Help, Authentication failed

I am having a very difficult time making a simple login program work
I am using Java SDK 1.4.2_02 on a Windows 2000 host, the DS is on the same host
My Directory Server is Sun One Directory Server 5.2
I am using the JAAS package, with a JndiLoginModule
When I use a bogus uid I get a �user not found� message so I know I am contacting the DS correctly
The Access log looks like this
[09/Dec/2003:13:09:52 -0600] conn=1606 op=0 msgId=1 - BIND dn="" method=128 version=3
[09/Dec/2003:13:09:52 -0600] conn=1606 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[09/Dec/2003:13:09:52 -0600] conn=1606 op=1 msgId=2 - SRCH base="ou=people,dc=auto-trol,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
[09/Dec/2003:13:09:52 -0600] conn=1606 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[09/Dec/2003:13:09:52 -0600] conn=1606 op=2 msgId=3 - SRCH base="ou=people,dc=auto-trol,dc=com" scope=1 filter="(uid=jpsb)" attrs=ALL
[09/Dec/2003:13:09:52 -0600] conn=1606 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
[09/Dec/2003:13:09:52 -0600] conn=1606 op=3 msgId=4 - ABANDON targetop=NOTFOUND msgid=3
My config file looks like this
Sample
com.sun.security.auth.module.JndiLoginModule required debug=true
user.provider.url="ldap://localhost:4661/ou=People,dc=auto-trol,dc=com"
group.provider.url="ldap//localhost:4661/ou=Group,dc=auto-trol,dc=com";
The error I get is this:
[JndiLoginModule] user provider: ldap://localhost:4661/ou=People,dc=auto-trol,dc=com
[JndiLoginModule] group provider: ldap//localhost:4661/ou=Group,dc=auto-trol,dc=com
ldap username: jpsb
ldap password: jim
[JndiLoginModule] attemptAuthentication() failed
[JndiLoginModule] regular authentication failed
[JndiLoginModule]: aborted authentication failed
Authentication failed:
Login incorrect
A stack trace looks like this
javax.security.auth.login.FailedLoginException: Login incorrect
at com.sun.security.auth.module.JndiLoginModule.attemptAuthentication(JndiLoginModule.java:552)
at com.sun.security.auth.module.JndiLoginModule.login(JndiLoginModule.java:310)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at LoginJaas.main(LoginJaas.java:93)
It appears to me that there must be some kind password problem, I can login from the 5.2 console or switch user ids from the console so I know the user and Directory Server are OK.
Can anyone help? I�ve been pounding on this for a few days and it is getting frustrating.
Thanks in advance
Jim

