Command to check active radius server in the pool

Similar Messages

• Select Command Le check. Can't get the Le.

  Hello all.
  I have a question.
  I am making an applet.
  Into the Select command, I think my applet cannot get the Le data.
  The Le value has always '00' even though the select command Le value has been changed.
  First, in order to get the Le, I used the apdu.setOutgoing(), which returns Le, and then I checked the Le != 0.
  However, I think the setOutgoing() always returns '00' in my applet, and the applet does not perform the checking Le statement.
  I guess my testing environment or performing follow has a problem, but I am not sure.
  I want to hear your opinion and how to test in this case.
            short idl = apdu.setIncomingAndReceive();
            byte[] apduBuffer = apdu.getBuffer();
            short le = (short)(apdu.setOutgoing() & (short)0x00ff);
            if(apduBuffer[ISO7816.OFFSET_CLA] != CLASS_ISO)
       CardException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
            Util.arrayCopy(fileControlInformation, (short)0, transientData, TD_OFF_FILE_CONTROL_INFORMATION, (short)fileControlInformation.length);
            if((apduBuffer[ISO7816.OFFSET_P1]!=(byte)4) || ((apduBuffer[ISO7816.OFFSET_P2]!=(byte)0)))
       CardException.throwIt(ISO7816.SW_INCORRECT_P1P2);
            if((apduBuffer[ISO7816.OFFSET_LC] == (byte)0) || (idl == (short)0) || (apduBuffer[ISO7816.OFFSET_LC] != (byte)idl) || (le != (short)0))
                      CardException.throwIt(ISO7816.SW_WRONG_LENGTH);
  For example,
  00A4040007xxxxxxxxxxxxxx01<<9000
  Although wrong Le is added, the applet returns 9000.
  I know why the applet returns 9000.
  The point is how to test it correctly.
  Thank you.
  글 수정: Jin

  not really, "select application" can return whatever you like, and most applets do return something: a file control information template (fci) giving the AID and other info (for an example, try to select a card manager). That's a good practice: because you can select an application with only part of an AID, the applet usually replies with this complete AID. [tell the card: "Hello ath", she will respond "Hello, understood, but if you want to know, my full name is Athena" :) ]
  Jin, can you post your whole process() algorithm for the select command, including: how are you returning data? do you use apdu.SendBytes() ?
  if you have a contactless card it is possible that Le is always zero, because according to iso7816 zero means "all available data".
  why? because a contactless card (or a T=1 card) can return any length without prior indication, so it does not need Le.
  or it might be a bug in your javacard implementation...
  You can use apdu.SetOutgoingLength() to indicate the real length of the response, and usually the card OS (below javacard) relies on that to create a 6CXX response if there's a problem.
  A workaround can be: Read Le in the apdu buffer at the correct offset, and send a 6CXX SW yourself if you're not satisfied with it.
  I'm expecting more details from you to fully understand the problem.

• RADIUS Server - Extending the network

  I have successfully set up RADIUS running on 10.5.5. Users are able log in and all is working well (except for Windows XP clients connecting from login, but who cares about them at the moment!)
  I want to be able to extend the network. I am using Apple AirPort Extreme base stations. There is an option to extend the wireless network, but when I tick this, I lose the ability to set up with WPA Enterprise and RADIUS. If I give the networks the same SSID will this let me roam?
  Any help appreciated!

  Hallo
  I found this to help you with Windows Xp login http://www.usr.com/support/doc-popup-template.asp?url=faqs/networking/zero-confi g-radius/zero-config-radius.htm&loc=unst
  Windows XP klient på Leopard server RADIUS (AirPorts)

• Check active phone call for the user

  Good morning,
  I need to check if there is an active call ( cl_crm_ic_mcm_contact=>c_event_started ).
  How I can do that? I have the ITEMID of the contact, it is possible for example create the contact using the ITEMID and check the status of the call?
  Thanks you.
  Marco

  Hello Andrei thank you for the answer.
  Using the term "track incoming call" I mean if there is a method, like "has_current_interaction( )" that return me if there is an incoming call thata the user hasn't  answered or refuse yet (flashing buttons). This because the metod  has_current_interaction( ) return 'X' only if the user have accepted the call, I need a method that return if the call is incoming but not aswered or refused yet. I hope is more clear now the request.
  About the second request, I mean if there is a method to read which business role is used in the current session (business role IMG->Customer Relationship Management->Business Roles->Define Business Role-
  Many thanks, you help me to understand better the IC framework.
  Marc

• Can I get the Mac address in Audit logs of Active directory server for the user's machine which connect to the network/Domain

