Authentication fails in Accounts in SysPrefs

In the Accounts panel in System Preferences, I click the padlock on the lower left to make changes. The label changes to "Authenticating..." and then returns to the state it was just in, namely "Click the lock to make changes" without opening any login & password window. The padlock stays locked.
I cannot make changes to accounts, and also cannot install any software/updates because that also requires authentication. Authentication has only stopped in the last day or so.
A patch or upgrade will not solve the problem, because those all require authentication (which is the problem). I suspect either a Unix fix or a reinstall coming on. Has anyone had this problem and know of a fix?

Zlig, I've tried those maintenance tasks without any joy.
As I play, I have found another aspect of the problem. If I launch a boot camp partition in VMware Fusion, it asks for authentication. Once authentications works for that, I can click the padlock in the Accounts pane of System Preferences (as when all worked normally). If I then shutdown & restart the machine, so that boot camp is no longer running, the problem returns. Strange.

Similar Messages

Tacacs authentication fails for one user account for only one switch

Hi,
I am having an scenario, where as Tacacs authentication fails for one user account for only one switch.
The same user account works well for other devices.
The AAA configs are same on every devices in the network.
Heres the show tacacs output from the switch where only one user account fails;
              Socket opens:        157
             Socket closes:        156
             Socket aborts:        303
             Socket errors:          1
           Socket Timeouts:          2
   Failed Connect Attempts:          0
        Total Packets Sent:       1703
        Total Packets Recv:       1243
          Expected Replies:          0
What could be the reason ?
No errors on ACS server; same rights had been given to the user account.
Thanks to advise.
Prasey

Hi there,
Does the user get authenticated in the ACS logs?
reports and activity----> failed attempts
ro
reports and activity-----> passed authentications
That will help narrow it down.
Brad

Azure AAD Mobile Service Authentication with corporate accounts fails.

I have been having on-going issue with Authenticating against a Windows Azure mobile service with corporate accounts.
Here is the complete environment.
Initially we set up with Office 365 / CRM Online / and Azure for our corporate infrastructure. We have set up single sign on. Everything works well. There is ADFS set up and running to allow us to Authenticate with {username}@{companyDomainName} and everything
works, including single signon.
Along comes Azure Active directory. We have an Automatically created Azure active directory in the corporate azure account. The domain is the default created {accountname}.onmicrosoft.com domain structure. This is set as the Default directory.
We had a consultant come in, who was organized through Microsoft, to do some work. After everything was set and done we ended up with another active directory created in Azure that is named with the corporate domain name. This second domain has had all of
the corporate accounts synched to it.
I have now created an Azure Mobile Service. The service is a basic service, I haven't updated any of the code yet, except to publish the service. I have followed all of the configuration instructions for setting up the authentication.
If configure the Authentication to point at the first active directory, I am able to Authenticate against the service using the credentials for a user that has been created in that domain. The Authentication works correctly, and goes through.
However if I switch the configuration to use the second Active Directory, the one with the corporate accounts synched to it, the authentication fails. I am able to enter my corporate email address into the web page that is presented. Then the web control
started to call into the ADFS in order to authenticate the corporate user name and password. At this point the authentication fails with a message about the service not being available.
The login code is the standard:
user = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory);
The project is a Universal Application as the service needs to be available from both a phone and a desktop. The project was started from the starter project downloaded form the Mobile Service site.
# Update
I've just switched the mobile service configuration back to use the AAD with the corporate accounts synchronized. The login through the application fails. However if I log in through IE by browsing to : https://{ServiceName}.azure-mobile.net/login/aad
The authentication goes through correctly.

A few questions on the details:
What client platform are you using for login. In particular, is this a Windows Store application?
What do you mean exactly by "authentication fails?" Does an error get thrown, or does the UI just hang?
Is this being done from a domain-joined machine and/or on a machine connected to a corporate network?
We have seen an issue where some configurations of ADFS will not play nicely with Windows Store apps since the Web Authentication Broker (WAB) is based on the IE browser, and ADFS will attempt to do SSO in the special IE way instead of presenting a form,
etc. Unless the WAB is configured to handle this scenario, you will get a non-responsive UI.
Any details you can provide would be helpful.

