist_domain:_array_index:1 = "vanderwerff.net"
mail:postfix:virus_scan_enabled = no
mail:postfix:spam_notify_admin_email = "[email protected]"
mail:postfix:virus_db_log_level = "info"
mail:postfix:black_hole_domains:_array_index:0 = "zen.spamhaus.org"
mail:postfix:spam_ok_locales = "en"
mail:postfix:spam_scan_enabled = yes
mail:postfix:virus_quarantine = "[email protected]"
mail:postfix:reject_unauth_piplining_enabled = no
mail:postfix:spam_rewrite_subject = yes
mail:postfix:message_size_limit = 10485760
mail:postfix:mynetworks:_array_index:0 = "127.0.0.0/8"
mail:postfix:mynetworks:_array_index:1 = "[::1]/128"
mail:postfix:virus_log_level = "info"
mail:postfix:host_whitelist:_array_index:0 = "juffrouwjannie.vanderwerff.net"
mail:postfix:rbl_override_list = _empty_array
mail:postfix:greylist_enabled = no
mail:postfix:list_server_log_level = "info"
mail:postfix:group_expansion:start_interval = 10
mail:postfix:group_expansion:enable_group_expansion = no
mail:postfix:virus_notify_recipients = no
mail:postfix:luser_relay_enabled = no
mail:postfix:mydomain = "vanderwerff.net"
mail:postfix:enable_list_server = yes
mail:postfix:mydestination:_array_index:0 = "localhost"
mail:postfix:mydestination:_array_index:1 = "$mydomain"
mail:postfix:virus_notify_admin_email = "[email protected]"
mail:postfix:enable_virtual_domains = no
mail:postfix:spam_notify_admin = no
mail:postfix:required_hits = 6
mail:postfix:add_whitelist_host:_array_index:0 = "juffrouwjannie.vanderwerff.net"
mail:postfix:always_bcc_enabled = no
mail:postfix:enable_var_mail = no
mail:postfix:enable_smtp = yes
mail:postfix:smtpd_tls_key_file = "/etc/certificates/juffrouwjannie.vanderwerff.net.69F8227930804D0241A279CBC08AF DFBA687F300.key.pem"
mail:postfix:relayhost = ""
mail:postfix:mynetworks_enabled = no
mail:postfix:virtual_domains = _empty_array
mail:postfix:spam_ok_languages = "en"
mail:postfix:rbl_override_enabled = no
mail:postfix:log_rolling_days = 1
mail:postfix:enable_smtp_in = yes
mail:postfix:virtual_users_maps = _empty_array
mail:postfix:tls_server_options = "require"
mail:postfix:spam_action = "deliver"
mail:postfix:log_rolling_days_enabled = yes
mail:postfix:list_server_post_to_archve = no
mail:postfix:spam_log_level = "warn"
mail:postfix:smtp_uce_controlls = 1
mail:postfix:relayhost_enabled = no
mail:postfix:list_server_share_archives = no
mail:postfix:virus_action = "delete"
mail:postfix:virus_db_update_days = 12
mail:postfix:virus_notify_admin = no
mail:postfix:domain_whitelist:_array_index:0 = "XANDSTORM-JUFFRPUW-JANNIEs-Mac-mini.local"
mail:postfix:domain_whitelist:_array_index:1 = "vanderwerff.net"
mail:postfix:enable_smtp_out = yes
mail:postfix:text_only_attachments = no
mail:postfix:reject_unknown_client_enabled = no
mail:postfix:log_level = "info"
mail:postfix:myhostname = "juffrouwjannie.vanderwerff.net"
mail:global:auto_auth = no
mail:global:skip_enable_service_check = no
mail:global:service_data_path = "/Library/Server/Mail"
mail:imap:aps_topic = "com.apple.mail.XServer.0051960a-2429-481a-b784-c073eed597e1"
mail:imap:servername = ""
mail:imap:imap_auth_clear = yes
mail:imap:auth_gssapi_hostname = ""
mail:imap:admins = _empty_array
mail:imap:lmtp_luser_relay_enabled = no
mail:imap:lmtp_luser_relay = ""
mail:imap:pop_auth_clear = yes
mail:imap:enable_listid_autosave = "no"
mail:imap:max_imap_connections = 1000
mail:imap:log_level = "info"
mail:imap:tls_key_file = "/etc/certificates/juffrouwjannie.vanderwerff.net.69F8227930804D0241A279CBC08AF DFBA687F300.key.pem"
mail:imap:imap_auth_plain = yes
mail:imap:postmaster_address = "[email protected]"
mail:imap:quotawarn = 80
mail:imap:enable_quota_warnings = no
mail:imap:pop_auth_gssapi = no
mail:imap:junk_mail_userid = "junkmail"
mail:imap:global_quota = 0
mail:imap:partitions = _empty_array
mail:imap:tls_ca_file = "/etc/certificates/juffrouwjannie.vanderwerff.net.69F8227930804D0241A279CBC08AF DFBA687F300.chain.pem"
mail:imap:enforce_quotas = no
mail:imap:not_junk_mail_userid = "notjunkmail"
mail:imap:imap_auth_digest_md5 = yes
mail:imap:request_enable_webmail = no
mail:imap:client_cert_enabled = no
mail:imap:aps_topic_enabled = yes
mail:imap:imap_auth_gssapi = no
mail:imap:tls_server_options = "require"
mail:imap:pop_auth_apop = yes
mail:imap:quota_full_tempfail = yes
mail:imap:imap_urlauth_host = " "
mail:imap:enable_imap = yes
mail:imap:postmaster = "postmaster"
mail:imap:enable_pop = yes
mail:imap:partition-default = "/Library/Server/Mail/Data/mail"
mail:imap:imap_auth_login = yes
mail:imap:enable_sieve = yes
mail:imap:imap_auth_cram_md5 = yes
mail:imap:notification_server_enabled = yes
mail:imap:tls_cert_file = "/etc/certificates/juffrouwjannie.vanderwerff.net.69F8227930804D0241A279CBC08AF DFBA687F300.cert.pem"