Here it is along with some bat files to make and run. I can't understand why it does not work. It is mostly a slightly modified example from Sun. I'm using Sun code, a Sun Directory Server and a Sun's JndiLoginModule so why the damn thing does not work is a mystery. I have looked EVERYWHERE for a sample JAAS/LDAP Authenicate code and can't find a thing. Makes me think there isn't any and JAAS is not the way to go. I and going to try with a different DS maybe open LDP or active Directory and if that doesn't work I'll forget JAAS and use JNDI instead.
Any help would be greatly appreciated.
thanks in advance
jim
Start LoginJass.java
* @(#)LoginJaas.java
* Copyright 2001-2002 Sun Microsystems, Inc. All Rights Reserved.
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
import javax.security.auth.Subject;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import com.sun.security.auth.callback.TextCallbackHandler;
import java.security.PrivilegedAction;
* This LoginJaas application attempts to authenticate a user
* and reports whether or not the authentication was successful.
* If successful, it then sets up subsequent execution of
* code in the run method of the SampleAction class such that
* access control checks for security-sensitive operations will be
* based on the user running the code.
public class LoginJaas
 private static Subject mySubject;
 public static void main(String[] args)
 // Obtain a LoginContext, needed for authentication. Tell it
 // to use the LoginModule implementation specified by the
 // entry named "JaasSample" in the JAAS login configuration
 // file and to also use the specified CallbackHandler.
 LoginContext lc = null;
 try
 lc = new LoginContext("Sample", new TextCallbackHandler());
 catch (LoginException le)
 System.err.println("le:Cannot create LoginContext. "
 + le.getMessage());
 le.printStackTrace();
 System.exit(-1);
 catch (SecurityException se)
 System.err.println("se:Cannot create LoginContext. "
 + se.getMessage());
 se.printStackTrace();
 System.exit(-1);
 try
 // attempt authentication
 lc.login();
 catch (LoginException le)
 System.err.println("Authentication failed:");
 System.err.println(" " + le.getMessage());
 le.printStackTrace();
 System.exit(-1);
 System.out.println("Authentication succeeded!");
 // now try to execute the SampleAction as the authenticated Subject
 Subject mySubject = lc.getSubject();
 PrivilegedAction action = new SampleAction();
 Subject.doAsPrivileged(mySubject, action, null);
End LoginJass.java
Start MyCallbackHandler.java
import java.io.*;
import javax.security.auth.*;
import javax.security.auth.callback.*;
public class MyCallbackHandler implements CallbackHandler
 public void handle(Callback callbacks[]) throws IOException, UnsupportedCallbackException
 for(int i=0;i<callbacks.length;i++)
 if(callbacks[i] instanceof NameCallback)
 NameCallback nc = (NameCallback) callbacks[0];
 System.err.print(nc.getPrompt());
 System.err.flush();
 String name = (new BufferedReader(new InputStreamReader(System.in))).readLine();
 nc.setName(name);
 else
 throw(new UnsupportedCallbackException(callbacks,
 "Callback handler not support"));
End MyCallbackHandler.java
Start Sample.java
* @(#)Sample.java 1.19 00/01/11
* Copyright 2000-01 Sun Microsystems, Inc. All rights reserved.
* Copyright 2000-01 Sun Microsystems, Inc. Tous droits reserves.
import java.io.*;
import java.util.*;
import java.security.Principal;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.*;
import com.sun.security.auth.*;
* This Sample application attempts to authenticate a user
* and executes a SampleAction as that user.
* If the user successfully authenticates itself,
* the username and number of Credentials is displayed.
* @version 1.19, 01/11/00
public class Sample {
* Attempt to authenticate the user.
* 
* @param args input arguments for this application. These are ignored.
public static void main(String[] args) {
 // use the configured LoginModules for the "Sample" entry
 LoginContext lc = null;
 try {
 lc = new LoginContext("Sample", new MyCallbackHandler());
 } catch (LoginException le) {
 le.printStackTrace();
 System.exit(-1);
 // the user has 3 attempts to authenticate successfully
 int i;
 for (i = 0; i < 3; i++) {
 try {
 // attempt authentication
 lc.login();
 // if we return with no exception, authentication succeeded
 break;
 } catch (AccountExpiredException aee) {
 System.out.println("Your account has expired. " +
 "Please notify your administrator.");
 System.exit(-1);
 } catch (CredentialExpiredException cee) {
 System.out.println("Your credentials have expired.");
 System.exit(-1);
 } catch (FailedLoginException fle) {
 System.out.println("Authentication Failed");
 try {
 Thread.currentThread().sleep(3000);
 } catch (Exception e) {
 // ignore
 } catch (Exception e) {
 System.out.println("Unexpected Exception - unable to continue");
 e.printStackTrace();
 System.exit(-1);
 // did they fail three times?
 if (i == 3) {
 System.out.println("Sorry");
 System.exit(-1);
 // let's see what Principals we have
 Iterator principalIterator = lc.getSubject().getPrincipals().iterator();
 System.out.println("Authenticated user has the following Principals:");
 while (principalIterator.hasNext()) {
 Principal p = (Principal)principalIterator.next();
 System.out.println("\t" + p.toString());
 System.out.println("User has " +
 lc.getSubject().getPublicCredentials().size() +
 " Public Credential(s)");
 // now try to execute the SampleAction as the authenticated Subject
 Subject.doAs(lc.getSubject(), new SampleAction());
 System.exit(0);
End Sample.java
Start SampleAction.java
* @(#)SampleAction.java 1.4 00/01/11
* Copyright 2000-01 Sun Microsystems, Inc. All rights reserved.
* Copyright 2000-01 Sun Microsystems, Inc. Tous droits reserves.
import java.io.File;
import java.security.PrivilegedAction;
* This is a Sample PrivilegedAction implementation, designed to be
* used with the Sample application.
* @version 1.4, 01/11/00
public class SampleAction implements PrivilegedAction {
* This Sample PrivilegedAction performs the following operations:
* <ul>
* <li> Access the System property, java.home
* <li> Access the System property, user.home
* <li> Access the file, foo.txt
* </ul>
* @return <code>null</code> in all cases.
* @exception SecurityException if the caller does not have permission
* to perform the operations listed above.
public Object run() {
 System.out.println("\nYour java.home property: "
 +System.getProperty("java.home"));
 System.out.println("\nYour user.home property: "
 +System.getProperty("user.home"));
 File f = new File("foo.txt");
 System.out.print("\nfoo.txt does ");
 if (!f.exists())
 System.out.print("not ");
 System.out.println("exist in the current working directory.");
 return null;
End SampleAction.java
Start princible/SamplePrincipal.java
package principal;
* @(#)SamplePrincipal.java 1.4 00/01/11
* Copyright 2000-01 Sun Microsystems, Inc. All rights reserved.
* Copyright 2000-01 Sun Microsystems, Inc. Tous droits reserves.
import java.security.Principal;
* This class implements the <code>Principal</code> interface
* and represents a Sample user.
* Principals such as this <code>SamplePrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* @version 1.4, 01/11/00
* @see java.security.Principal
* @see javax.security.auth.Subject
public class SamplePrincipal implements Principal, java.io.Serializable {
* @serial
private String name;
* Create a SamplePrincipal with a Sample username.
* 
* @param name the Sample username for this user.
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
public SamplePrincipal(String name) {
 if (name == null)
 throw new NullPointerException("illegal null input");
 this.name = name;
* Return the Sample username for this <code>SamplePrincipal</code>.
* 
* @return the Sample username for this <code>SamplePrincipal</code>
public String getName() {
 return name;
* Return a string representation of this <code>SamplePrincipal</code>.
* 
* @return a string representation of this <code>SamplePrincipal</code>.
public String toString() {
 return("SamplePrincipal: " + name);
* Compares the specified Object with this <code>SamplePrincipal</code>
* for equality. Returns true if the given object is also a
* <code>SamplePrincipal</code> and the two SamplePrincipals
* have the same username.
* 
* @param o Object to be compared for equality with this
* <code>SamplePrincipal</code>.
* @return true if the specified Object is equal equal to this
* <code>SamplePrincipal</code>.
public boolean equals(Object o) {
 if (o == null)
 return false;
if (this == o)
return true;
if (!(o instanceof SamplePrincipal))
return false;
SamplePrincipal that = (SamplePrincipal)o;
 if (this.getName().equals(that.getName()))
 return true;
 return false;
* Return a hash code for this <code>SamplePrincipal</code>.
* 
* @return a hash code for this <code>SamplePrincipal</code>.
public int hashCode() {
 return name.hashCode();
End princible/SamplePrincipal.java
Start ample_jaas.config
/** Login Configuration for the JAAS Sample Application **/
Sample
 //SampleLoginModule required debug=true;
 com.sun.security.auth.module.JndiLoginModule required debug=true
 user.provider.url="ldap://localhost:4661/ou=People,dc=testing,dc=com"
 group.provider.url="ldap//localhost:4661/ou=Group,dc=testing,dc=com";
End Sample_jaas.config
Start sample.policy
/** Java 2 Access Control Policy for the JAAS Sample Application **/
/** Code-Based Access Control Policy for LoginJaas **/
grant codebase "file:./sample.jar
permission javax.security.auth.AuthPermission
"createLoginContext.JaasSample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission java.security.AllPermission; //darf alles
/** User-Based Access Control Policy for the LoginAction class
** instantiated by LoginJaas
grant codebase "file:./SampleAction.jar", Principal principal.SamplePrincipal "jimshi"
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "user.home", "read";
permission java.io.FilePermission "foo.txt", "read";
End sample.policy
Start makelogin.bat
REM
javac LoginJaas.java principal/SamplePrincipal.java
jar -cvf LoginJaas.jar LoginJaas.class principal/SamplePrincipal.java
REM
javac SampleAction.java
jar -cvf SampleAction.jar SampleAction.class
REM
REM javac SampleLoginModule.java
REM jar -cvf sample_module.jar SampleLoginModule.class
REM
javac Sample.java
REM jar -cvf sample.jar MyCallbackHandler.class Sample.class
javac com/sun/security/auth/module/*.java
End makelogin.bat
Start run.bat
REM java -classpath ./;SampleAction.jar;LoginJaas.jar -Djava.security.manager -Djava.security.policy=sample.policy -Djava.security.auth.login.config=sample_jaas.conf LoginJaas
java -classpath ./;SampleAction.jar;LoginJaas.jar -Djava.security.auth.login.config==D:\STUFF\LDAP\loginJim\sample_jaas.config LoginJaas
End run.bat