Cisco ISE (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out)

Hi,
I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.
Error is enclosed & here is the port configuration.
Port Configuration.
interface GigabitEthernet0/2
switchport access vlan 120
switchport mode access
switchport voice vlan 121
authentication event fail action next-method
authentication event server dead action reinitialize vlan 120
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 60
spanning-tree portfast
ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
switchport access vlan 120
switchport mode access
switchport voice vlan 121
authentication event fail action next-method
authentication event server dead action reinitialize vlan 120
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 60
spanning-tree portfast
ip dhcp snooping limit rate 30
Please help.

The error message means that Active Directory server Reject the authentication attempt
as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
Event Logs why did the user account got locked.
Under Even Viewers, You can find it out
Regards
Minakshi (Do rate the helpful posts)

Sconadm timeout - Sun On-line Account authentication failed.

Hello,
I run Solaris 10 5/08 s10x_u5wos_10 X86.
and the registration timeout. See below the basicreg.log
I copy the commands i used. and the output. I also run the suc.sh script and post in the end.
#ping 82.98.86.176
82.98.86.176 is alive
#sconadm register -a -r regfile
sconadm is running
Authenticating user ...
Sun On-line Account authentication failed
failed registration!
telnet cns-transport.sun.com 443
Trying 198.232.168.137...
traceroute to cns-transport.sun.com (198.232.168.137), 30 hops max, 40 byte packets
1 172.30.168.254 (172.30.168.254) 0.409 ms 0.241 ms 0.147 ms
2 125-230-64-254.dynamic.hinet.net (125.230.64.254) 2.334 ms 77.107 ms 1.457 ms
3 tc-kk-t64-2.router.hinet.net (168.95.149.78) 0.937 ms 1.112 ms 0.867 ms
4 220-128-17-98.HINET-IP.hinet.net (220.128.17.98) 1.246 ms tc-c12r12.router.hinet.net (220.128.17.158) 1.252 ms 1.138 ms
5 tp-crs11.router.hinet.net (220.128.2.10) 4.423 ms 4.281 ms 15.803 ms
6 220-128-4-29.HINET-IP.hinet.net (220.128.4.29) 5.076 ms 4.274 ms 4.034 ms
7 r02-s2.tp.hinet.net (220.128.4.38) 16.038 ms 4.358 ms 4.359 ms
8 r12-pa.us.hinet.net (211.72.108.121) 142.842 ms 150.936 ms 142.567 ms
9 r11-pa.us.hinet.net (202.39.83.193) 143.152 ms 142.800 ms 142.830 ms
10 206.111.12.165.ptr.us.xo.net (206.111.12.165) 142.651 ms 142.925 ms 142.852 ms
11 te-11-0-0.rar3.sanjose-ca.us.xo.net (207.88.12.69) 144.081 ms 144.510 ms 144.974 ms
12 207.88.14.117.ptr.us.xo.net (207.88.14.117) 218.322 ms 218.461 ms 217.083 ms
13 207.88.14.118.ptr.us.xo.net (207.88.14.118) 218.363 ms 217.950 ms 218.103 ms
14 207.88.183.54.ptr.us.xo.net (207.88.183.54) 214.827 ms 214.479 ms 216.544 ms
15 border7.te2-2-bbnet2.wdc002.pnap.net (216.52.127.87) 214.862 ms 215.908 ms 214.832 ms
16 seven-6.border7.wdc002.pnap.net (216.52.125.250) 214.658 ms 214.440 ms 214.558 ms
17 * * *
18 * * *
# cat basicreg20081024111737681.log
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicReg loadPropertiesFromHomeDir
INFO: properties file loaded from the default config.properties
24.10.2008 11:17:48 com.sun.scn.util.Utils getLocalHostNames
INFO: get hostname 82.98.86.176
24.10.2008 11:17:48 com.sun.scn.util.Utils getLocalHostNames
INFO: first returned hostname 82.98.86.176
24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
INFO: SCNNetworkProxyConfigMBean.setHost() = null
24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
INFO: SCNNetworkProxyConfigMBean.setPort() = null
24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
INFO: SCNNetworkProxyConfigMBean.setUser() = null
24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
INFO: SCNNetworkProxyConfigMBean.setPassword() = null
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
INFO: userName = [email protected]
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
INFO: password = *****
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
INFO: hostName =
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
INFO: portalEnabled =false
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI run
INFO: Authenticating user ...