When a new user is created on the Server Computer,Why profile for the user is created as computername.username?

When a new user is created on the Server Computer,Why profile for the user is created as computername.username?

This is done if there are domain users with the same name. For example, if there is a domain user named 'test' who has logged in on the server, he will get the profile 'test'. If you then create a local user named 'test', the profile 'test' already exists
and the computer will create the profile 'computername.test'

The server name osr_server1 is unknown to the administration server

I have successfully installed OSR and created WLS Domain using config.cmd. But when I try to start by command line (startManagedWebLogic.cmd osr_server1) I got the error "server is unknown". I have no idea what could be wrong.
Basically I followed http://niallcblogs.blogspot.com.br/2010/09/oracle-service-registry-and-osb11g.html.
The complete command line is:
C:\Oracle\Middleware\user_projects\domains\base_domain\bin>startManagedWebLogic.
cmd osr_server1
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=
48m -XX:MaxPermSize=128m
WLS Start Mode=Development
CLASSPATH=C:\Oracle\MIDDLE~1\patch_wls1036\profiles\default\sys_manifest_classpa
th\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_oepe180\profiles\default\sys_mani
fest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_ocp371\profiles\defau
lt\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_adfr1111\p
rofiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\JDK
160~1\lib\tools.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\
Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.jar;C:\Oracle\MIDDLE~1\modules\fe
atures\weblogic.server.modules_10.3.6.0.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server
\lib\webservices.jar;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\Or
acle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\Oracle\MIDDLE~1\WLSERV
~1.3\common\derby\lib\derbyclient.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\x
qrl.jar;C:\Program Files\Java\jdk1.7.0_09\jre\lib
PATH=C:\Oracle\MIDDLE~1\patch_wls1036\profiles\default\native;C:\Oracle\MIDDLE~1
\patch_oepe180\profiles\default\native;C:\Oracle\MIDDLE~1\patch_ocp371\profiles\
default\native;C:\Oracle\MIDDLE~1\patch_adfr1111\profiles\default\native;C:\Orac
le\MIDDLE~1\WLSERV~1.3\server\native\win\32;C:\Oracle\MIDDLE~1\WLSERV~1.3\server
\bin;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\Oracle\MIDDLE~1\JDK160~1\jre\b
in;C:\Oracle\MIDDLE~1\JDK160~1\bin;C:\Oracle\product\11.1.0\client_1\bin;C:\Wind
ows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowe
rShell\v1.0\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program File
s\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Micr
osoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft Visual Studio 9.0\Co
mmon7\IDE\PrivateAssemblies\;c:\Program Files\Microsoft SQL Server\90\Tools\binn
\;C:\Program Files\Java\jdk1.7.0_09\bin;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\nat
ive\win\32\oci920_8
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http:\\hostname:port\console *
starting weblogic with Java version:
java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
Java HotSpot(TM) Client VM (build 20.4-b02, mixed mode)
Starting WLS with line:
C:\Oracle\MIDDLE~1\JDK160~1\bin\java -client -Xms256m -Xmx512m -XX:CompileThre
shold=8000 -XX:PermSize=48m -XX:MaxPermSize=128m -Dweblogic.Name=osr_server1 -D
java.security.policy=C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.policy -D
weblogic.security.SSL.trustedCAKeyStore="C:\Oracle\Middleware\wlserver_10.3\serv
er\lib\cacerts" -Xverify:none -da -Dplatform.home=C:\Oracle\MIDDLE~1\WLSERV~1.
3 -Dwls.home=C:\Oracle\MIDDLE~1\WLSERV~1.3\server -Dweblogic.home=C:\Oracle\MIDD
LE~1\WLSERV~1.3\server -Dweblogic.management.discover=false -Dweblogic.managem
ent.server=http://SISTEMA026:7001 -Dwlw.iterativeDev=false -Dwlw.testConsole=fa
lse -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=C:\Oracle\MIDDLE~1\patch_
wls1036\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_oepe
180\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_ocp371\p
rofiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_adfr1111\prof
iles\default\sysext_manifest_classpath weblogic.Server
<19/11/2012 18h40min53s BRST> <Info> <Security> <BEA-090905> <Disabling CryptoJ
JCE Provider self-integrity check for better startup performance. To enable this
check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<19/11/2012 18h40min53s BRST> <Info> <Security> <BEA-090906> <Changing the defau
lt Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable
this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<19/11/2012 18h40min53s BRST> <Info> <WebLogicServer> <BEA-000377> <Starting Web
Logic Server with Java HotSpot(TM) Client VM Version 20.4-b02 from Sun Microsyst
ems Inc.>
<19/11/2012 18h40min53s BRST> <Info> <Security> <BEA-090065> <Getting boot ident
ity from user.>
Enter username to boot WebLogic server:weblogic_osr2
Enter password to boot WebLogic server:
<19/11/2012 18h41min23s BRST> <Info> <Management> <BEA-141107> <Version: WebLogi
c Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050 >
<19/11/2012 18h41min24s BRST> <Emergency> <Management> <BEA-141151> <The admin s
erver could not be reached at http://SISTEMA026:7001.>
<19/11/2012 18h41min24s BRST> <Critical> <WebLogicServer> <BEA-000362> <Server f
ailed. Reason:
There are 1 nested errors:
weblogic.management.ManagementException: The server name osr_server1 is unknown
to the administration server. Check if restart is required.
at weblogic.management.provider.internal.RuntimeAccessImpl.initialize(Ru
ntimeAccessImpl.java:447)
at weblogic.management.provider.internal.RuntimeAccessService.start(Runt
imeAccessService.java:49)
at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesMan
ager.java:461)
at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServ
icesManager.java:166)
at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:881)
at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:568)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:469)
at weblogic.Server.main(Server.java:71)
>
<19/11/2012 18h41min24s BRST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to FAILED>
<19/11/2012 18h41min24s BRST> <Error> <WebLogicServer> <BEA-000383> <A critical
service failed. The server will shut itself down>
<19/11/2012 18h41min24s BRST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to FORCE_SHUTTING_DOWN>