  Hello All,
  I am trying to get the information of all the user's who connect to our Domain network by signing in using the domain account. For this I am using the Windows audit group policies ( I am not sure of there is any other way). I can see when the user tries
  to login to the network there is a audit event created on the AD/DC server. I can see the Kerberos authentication and logon/logoff events in the audit events under event viewer.  
            However the info which is being populated in these events include :- Hostname, IP address, Username and so on... But I can't see the MAC address of the user machine/system. Is there any way I can
  get the Mac address of the endpoint system as its one of the important criteria for our project.
  Any inputs on this would be appreciated, incase if there is any other way other than group policies please suggest.
  Thanks,
  Kavish

  > include :- Hostname, IP address, Username and so on... But I can't see
  > the MAC address of the user machine/system. Is there any way I can get
  > the Mac address of the endpoint system as its one of the important
  > criteria for our project.
  If you use DHCP, you can query the DHCP server. There's no builtin
  method to get the MAC address directly.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Lobby User using RADIUS Server in the NCS

  Hello,
  I need to know if i can use the RADIUS to classify users such as looby and specify in these users the SSID for the guest user and the time for connection like the local database in the NCS.
  Actually i'm using the local database for lobby and i'd like to migrate to RADIUS database all these information.
  Thanks.

  Hello,
  Yes, you could use RADIUS to authenticate lobby ambassador users. But the information like default WLAN & time period can't be passed as attributes using attributes.
  As a work-around, you could create a local lobby admin account with the same username, define the lobby admin defaults locally. The user will be authenticated using RADIUS but the defaults would be picked up based on the definitions set locally in NCS.
  Ram.

• How to force the Lync Client to a specific server in the pool

  I am troubleshooting an issue and need my client to connect to a specific server in my enterprise pool.
  I have tried a host fie, I have deleted the EndpointConfiguration.CACHE file and I still cannot get my client to connect to the specific front end.
  Can anyone tell me how to do this?

  Using a host file should definitely work and I do this all the time for testing. 
  Are you using manual or automatic configuration? If it's manual then make sure that the name you specified resolves to the correct IP address by using PING.
  If you are using automatic, use NSLOOKUP to determine what hostname it's trying to connect to and repeat the above.
  This could either be sip.domain.com (as Edwin mentioned) or it could be the name of your Front End pool, depending on how it's configured.
  The other thing you might want to try if everything looks correct and if you modified your HOSTS file while Lync was open, is just to Exit and re-open the Lync client.
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
  Georg Thomas | Lync MVP
  Blog www.lynced.com.au | Twitter
  @georgathomas
  Lync Edge Port Check (Beta)
  This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Cannot register radius server in active directory

  Hi All
  What I can't do is to register the RADIUS server to the Active Directory service which is located on the same server and stand alone server same problem  (see screenshot). I've tried to do this as both domain administrator and local administrator.
  How can I fix this problem?
  IT Helpdesk

  Hi,
  Try to use netsh nps add registeredserver
  command. This command is used for adding a Network Policy Server (NPS) to the list of registered servers in Active Directory.
  The NPS server is registered in AD DS when it is added as a member of the RAS and IAS Servers security group.
  For detailed information, please view the link below:
  NPS Server Commands
  http://technet.microsoft.com/en-us/library/cc754758(WS.10).aspx#BKMK_1
  Hope this helps.
  Steven Lee
  TechNet Community Support
  Thank You  working to me ;)
  IT Helpdesk

• EAP Response frame is not always forwarded to the Radius Server when doing Full Authentications.

  We have seen issues with a Cisco 5500 and 2405 WLAN controller with older and the latest controller firmware(8.x) of not forwarding the first EAP Response frame to the radius server on 802.1x WLAN devices doing full authentications. The first EAP Response frame from the WLAN client is supposed to be forwarded to the Radius server but a Wireshark trace shows that frame is never sent by the WLAN controller. The WLAN controller does ack the first EAP Response frame but the EAP response frame when the problem occurs always seems to be a retried packet.   I do have all RRM and AP scanning turned off. This is an intermittent issue and only occurs on devices doing full authentications and does occur on multiple vendors products. This produces a 18-20 second drop-off until the station recovers by sending an EAP-Start frame and then it associates properly. Since the first EAP Response frame is never forwarded to the Radius server and the EAP Response frame is being ack’d on the retried packet, this seems to be a WLAN controller issues but I’m looking at all possibilities. Does anyone have any thoughts?
  I attached a wireless and wired trace of the issue. See the Readme.txt file in the attachment for specific information.
  Thanks in advance.