24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter getSCNClientSession
INFO: CREATING SCNClientSession
24.10.2008 11:25:18 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter loginAccount
SCHWERWIEGEND: Error: login account exception: Connection refused to host: 82.98.86.176; nested exception is:
java.net.ConnectException: Connection timed out
24.10.2008 11:25:18 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter loginAccount
SCHWERWIEGEND:
com.sun.scn.jmx.impl.UISClientLoginModule.login(UISClientLoginModule.java:151)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
javax.security.auth.login.LoginContext.login(LoginContext.java:575)
com.sun.scn.jmx.impl.UISClientLogin.login(UISClientLogin.java:201)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)
javax.management.StandardMBean.invoke(StandardMBean.java:323)
com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:203)
com.sun.cacao.agent.DispatchInterceptor.invoke(DispatchInterceptor.java:736)
com.sun.cacao.agent.auth.impl.AccessControlInterceptor.invoke(AccessControlInterceptor.java:618)
com.sun.jdmk.JdmkMBeanServerImpl.invoke(JdmkMBeanServerImpl.java:764)
com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.invoke(InstrumDefaultForwarder.java:106)
javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1410)
javax.management.remote.rmi.RMIConnectionImpl.access$100(RMIConnectionImpl.java:81)
javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1247)
java.security.AccessController.doPrivileged(Native Method)
javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1350)
javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:784)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
sun.rmi.transport.Transport$1.run(Transport.java:153)
java.security.AccessController.doPrivileged(Native Method)
sun.rmi.transport.Transport.serviceCall(Transport.java:149)
sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:466)
sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:707)
java.lang.Thread.run(Thread.java:595)
24.10.2008 11:25:18 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter getLoginResult
INFO: SCN Fault: Connection refused to host: 82.98.86.176; nested exception is:
java.net.ConnectException: Connection timed out
24.10.2008 11:25:18 com.sun.cns.basicreg.BasicRegCLI run
SCHWERWIEGEND: Sun On-line Account authentication failed
#sh suc.sh
User: root
Logname: root
Freitag, 24. Oktober 2008 11:48 Uhr CST
xxx
smpatch settings:
patchpro.backout.directory - ""
patchpro.baseline.directory - /var/sadm/spool
patchpro.download.directory - /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source - https://getupdates1.sun.com/
patchpro.patchset - current
patchpro.proxy.host - ""
patchpro.proxy.passwd **** ****
patchpro.proxy.port - 8080
patchpro.proxy.user - ""
smpatch analyze:
Failure: Cannot connect to retrieve detectors.jar: This system is currently unregistered and is unable to retrieve patches from the Sun Update Connection. Please register your system using the Update Manager, /usr/bin/updatemanager or provide valid Sun Online Account(SOA) credentials.
Sun UC patch revision:
120336-04
121082-06
121119-13
121454-02
123004-03
123006-07
123631-03
123896-04
124187-07
Solaris release:
Solaris 10 5/08 s10x_u5wos_10 X86
Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 24 March 2008
Solaris Kernel: Generic_127128-11
Machine Type: i86pc
Platform: i86pc
Java -version:
java version "1.5.0_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
Cacao Java version:
java-home=/usr/jdk/jdk1.5.0_14
Software Cluster:
CLUSTER=SUNWCall
All ccr properties:
Property not defined: 18
18:
cns.assetid:
cns.br.SunUCenabled:
true
cns.ccr.keyGenPath:
/usr/lib/cc-ccr/bin/ccrKeyGen
cns.clientid:
cns.httpproxy.auth:
cns.httpproxy.ipaddr:
cns.httpproxy.port:
cns.regtoken:
cns.security.password:
cns.security.privatekey:
cns.security.publickey:
cns.swup.UMautolaunch:
false
cns.swup.autoAnalysis.enabled:
true
cns.swup.checkinInterval:
2
cns.swup.lastCheckin:
0
cns.swup.patchbaseline:
current
cns.swup.regRequired:
true
cns.transport.serverurl:
patchsvr not installed.
Sun UC package status:
SUNWbreg not installed
SUNWdc not installed
Edited by: Denis_Theinert on Oct 24, 2008 4:13 AM