Yes, there are the tags you have suggested. The complete config.xml is below.
I tried:
C:\Oracle\Middleware\user_projects\domains\base_domain\bin>startManagedWebLogic.
cmd osr_server1
When asked the user, I tried the node-manager-username weblogic_osr2 and the admin user but I always received the error: The server name osr_server1 is unknown to the administration server.
<?xml version="1.0" encoding="UTF-8" ?>
- <domain xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd" xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<name>base_domain</name>
<domain-version>10.3.6.0</domain-version>
- <security-configuration>
<name>base_domain</name>
- <realm xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator">
<sec:authentication-provider xsi:type="wls:default-authenticatorType" />
- <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xsi:type="wls:default-role-mapperType" />
<sec:authorizer xsi:type="wls:default-authorizerType" />
<sec:adjudicator xsi:type="wls:default-adjudicatorType" />
<sec:credential-mapper xsi:type="wls:default-credential-mapperType" />
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType" />
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
- <sec:password-validator xsi:type="pas:system-password-validatorType">
<sec:name>systemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}LArhcMlb7Jdt2zQbNnzLdi3luhgdNyPJS1JIVb9H+VWi5XcC9SP4SQa/8mp/SKI072DoA/sGnzvYDqpn3OxQl3pE0LxaXoOmYNnWsSv/keo8I0rMvrXWJXqn4fbSl9bd</credential-encrypted>
*<node-manager-username>weblogic_osr2</node-manager-username>*
<node-manager-password-encrypted>{AES}1SioVLWu3mu/u6y/You1ZGeBTXJHfUCq+loZSCVOdSE=</node-manager-password-encrypted>
</security-configuration>
- <server>
<name>AdminServer</name>
<listen-address />
</server>
- <server>
*<name>osr_server1</name>*
<listen-port>7101</listen-port>
<listen-address>sistema026.br-lihi.libertyinternational.com</listen-address>
</server>
- <embedded-ldap>
<name>base_domain</name>
<credential-encrypted>{AES}C+0tyHN5wihXjDHQKdQt/5PvYpko8rS0PL6wSSvp3sHLZscRB1RjSNL8MXfHHjwW</credential-encrypted>
</embedded-ldap>
<configuration-version>10.3.6.0</configuration-version>
- <app-deployment>
<name>registry</name>
<target>osr_server1</target>
<module-type>war</module-type>
<source-path>C:\Oracle\Middleware\registry111/conf/porting/weblogic/build/registry.war</source-path>
<deployment-order>195</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<admin-server-name>AdminServer</admin-server-name>
- <jdbc-system-resource>
<name>jdbc/registryDS</name>
<target>osr_server1</target>
<descriptor-file-name>jdbc/registry-20121119171422-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
</domain>

802.1x ACS RSA Secure ID/Safeword Token server

Hello, We are trying to impliment wireless scurity in our network. We want to issue badges with attached tokens so clients can come into our office and login to our wireless network, They would then be prompted for their login and password which would be their Badge ID an their token credentials.
We are using an airespace wireless security device, We specify ACS as the 802.1x radius server. Airespace is sending the requests to ACS just fine but ACS does not seem to like what it's seeing. We also imported a custom VSA vendor file for the airespace wireless security device. The log below reflects this.
We have tested by creating local ACS users, and authentication works and we can get onto our network. But when we specify the AAA servers as our Radius Token Server, Set the unknown user DB to that Server and test auth, We are not granted permission to our WLAN. It's as if Cisco does not recognize the PEAP auth information and rejects it by default. We ARE required to get this working with XPSP1, as we would hate to have to install software on every clients laptop.
A wireless client of ours DID work when we specified EAP-GTC on the client side, But it will never work when we specify PEAP on the client side, We never seem to see communications from ACS to our Safeword token server regardless of what we do(including the successful EAP-GTC login). Our radius strings are correct etc. Safeword is listening on 1812, But also has protols EASSP-1/2 listening on ports we have set manually(are these relevant to our needs?)
The failed attempts log show "External DB Auth Failed"
Here is a snip of the CSRadius/RDS.log when we try to auth, when we sniff traffic we see the eap request and the radius reject on the wire, but we never see ACS ask the token server. If anyone can make any suggestions on how we could troubleshoot further/test or make forward progress in any way please do. Thank you all in advance.
Cisco RDS log attached.

The problem could be with your Secure ID RSA server.

ACS User database problem

I have installed an ACS 3.3 on win 2003 server and I've encountered this problem:
Durin a mudification of some user (group belongings)some of this users, have been duplicated and une of this assigned to default group.
At this time these users (default group)is not possible to delete it.
Can anyone help me?
Tranks and Regards

This appendix contains details on the Cisco Secure ACS command-line utility, CSUtil.exe. You can use CSUtil to import username, password, and group information all at once from a standard text file to back up and maintain your database.
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/apimport.htm

Fetchmail, Postfix user unknown in local recipient table

Hello all --
My fetchmail job has been failing to get mail to my mailbox with this error:
SMTP error: 450 4.1.1 <username@localhost>: Recipient address rejected: User unknown in local recipient table
(I replace my actual user name with "username")
The problem goes away temporarily if I stop and restart postfix, but it comes back almost immediately.
I'm having a hard time finding any clues in postfix's log. I'm not too sure what to look for, and it's pretty voluminous!
Any suggestions?