  Do you have a packet capture to see this ? If so pls attach it
  Rasika

• Doubts on Radius Server

  1. Suppose we have mutliple Radius server in a Netowrk. If primary Radius server goes down , how secondary server will come into the picture..
  2. Where can we check ,which Radius server is active (Primary or secondary Radius server)
  3. Is there any limit like one server can authenticate a number of clients?
  Thanks
  Sri

  Sri,
  1) Its the NAS that brings up secondary radius server. First it will try hitting primary radius server and if there is no response it will then try seoncdary radius.
  2) On ASA you can use this command to check the server status,
  ASA# show aaa-server protocol radius
  On IOS
  Switch#show aaa servers
  RADIUS: id 3, priority 1, host 192.168.26.119, auth-port 1645, acct-port 1646
       State: current UP, duration 151040s, previous duration 0s
       Dead: total time 0s, count 0
       Quarantined: No
       Authen: request 6, timeouts 0
               Response: unexpected 0, server error 0, incorrect 0, time 190ms
               Transaction: success 6, failure 0
       Author: request 0, timeouts 0
               Response: unexpected 0, server error 0, incorrect 0, time 0ms
               Transaction: success 0, failure 0
       Account: request 0, timeouts 0
               Response: unexpected 0, server error 0, incorrect 0, time 0ms
               Transaction: success 0, failure 0
       Elapsed time since counters last cleared: 1d17h33m
  RADIUS: id 4, priority 2, host 192.168.1.99, auth-port 1645, acct-port 1646
       State: current UP, duration 151040s, previous duration 0s
       Dead: total time 0s, count 0
       Quarantined: No
       Authen: request 0, timeouts 0
               Response: unexpected 0, server error 0, incorrect 0, time 0ms
               Transaction: success 0, failure 0
       Author: request 0, timeouts 0
               Response: unexpected 0, server error 0, incorrect 0, time 0ms
               Transaction: success 0, failure 0
       Account: request 0, timeouts 0
               Response: unexpected 0, server error 0, incorrect 0, time 0ms
               Transaction: success 0, failure 0
       Elapsed time since counters last cleared: 0m
  3) I'm not aware of any limit that can be configured on radius. But there are certain paremeters you can set up (That depends on verdor)
  Regards,
  ~JG
  Do rate helpful posts

• Radius server not returning Filter-id information to access device

  I have set up a Radius server (v. 4.15 16 april 2003) on NW65sp2 server
  and I'm trying to use it to authenticate to a Watchguard Firebox II
  firewall. The authentication functions but apparently the firewall is
  not getting (or not parsing) the Filter-Id information to assign access
  rights via groups. When I login to the firewall with "user1", the
  response is "Authenticationsucceeded, but no access grantedfor user". If
  I define "user1" on the firewall and assign it to an access policy, then
  everything works. But if I define an access group "group1" and assign
  it to an access policy on the firewall and then assign "group1" to the
  eDir Access Profile object that is assigned to "user1", (Filter-Id =
  group1) I get the above authentication succesful, but no access granted.
  Is there a way to identify exactly what information is being sent from
  the Radius server to the access device so I can determine if the problem
  is on the Novell Radius server side or the Watchguard Firewall side?
  I've activated the Radius Debug Log, but that only tells me that it
  finds all the relevant objects in eDirectory and that authentication is
  successfull, but there is no indication that any other information is
  being sent to the access device.
  As I understand it, the filer-id's are supposed to allow a link between
  the eDir user objects and what access rights are allowed on the access
  device (firewall). Essentially this is how I define group memberships on
  the firewall using eDir user. Is this assumption correct?
  The goal of course is to allow access over the firewall without having
  to type in 500 user names on the firewall.
  Any ideas or tips on what I could check or configure differently would
  be helpful. thanks
  bill reading