I could connect all of this hosts without problems.
# telnet sun.com 80
Trying 72.5.124.61...
Connected to sun.com.
Escape character is '^]'.
^CConnection to sun.com closed by foreign host.
# telnet cns-services.sun.com 443
Trying 198.232.168.133...
Connected to cns-services.sun.com.
Escape character is '^]'.
^CConnection to cns-services.sun.com closed by foreign host.
# telnet getupdates1.sun.com 443
Trying 198.232.168.136...
Connected to getupdates1.sun.com.
Escape character is '^]'.
^CConnection to getupdates1.sun.com closed by foreign host.
# telnet a248.e.akamai.net 443
Trying 60.254.154.75...
Connected to a248.e.akamai.net.
Escape character is '^]'.
^CConnection to a248.e.akamai.net closed by foreign host.
#

TS1424 ı bought the newsweek subscription and couldnt verify the mail so now when ı try to login my account it says authentication failed. ı took the bill so what will ı do now?

ı bought the newsweek magazine subscription and couldnt verify the mail so now when ı try to sign in my account it says authentication failed. ı took the bill so what will ı do now? How will I enter and download my magazine. thanks

ı bought the newsweek magazine subscription and couldnt verify the mail so now when ı try to sign in my account it says authentication failed. ı took the bill so what will ı do now? How will I enter and download my magazine. thanks

BO XI 3.1 : Active Directory Authentication failed to get the Active Directory groups

Dear all
        In our environment, there are 2 domain (domain A and B); it works well all the time. Today, all the user belong to domain A are not logi n; for user in domain B, all of them can log in but BO server response is very slowly. and there is error message popup when opening Webi report for domain B user. Below are the error message:
       " Active Directory Authentication failed to get the Active Directory groups for the account with ID:XXXX; pls make sure this account is valid and belongs to an accessible domain"
      Anyone has encountered similar issue?
   BO version: BO XI 3.1 SP5
   Authenticate: Windows AD
Thanks and Regards

Please get in touch with your AD team and verify if there are any changes applied to the domain controller and there are no network issues.
Also since this is a multi domain, make sure you have 2 way transitive forest trust as mentioned in SAP Note : 1323391 and FQDN for Directory servers are maintained in registry as per 1199995
http://service.sap.com/sap/support/notes/1323391
http://service.sap.com/sap/support/notes/1199995
-Ambarish-

TS4002 Can you tell me if the smtp settings have changed recently? I use me/ICloud mail with Outlook and can not receive emails but outgoing emails are no longer working. Error message is: Authentication failed because Outlook doesn't support any of the

I am able to receive messages on my IMac using Outlook but am unable to send. I've had no trouble in the past but began receiving the following messages today.
5.7.8 Bad username or password (Authentication failed).
Authentication failed because Outlook doesn't support any of the available authentication methods.
I am able to send messages using this account on my IPhone and IPad so the IMac is the only place I am having issues. Any advice?

Here are the correct settings. They have never changed since iCloud debuted a year ago.
Server information
IMAP (Incoming Mail Server) information:
Server name: imap.mail.me.com
SSL Required: Yes
Port: 993
Username: [email protected] (use your @me.com address from your iCloud account)
Password: Your iCloud password
SMTP (outgoing mail server) information:
Server name: smtp.mail.me.com
SSL Required: Yes
Port: 587
SMTP Authentication Required: Yes
Username: [email protected] (use your @me.com address from your iCloud account)
Password: Your iCloud password
Note: If you receive errors using SSL, try using TLS instead. SSL is required for both IMAP and SMTP connection with iCloud. POP is not supported by iCloud.