AlanNYC wrote:
If I turn off local recipient checking, will I actually get my mail?
Yes, all email properly addressed should be delivered to you without problems.
The line only affects improperly addressed email, in this case allowing them to be accepted instead of rejected.
Since you are running Spamassassin and an IMAP server, I suggest also using the line
luser=[email protected]
which will send all improperly addressed mail to the address specified by "[email protected]". This is what I meant by "catch-all" address.
If you find postfix giving you problems after adding the lines, simply delete them or comment them out by adding a hash mark to the front of the line, e.g.
#localrecipientmaps =
Alternatively, you can simply make no changes and allow the log messages to accumulate. The messages mean that postfix is doing its job by rejecting email addressed to users that don't exist. The above steps allow you to receive mail addressed to [email protected], where "anything" is any string allowed in an email address.
I assume you're testing your changes using a separate email account, but in case you're not: sign up for a free email account with any of a number of free email services (Gmail, Yahoo) and test your postfix install as you make changes using the free account.

ACS 4.0 and RSA Token Server problem

Hi,
We are having a problem trying to get ACS 4.0 for Windows to authenticate wireless users on an RSA Token server.
Our Cisco 1200 series AP is configured for WPA2 and LEAP authentication. It points at the ACS server for RADIUS authentication. Now this works fine for users with a static password defined on the ACS internal database. However, for obvious security reasons, we?d like the authentication passed to our internal RSA server.
I have installed the RSA Agent on the same server as the ACS along (after adding the generated sdconf.rec file to the System32 folder). The RSA server has been added to the ACS external databases and a user configured to use the RSA Token server for password.
When we try to authenticate, the ACS fails the attempt with reason ?External DB password invalid?. The same user can successfully authenticate when using the RSA test authentication tool which is installed on the ACS server as part of the RSA Agent software.
After running some debugs on a PIX in front of the servers, I can see traffic to/from the servers when using the test tool (which works), however it looks like ACS doesn?t even send traffic to the RSA server when authenticating.
Any help or advice appreciated.
Thanks

Hi,
The token servers only support PAP. Please make sure that the request are going to the RSA in PAP.
Following link talks about the same.
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs40/user/o.htm#wp824733
Regards,
~JG

Help with "Admin user requires valid username and password" on fms2_console.swf page

Just installed FMS2 on Debian (etch, 2.16.5-1 kernel). When I
connect to localhost:1111/fms2_console.swf and get the infamous XML
output which includes the text, "Admin user requires valid username
and password." The *.xml and *.ini files haven't been touched after
installation. All four daemons (fmsedge, fmsmaster, fmscore,
fmsadmin) are running and listening on the correct ports.
Any tips? (I'm sure this is easy to solve...)
Thanks.

Hi,
FMIS 4.5 does not accept plain text password. Encrypt=false is no longer supported. See here for more information : http://help.adobe.com/en_US/flashmediaserver/configadmin/WS5b3ccc516d4fbf351e63e3d119f2926 bcf-7fed.html#WS5b3ccc516d4fbf351e63e3d119f2926bcf-7e91
The value for SERVER.ADMIN_PASSWORD needs to be the encrypted string for your password. That should solve your problem.
Hope this helps.
Thanks,
Apurva

Recipient address rejected: User unknown in relay recipient table

Running GW 7.0.3 on NW 6.5.6. Can anyone tell me if this is my problem or if it is the recipients system. Other email to the same domain goes through.
Thanks,
Bill