  thanks for the feedback. I will take a look at the thread you mentioned
  and I'll get back to you with the trace as soon as I can arrange it.
  Scott Kiester wrote:
  > There is a thread titled "RADIUS Group with VASCO Digipass" in this group
  > from November where someone else was trying to use the filter-Id attribute
  > with their firewall. The customer was able to get this attribute to working
  > after tweaking his RADIUS configuration.
  >
  > Your understanding of the filter-Id attribute is correct. Either the RADIUS
  > server is not sending this attribute for some reason, or something on your
  > firewall has been misconfigured. A good starting point would be to take a
  > sniffer trace to see if the filter-Id attribute is in the access-request
  > packet. (You can use Ethereal, which is a free download from
  > www.ethereal.com, for the trace.) Post the trace here or send it to me at
  > [email protected] and I'll take a look at it.
  >
  >
  >>>>bill reading<[email protected]> 12/07/04 8:36 AM >>>
  >
  > I have set up a Radius server (v. 4.15 16 april 2003) on NW65sp2 server
  > and I'm trying to use it to authenticate to a Watchguard Firebox II
  > firewall. The authentication functions but apparently the firewall is
  > not getting (or not parsing) the Filter-Id information to assign access
  > rights via groups. When I login to the firewall with "user1", the
  > response is "Authenticationsucceeded, but no access grantedfor user". If
  > I define "user1" on the firewall and assign it to an access policy, then
  > everything works. But if I define an access group "group1" and assign
  > it to an access policy on the firewall and then assign "group1" to the
  > eDir Access Profile object that is assigned to "user1", (Filter-Id =
  > group1) I get the above authentication succesful, but no access granted.
  > Is there a way to identify exactly what information is being sent from
  > the Radius server to the access device so I can determine if the problem
  > is on the Novell Radius server side or the Watchguard Firewall side?
  > I've activated the Radius Debug Log, but that only tells me that it
  > finds all the relevant objects in eDirectory and that authentication is
  > successfull, but there is no indication that any other information is
  > being sent to the access device.
  >
  > As I understand it, the filer-id's are supposed to allow a link between
  > the eDir user objects and what access rights are allowed on the access
  > device (firewall). Essentially this is how I define group memberships on
  > the firewall using eDir user. Is this assumption correct?
  >
  > The goal of course is to allow access over the firewall without having
  > to type in 500 user names on the firewall.
  >
  > Any ideas or tips on what I could check or configure differently would
  > be helpful. thanks
  >
  > bill reading
  >
  >

• Changing RADIUS Server

  We have an AS5300 and a Radius server. We are changing the Radius server. Besides changing the IP address of the Radius server on the AS5300, is there anything else that we need to do? Thanks.

  I dont think so, just specify the new IP and you are good to go.
  check the following example:
  aaa authentication login default group radius local
  aaa authorization exec default group radius local
  aaa authorization command 2 default group tacacs+ if-authenticated
  radius-server host 172.16.71.146 auth-port 1645 acct-port 1646
  radius-server attribute 44 include-in-access-req
  radius-server attribute 8 include-in-access-req
  So, unless you are changing port or other parameters, changing the IP will do the job.
  HTH,
  please rate all posts.
  Vlad

• Cisco ISE with both internal and External RADIUS Server

  Hi
  I have ISE 1.2 , I configured it as management monitor and PSN and it work fine
  I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously
  So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server
  I will like to know if it is possible to configure it and how I can do it ?
  Thanks in advance for your help
  Regards
  Blaise

  Cisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.
  Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.
  The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same.

• Exchange Server 2013 and RADIUS server(freeRADIUS2)

  I am a student and doing an internship. I have to test Microsoft Exchange Server 2013.
  I am using Windows Server 2012, I already installed Exchange
  Server 2013 on it and everything works as intended.
  But I couldn't find out how to configure my Windows Server 2012 in order to authenticate my mailbox users from Exchange Server 2013 with a RADIUS
  server which is not on my Windows Server 2012. I have to use their RADIUS server ( freeRADIUS2 ), the RADIUS server from
  the company where I am doing my internship.
  I already did the checklist that is on http://technet.microsoft.com/en-us/library/cc772591.aspx. I configured the NPS as
  a RADIUS proxy, because that's what I need.
  So after doing everything that is on that checklist, my question is:
  Is it possible that the Exchange Server 2013 will use my NPS which is now configured as a NPS RADIUS proxy to authenticate my mailbox users that I have on my Exchange Server 2013?

  thanks for such a quick response.
  Just a small question about the link that you put. Does member server mean other server other than domain controller?
  Regards,
  Yes, Also the server on which you are installing Exchange should have exchange installed.
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Change RADIUS Certificate or Reset RADIUS, SERVER 3.2.2

  Hi All,
  I've got an expiring self signed certificate that I was using for the RADIUS service on 10.9, server 3.2.2.
  I can figure out how to replace this certificate with our valid trusted SSL certificate for our domain.  We originally setup the RADIUS server with the instructions at https://www.yesdevnull.net/2013/10/os-x-mavericks-server-setting-up-freeradius/
  If I just try to install new certs using sudo radiusconfig -installcerts command, it just breaks the radius.
  I've also tried blowing away the radius folder inside of /Library/Server in an attempt to reset RADIUS to the factor defaults, but after reinstalling the server app, and going through the process of setting up RADIUS, it's still using the old certificate.
  Any help would be appreciated!
  Thanks

  Thanks to Charles over at Krytped, deleting the Radius folder from /Library/Server/Radius and running this command:
  sudo rm /var/db/.ServerSetupDone
  Allowed me to get Server to recreate a clean Radius set.