802.1x authentication fail

i have a juniper device linux operating system on that we have radius server configured and i am trying to integrate my WLC with that radius
i have added WLC as a host there in radius
on wlc i have configured authentication like radius ip shared secret key and done
its working i can ping radius server
also in wlc i configured on Wlan aaa allow override check box and also hited the WPA2 802.1x layer2 security and radius server option brought on top.
i also configured my windows wireless adaptor as PEAP MSCHAP v2
i am trying to connect this ssid and its asking for my AD accounts but when i enter that its not authenticating users and giving this logs.
(WiSM-slot24-1) >debug aaa events enable
(WiSM-slot24-1) >
(WiSM-slot24-1) >
(WiSM-slot24-1) >*apfMsConnTask_0: Dec 31 15:12:03.043: 00:13:e8:3e:26:bf Processing RSN IE type 48, length 22 for mobile 00:13:e8:3e:26:bf
*apfMsConnTask_0: Dec 31 15:12:03.043: 00:13:e8:3e:26:bf Received RSN IE with 0 PMKIDs from mobile 00:13:e8:3e:26:bf
*apfMsConnTask_0: Dec 31 15:12:03.043: 00:13:e8:3e:26:bf apfMsAssoStateInc
*dot1xMsgTask: Dec 31 15:12:03.044: 00:13:e8:3e:26:bf Station 00:13:e8:3e:26:bf setting dot1x reauth timeout = 1800
*dot1xMsgTask: Dec 31 15:12:03.044: 00:13:e8:3e:26:bf Sending EAP-Request/Identity to mobile 00:13:e8:3e:26:bf (EAP Id 1)
*Dot1x_NW_MsgTask_0: Dec 31 15:12:03.097: 00:13:e8:3e:26:bf Received EAPOL START from mobile 00:13:e8:3e:26:bf
*Dot1x_NW_MsgTask_0: Dec 31 15:12:03.097: 00:13:e8:3e:26:bf Sending EAP-Request/Identity to mobile 00:13:e8:3e:26:bf (EAP Id 2)
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.596: 00:13:e8:3e:26:bf Received EAPOL EAPPKT from mobile 00:13:e8:3e:26:bf
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.596: 00:13:e8:3e:26:bf Received Identity Response (count=2) from mobile 00:13:e8:3e:26:bf
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.596: 00:13:e8:3e:26:bf Audit Session ID added to the mscb: 0a8740e10000002e4efefc1c
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.596: Creating audit session ID (dot1x_aaa_eapresp_supp) and Radius Request
*aaaQueueReader: Dec 31 15:12:12.597: apfVapRadiusInfoGet: WLAN(1) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*aaaQueueReader: Dec 31 15:12:12.597: 00:13:e8:3e:26:bf Successful transmission of Authentication Packet (id 202) to 10.34.11.2:1812, proxy state 00:13:e8:3e:26:bf-00:00
*radiusTransportThread: Dec 31 15:12:12.598: ****Enter processIncomingMessages: response code=11
*radiusTransportThread: Dec 31 15:12:12.598: ****Enter processRadiusResponse: response code=11
*radiusTransportThread: Dec 31 15:12:12.598: 00:13:e8:3e:26:bf Access-Challenge received from RADIUS server 10.34.11.2 for mobile 00:13:e8:3e:26:bf receiveId = 3