On 1/20/2010 10:05 AM, [email protected] wrote:
> The email was sent to 2 individuals at sl*****, but only one went out
> without error.
> 14:05:00 210 MSG 280915 Processing inbound message:
> SHINET/MAIL:\PPCINET\WPGATE\GWIA\receive\006705B4.888
> 14:05:00 210 MSG 280915 Sender: M*************@pubpress.com
> <mailto:M*************@pubpress.com>
> 14:05:00 210 MSG 280915 Recipient: p****@pubpress.com
> <mailto:p****@pubpress.com>
> 14:05:00 210 MSG 280915 Recipient: k****@pubpress.com
> <mailto:k****@pubpress.com>
> 14:05:00 210 MSG 280915 Recipient: c*****@slackinc.com
> <mailto:c*****@slackinc.com>
> 14:05:00 210 MSG 280915 Recipient: a*****@slackinc.com
> <mailto:a*****@slackinc.com>
> 14:05:00 210 MSG 280915 Building message: sb50760c.152
> 14:05:00 210 Recipient: a*****@sl*****.com <mailto:a*****@sl*****.com>
> 14:05:00 210 Recipient: c*****@sl*****.com <mailto:c*****@sl*****.com>
> 14:05:00 210 MSG 280915 Queuing to MTA
> 14:05:01 383 DMN: MSG 280917 Send Failure: 550 5.1.1
> <a*****@slackinc.com <mailto:a*****@slackinc.com>>: Recipient address
> rejected: User unknown in relay recipient table
> 14:05:16 109 MSG 280934 Analyzing result file:
> SHINET/MAIL:\PPCINET\WPGATE\GWIA\result\rb50760c.152
> 14:05:16 109 MSG 280934 Detected error on SMTP command
> 14:05:16 109 MSG 280934 Command: RCPT TO:<a*****@sl*****.com
> <mailto:a*****@sl*****.com>>
> 14:05:16 109 MSG 280934 Response: 550 5.1.1 <a*****@sl*****.com
> <mailto:a*****@sl*****.com>>: Recipient address rejected: User unknown
> in relay recipient table
> 14:05:16 109 Building undeliverable message
> 14:05:16 109 MSG 280934 Building message: sb50761c.155
>
> >>> Massimo Rosen<[email protected]> 1/20/2010 11:28:AM >>>
> Hi,
>
> > "[email protected]" wrote:
> >
> > Running GW 7.0.3 on NW 6.5.6. Can anyone tell me if this is my
> > problem or if it is the recipients system. Other email to the same
> > domain goes through.
>
> Impossible to say without more details, precisely GWIA logs. The only
> way how this could be a problem on your side is if GWIA is talking to
> the wrong server. That has been a problem in the past occasionally, and
> is often DNS related, e.g could be a problem of the OS even. Of course,
> in that regard, SP6 for NW65 is old. I'd suggest to install SP8 anyways.
>
> CU,
> --
> Massimo Rosen
> Novell Product Support Forum Sysop
> No emails please!
> http://www.cfc-it.de
>
>
The rejection seems to be on their side.

WBM User Unknown - firewall config change

In my Security Log I have been seeing a strange message that keeps appearing, see below.
I have no idea what this is or if this is someone hacking my router or if a virus is on my computer. It has appeared even during times when my computer has been turned off. I have my firewall set at max security and changed my password. Even after changing my password this appeared. Not sure what this is or what to do about it but I am very concerned.
Firewall Setup Configuration change
WBM user Unknown (0.0.0.0) has changed security settings[repeated 5 times, last time on Aug 25 03:00:26 2010]

This explanation was given by Actiontec (they build the router for Verizon)
Product:MI424WR (Rev. I) - Wireless Broadband Router
Incident Summary
=========================
Since Verizon can't answer this question I would like to know for the
people who built this router.
Verizon Actiontec MI242WR (not sure of Rev)
firmware 40.19.36
Why do I get this log security event every day?
mmm dd hh:mm:ss yyyy
Firewall Setup Configuration change WBM user Unknown (0.0.0.0) has
changed security settings
=========================
Resolution:
=========================
Each and every day, Verizon has a server that makes contact with your
router to check its firmware.
No changes are made to your router however, it simply checks the router
to make sure the firmware is up to date and this generates a log entry.
=========================

Postifx user unknown in local recipient table

Good morning --
My fetchmail job has been failing to get mail to my mailbox with this error (presumably from Postfix):
SMTP error: 450 4.1.1 <username@localhost>: Recipient address rejected: User unknown in local recipient table
(I replaced the actual user name with "username")
I'm not sure what to make of this. "username" definitely exists -- I just su'd into his account and ran the fetchmail job that gave me the error.
The problem goes away if I stop and restart postfix, but it seems to come back pretty consistently (I haven't had a chance to figure out the precise timing).
Any suggesitons?