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.598: 00:13:e8:3e:26:bf Processing Access-Challenge for mobile 00:13:e8:3e:26:bf
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.598: 00:13:e8:3e:26:bf Sending EAP Request from AAA to mobile 00:13:e8:3e:26:bf (EAP Id 3)
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.600: 00:13:e8:3e:26:bf Received EAPOL EAPPKT from mobile 00:13:e8:3e:26:bf
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.600: 00:13:e8:3e:26:bf Received EAP Response from mobile 00:13:e8:3e:26:bf (EAP Id 3, EAP Type 3)
*aaaQueueReader: Dec 31 15:12:12.600: apfVapRadiusInfoGet: WLAN(1) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*aaaQueueReader: Dec 31 15:12:12.600: 00:13:e8:3e:26:bf Successful transmission of Authentication Packet (id 203) to 10.34.11.2:1812, proxy state 00:13:e8:3e:26:bf-00:00
*radiusTransportThread: Dec 31 15:12:12.601: ****Enter processIncomingMessages: response code=3
*radiusTransportThread: Dec 31 15:12:12.601: ****Enter processRadiusResponse: response code=3
*radiusTransportThread: Dec 31 15:12:12.601: 00:13:e8:3e:26:bf Access-Reject received from RADIUS server 10.34.11.2 for mobile 00:13:e8:3e:26:bf receiveId = 3
*radiusTransportThread: Dec 31 15:12:12.601: 00:13:e8:3e:26:bf [Error] Client requested no retries for mobile 00:13:E8:3E:26:BF
*radiusTransportThread: Dec 31 15:12:12.601: 00:13:e8:3e:26:bf Returning AAA Error 'Authentication Failed' (-4) for mobile 00:13:e8:3e:26:bf
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.601: 00:13:e8:3e:26:bf Processing Access-Reject for mobile 00:13:e8:3e:26:bf
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.602: 00:13:e8:3e:26:bf Removing PMK cache due to EAP-Failure for mobile 00:13:e8:3e:26:bf (EAP Id 3)
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.602: 00:13:e8:3e:26:bf Sending EAP-Failure to mobile 00:13:e8:3e:26:bf (EAP Id 3)
*Dot1x_NW_MsgTask_0: Dec 31 15:12:12.602: 00:13:e8:3e:26:bf Setting quiet timer for 5 seconds for mobile 00:13:e8:3e:26:bf
*apfMsConnTask_0: Dec 31 15:12:15.319: 00:13:e8:3e:26:bf Processing RSN IE type 48, length 22 for mobile 00:13:e8:3e:26:bf
*apfMsConnTask_0: Dec 31 15:12:15.319: 00:13:e8:3e:26:bf Received RSN IE with 0 PMKIDs from mobile 00:13:e8:3e:26:bf
*dot1xMsgTask: Dec 31 15:12:15.320: 00:13:e8:3e:26:bf Sending EAP-Request/Identity to mobile 00:13:e8:3e:26:bf (EAP Id 1)
*Dot1x_NW_MsgTask_0: Dec 31 15:12:15.389: 00:13:e8:3e:26:bf Received EAPOL START from mobile 00:13:e8:3e:26:bf
*Dot1x_NW_MsgTask_0: Dec 31 15:12:15.389: 00:13:e8:3e:26:bf Sending EAP-Request/Identity to mobile 00:13:e8:3e:26:bf (EAP Id 2)
any idea to solve this problem?
or any one knows that how to configur a radius server on juniper linux operating system?
many thanks in advance