Thanks, Mihalis.
I do not us su -l -- just plain old su. And echo $USER returns the correct user (that is, the one I su'd into).
I don't think the problem is fetchmail. It's the same result whether I run it from the prompt ("fetchmail -v") or from the user's cron.
The problem resolves temporarily if I restart postfix, but it returns within a few cycles (the cron job runs every three minutes.
The error message repeats itself for each mail item that fetchmail parses. Here's the last bit of a fetchmail's results:
fetchmail: SMTP> RSET
fetchmail: SMTP< 250 2.0.0 Ok
fetchmail: not flushed
fetchmail: POP3> LIST 12
fetchmail: POP3< +OK 12 4337
fetchmail: POP3> RETR 12
fetchmail: POP3< +OK 4337 octets follow.
fetchmail: reading message [email protected]@mail.XX.com:12 of 12 (4337 octets)
fetchmail: SMTP> MAIL FROM:<[email protected]> SIZE=4337
fetchmail: SMTP< 250 2.1.0 Ok
fetchmail: SMTP> RCPT TO:<XX@localhost>
fetchmail: SMTP< 450 4.1.1 <XX@localhost>: Recipient address rejected: User unknown in local recipient table
fetchmail: SMTP error: 450 4.1.1 <XX@localhost>: Recipient address rejected: User unknown in local recipient table
fetchmail: SMTP> RSET
fetchmail: SMTP< 250 2.0.0 Ok
...fetchmail: not flushed
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Bye-bye.
fetchmail: SMTP> QUIT
fetchmail: SMTP< 221 2.0.0 Bye
fetchmail: 6.3.8 querying mail.XX.com (protocol POP3) at Mon, 21 Jan 2008 18:58:12 -0500 (EST): poll completed
fetchmail: normal termination, status 0

How to bind ACS users to only one SSID?

Hello!
I have ACS 4.2 and AP 1240. I`m use two SSID - guest and user. Guest ssid must use PEAP authentication, user ssid must use EAT-TLS authentication (acs user local database). All work correctly. But when i create user for EAP-TLS, i`m create with username of DN certificate and some password. And somebody can use DN as username and password for PEAP authentication for ssid Guest and ssid Users.
How can i make for ssid guest that work only PEAP authentication and for ssid work only EAP-TLS authentication?

Are you using autonomous or lightweight AP's? If you have a controller you could setup the Radius attributes to specify which WLAN the user can authenticate to.
Another option would be to setup dynamic VLAN assignment. This would work for either type of AP. The user might still be able to authenticate to either WLAN but after passing authentication they would be dumped into the VLAN you define.
http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42sol.html#wp1086421

Admin Console - Admin user requires valid username and password

I am running FMIS4.5 on CentOS5.5
FMIS is running and I can connect via Flash Media Encoder.
Web displays and admin console :1111 gives xml output, however
When using the user & password in my xml files to login (testing with ping), I get the "Admin user requires valid username and password" error.
conf/fms.ini:
# fms.ini contains substitution variables for Flash Media Server          #
# configuration files. Lines beginning with '#' are considered comments. #
# A substitution variable is in the form <name>=<value>. Everything up to #
# the first '=' is considered the name of the substitution variable, and #
# everything after the first '=' is considered the substitution value. If #
# you want a substitution variable to have leading or trailing spaces,    #
# enclose the value around double quotes. For example, foo=" bar "        #
# This section contains configurable parameters in Server.xml #
# Username for server admin
# For example:
#    SERVER.ADMIN_USERNAME = foo
SERVER.ADMIN_USERNAME = Admin
SERVER.ADMIN_PASSWORD = str34m1ng
# IP address and port Flash Media Admin Server should listen on
# For example:
#    SERVER.ADMINSERVER_HOSTPORT = :1111
SERVER.ADMINSERVER_HOSTPORT = :1111
# User id in which to run the process (Linux Only)
# For example:
#    SERVER.PROCESS_UID = 500
SERVER.PROCESS_UID = 500
# Group id in which to run the process (Linux Only)
# For example:
#    SERVER.PROCESS_GID = 500
SERVER.PROCESS_GID = 500
# License key for Flash Media Server
# For example:
#    SERVER.LICENSEINFO = XXXX-XXXX-XXXX-XXXX-XXXX-XXXX
SERVER.LICENSEINFO = #SORRY YOU DON'T GET TO SEE THIS#
# LIVE_DIR denotes the full path of sample "Live" application's
# folder for storing any live stream recorded by server.
# For example:
#    LIVE_DIR = <FMS_Installation_Dir>\applications\live
LIVE_DIR = /opt/adobe/fms/applications/live
# VOD_COMMON_DIR denotes the full path of sample "VOD" application's
# folder for storing onDemand and Progressive Download .flv/.mp3 files.
# File stored in this folder can be streamed and are also PD-able.
# Note : If you are using the default installation of Apache as a webserver,
# and if you modify VOD_COMMON_DIR, please change the document root
# accordingly in httpd.conf.
# For example:
#    VOD_COMMON_DIR = <FMS_Installation_Dir>\webroot\vod
VOD_COMMON_DIR = /opt/adobe/fms/webroot/vod
# VOD_DIR denotes the full path of sample "VOD" application's
# folder for storing onDemand only .flv/.mp3 files. Files stored in
# this folder are not PD-able
# For example:
#    VOD_DIR = <FMS_Installation_Dir>\applications\vod\media
VOD_DIR = /opt/adobe/fms/applications/vod/media
# The maximum size of the FLV cache, in megabytes.
# The default is 500MB.
SERVER.FLVCACHE_MAXSIZE=500
# Whether to start and stop the included HTTP server along
# with FMS.
SERVER.HTTPD_ENABLED = true
# This section contains configurable parameters in Adaptor.xml #
# Application directory for the virtual host
# For example:
#    VHOST.APPSDIR = C:\myapps
VHOST.APPSDIR = /opt/adobe/fms/applications
VHOST.ALLOW = all
# This section contains configurable parameters in Application.xml #
# List of semi-colon delimited paths in which to search for script to load
# For example:
#    APP.JS_SCRIPTLIBPATH = C:\scripts;C:\Program Files\Foo\scripts
APP.JS_SCRIPTLIBPATH = /opt/adobe/fms/scriptlib
# This section contains configurable parameters in Logger.xml #
LOGGER.LOGDIR =
# This section contains configurable parameters in Users.xml #
# Enable or disable using HTTP requests to execute admin commands.
# Set to "true" to enable, otherwise it will be disabled. The
# actual commands permitted for server admin and virtual host admin
# users can be set in Users.xml.
USERS.HTTPCOMMAND_ALLOW = true
Users.xml:
<Root>
    <UserList>
        