You should post on the Juniper forums regarding your policy configuration. You should stick with using a radius than just doing ldap through the wlc. Here is a link for webauth using ldap, but should get you close. Again... you should look at getting your juniper radius configuration fixed first.
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

NPS Authentication Fails (Reason 16) After Migration to 2012 R2 from 2008 R2

I'm using NPS for wired dot1x authentication and I just migrated my NPS server from 2008 R2 to 2012 R2. When I point the network switch to start using the new 2012 R2 NPS as the RADIUS server, I get authentication failures - event 6273, reason code
16. When I switch it back to the 2008 R2 server, it works fine. The two servers are configured EXACTLY the same as far as I can tell - same RADIUS client config, same connection request policies, same network policies - and it should be since I
used the MS prescribed migration process. The only thing that differs is the server's certificate name used in the PEAP setup screen.
I'm using computer authentication only, so everything is based on computer accounts and I've selected to NOT validate server credentials on the group policy.
I've verified the shared secrets multiple times. Both servers are domain controllers.
Here is an example of the errors logged on the 2012 R2 server.
========================================
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
   Security ID:           FAITHCHURCH\youthroom$
   Account Name:           host/YOUTHROOM.faithchurch.net
   Account Domain:           FAITHCHURCH
   Fully Qualified Account Name:   FAITHCHURCH\youthroom$
Client Machine:
   Security ID:           NULL SID
   Account Name:           -
   Fully Qualified Account Name:   -
   OS-Version:           -
   Called Station Identifier:       -
   Calling Station Identifier:       44-37-E6-C0-32-CA
NAS:
   NAS IPv4 Address:       192.168.1.1
   NAS IPv6 Address:       -
   NAS Identifier:           -
   NAS Port-Type:           Ethernet
   NAS Port:           1010
RADIUS Client:
   Client Friendly Name:       Extreme X440
   Client IP Address:           192.168.1.1
Authentication Details:
   Connection Request Policy Name:   Secure Wired (Ethernet) Connections 2
   Network Policy Name:       Secure Wired (Ethernet) Connections 2
   Authentication Provider:       Windows
   Authentication Server:       Sigma.faithchurch.net
   Authentication Type:       PEAP
   EAP Type:           -
   Account Session Identifier:       -
   Logging Results:           Accounting information was written to the local log file.
   Reason Code:           16
   Reason:               Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
========================================

Hi,
Have you added the NPS server to the RAS and IAS Servers
security group in AD DS?
The NPS server needs permission to read the dial-in properties of user accounts during the authorization process.
Try to add a loal user on the NPS server, then test with the local user. If it works, it means that there is something wrong between NPS and DC.
If the issue persists, it means that the configuration between NPS and NAS is wrong.
Steven Lee
TechNet Community Support

Authentication failed

hello!
my aol email has frozen on my phone. I tried refreshing and that did not work. I deleted my email account and now when I try to restart the email account it says authentication failed (after checking incoming server settings). my friend has the same phone, her email froze last week, she refreshed it and now it works. I don't understand why mine is not working. any help or suggestions would be appreciated.

Artesianrev,
We want you to be able to enjoy using your email account on your Samsung Galaxy S4! Have you checked to make sure your email account does not have 2-step verification set up on it? http://bit.ly/1njb5e4 Are you manually entering it the server information for the email account? http://vz.to/1jZGAq6
LindseyT_VZW
Follow us on Twitter @VZWSupport

Authentication Failed to 2008 NPS from Cisco IOS VPN

I'm trying to authenticate VPN connections to a Windows 2008 NPS Radius server.
Local authentication works fine.
Here are cisco configs:
aaa new-model
aaa authentication login default local
aaa authentication login VPNauth group radius local
aaa authorization network VPNgroup local
aaa session-id common
ip radius source-interface Loopback0
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7 xxxx
crypto map VPNMAP client authentication list VPNauth
crypto map VPNMAP isakmp authorization list VPNgroup
crypto map VPNMAP client configuration address respond
crypto map VPNMAP 10 ipsec-isakmp dynamic dynmap
... other crypto commands
This is the section of the log from NPS:
Authentication Details:
    Connection Request Policy Name:    VPN
    Network Policy Name:        -
    Authentication Provider:        Windows
    Authentication Server:        x.x.x.x
    Authentication Type:        PAP
    EAP Type:            -
    Account Session Identifier:        -
    Logging Results:            Accounting information was written to the local log file.
    Reason Code:            16
    Reason:                Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
I do have PAP enabled on the Network/Connection Request Policies...
I'm stuck
Please help

Can you run a "teat aaa " command to see if the user can be authenticated successfully?
I think this might be a configuration issue on NPS. You can google it. Here is one I found, refer to "irishHam" post.
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/bfbbbae4-a280-4b3f-b214-02867b7d33e3

Authentication failed Entourage doesn't support available authentication...

I tried to set up and exchange account through Entourage. It works fine for receiving, but I cannot send through the account, I assume because I do not have a Certificated Authorization. So I tried to create a Certificate, since the help and instructions suggested such. This meant I had to create on in my Keychain.
Well nothing worked, so I decided I would cheat and just create an account to send from Entourage using my exchange email account as an alias. The down side being exchange would not capture the "Sent" messages. Oh Well, I could live with that.
This is when I started getting this error and Entourage would not send the message:
"Authentication failed because Entourage doesn't support any of the available authentication methods."
I eventually learned to go to the Keychain and try to verify the error and repair it. The error that appears on verification is:
"Item “mail.bellsouth.net” has unspecified value for port attribute"
Once the repair is executed, it shows it is repaired, but Entourage will still not send mail. So,...yes there is more...I decided to create an identical account to my working bellsouth account, that still works perfectly by the way, and the new account demonstrates the same problem and will not send, but all settlings are identical to my original POP3/SMTP account.
Help! I do not have time machine running, but that is another issues, so lets see if I can fix this first.
Thanks for whoever can come to the rescue!
BarryCuda

I believe this is a KeyChain issue, not an Entourage issue, but it is hard to tell. Can you tell? The reason I believe this is because I now cannot create an duplicate Account and have the KeyChain work properly with Entourage.
I will post there as well, but please provide some guidance if you can. Where would I post KeyChain issue? I couldn't quite find a germane Forum.
Sorry if I posted in the wrong place, but I have to start somewhere since it is not clear where the problem lies.
Thanks,
BarryCuda

Authentication failed, ADFFacesContext had not been properly released

hi,
I setup Login page through ADF security wizard in jdev 10.1.3.2 and set error page to be the same Login page. The rest of login process is same as in SRDemo: index page redirects to Welcome page, user press Start button etc.
But if the user enters wrong credentials and after he is presented with Login page again (wirh message Invalid username and password) this time enters correct credentials he is dispatched to Welcome page but connectedUser from userInfo bean is not shown on the page. I noticed this warning about ADFFacesContext not properly released on earlier request. How can I properly release this context after user enters wrong credentials?
SEVERE: [RealmLoginModule] authentication failed
Jul 24, 2007 1:26:34 PM oracle.adfinternal.view.faces.application.ViewHandlerImpl _checkTimestamp
INFO: ADF Faces is running with time-stamp checking enabled. This should not be used in a production environment. See the oracle.adf.view.faces.CHECK_FILE_MODIFICATION property in WEB-INF/web.xml
Jul 24, 2007 1:26:35 PM oracle.adfinternal.view.faces.webapp.AdfFacesFilterHelperImpl startFilter
WARNING: AdfFacesContext had not been properly released on earlier request.

Hi,
this seems to be a bug in ADF Security. However it should work if you set the authentication as in SRDemo, in that the first page requires authentication (protecting the root / virtual path).
ADF Security in 10.1.3.2 does allow users to work with anonymous accounts to achieve public pages (to defer authentication). So if public pages are not needed then the work around mentioned above should work
I'll try and reproduce the defect you see in JDev 10.1.3.3 and file a bug if it reprduces
Frank

Cannot access my email, Sending of password did not succeed. Authentication failed.

Was able to use my Thunderbird Mozilla email on both computers and then suddenly on both I rc'd msg that, "Sending of password did not succeed. Mail server incoming Verizon.net responded Authentication Failed".
On the computer that I use all the time, I played around with it and all of a sudden it was "fixed". No idea what I did.
Today I turned on the other computer that is only used by the Grandkids for games, etc., and received the same msg and decided it was time to fix but am not able to figure out how.

Best starting point is to remove all stored passwords for the affected accounts.
[http://kb.mozillazine.org/Menu_differences_in_Windows,_Linux,_and_Mac Tools|Options]|Security|Passwords→Saved Passwords.
Use the filter at the top to locate all entries relating to the affected account.

Authentication fails in Accounts in SysPrefs

Similar Messages

Maybe you are looking for