        <User name="${SERVER.ADMIN_USERNAME}">
            
            <Password encrypt="false">${SERVER.ADMIN_PASSWORD}</Password>
            
            
            
            
            
            <Allow>All</Allow>
            
            
            
            
            
            <Deny></Deny>
            
            
            
            
            <Order>Allow,Deny</Order>
        </User>
        <User name="janedoe">
                <Password encrypt="false">S4mpl3P4ss</Password>
                <Allow></Allow>
                <Deny></Deny>
                <Order>Allow,Deny</Order>
        </User>
    </UserList>
    <AdminServer>
        <HTTPCommands>
            
            
            
            
            
            
            
            <Allow>ping</Allow>
            
            
            
            <Deny>All</Deny>
            
            
            
            
            
            <Order>Deny,Allow</Order>
        </HTTPCommands>
    </AdminServer>
</Root>
Output on :1111/admin/ping?auser=Admin&apswd=str34m1ng :
<result>
<level>error</level>
     <code>NetConnection.Connect.Rejected</code>
     <description>Admin user requires valid username and password.</description>
     <timestamp>Thu 17 May 2012 11:33:43 AM EDT</timestamp>
</result>
Connections do not work from both localhost and external connections and the fms_adminConsole.htm (.swf) fails as well.
Any assistance is appreciated!

Hi,
FMIS 4.5 does not accept plain text password. Encrypt=false is no longer supported. See here for more information : http://help.adobe.com/en_US/flashmediaserver/configadmin/WS5b3ccc516d4fbf351e63e3d119f2926 bcf-7fed.html#WS5b3ccc516d4fbf351e63e3d119f2926bcf-7e91
The value for SERVER.ADMIN_PASSWORD needs to be the encrypted string for your password. That should solve your problem.
Hope this helps.
Thanks,
Apurva

SL mail (status=bounced (User unknown in virtual alias table))

Hello
I have setup mail with 6 locally hosted virtual domains. I created shortnames on workgroup manager with the complete address for the user. After some good results i start getting "status=bounced (User unknown in virtual alias table)". Also the shortname (with the domain name) created for the first virtual host name becomes grey ( like the default )
If i only setup one virtual domain everything works great, but with more than one it starts sending this message in the smtp log.
i dont know if this got something to do with the fact that my host name is mail.example.com and my domain name is example.com.
Hope someone can help me

I'm have the exactly this issue on a new SL server mac-mini. Someone help!

ACS user unknown though username in Server

Similar Messages

Maybe you are looking for