Similar Messages

I'm trying to connect through the FTP client Filezilla. When I try to login with the wizard, it gives me a "503 Failure of Data Connection" reply; when I attempt to login myself, it gives me a "530 Login Authentication Failed." HELP!!!

My current softward is: Mac OS X Lion 10.7.5 (11G63)
When I attempt to use the Filezilla connection wizard I get the following message:
Connecting to probe.filezilla-project.org
Response: 220 FZ router and firewall tester ready
USER FileZilla
Response: 331 Give any password.
PASS 3.7.1.1
Response: 230 logged on.
Checking for correct external IP address
Retrieving external IP address from http://ip.filezilla-project.org/ip.php
Checking for correct external IP address
IP 27.0.19.56 ch-a-bj-fg
Response: 200 OK
PREP 52470
Response: 200 Using port 52470, data token 1871898076
PORT 27,0,19,56,204,246
Response: 200 PORT command successful
LIST
Response: 150 opening data connection
Response: 503 Failure of data connection.
Server sent unexpected reply.
Connection closed
When I attempt to login Host/Username/Password myself I get the following message:
Status:          Resolving address of amyhoney.com
Status:          Connecting to 184.168.54.1:21...
Status:          Connection established, waiting for welcome message...
Response:          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:          220-You are user number 12 of 500 allowed.
Response:          220-Local time is now 04:05. Server port: 21.
Response:          220-This is a private system - No anonymous login
Response:          220 You will be disconnected after 3 minutes of inactivity.
Command:          USER 5475****
Response:          331 User 5475**** OK. Password required
Command:          PASS ********************
Response:          530 Login authentication failed
Error:          Critical error
Error:          Could not connect to server
Now before anyone points out the obvious: my username and password are correct. I've already gone through changing them so I know they are.
Additionally, I've pretty much tried EVERYTHING I've read online, from messing with "terminal" (and subsequently the FTP and STFP options) to changing the sharing options and turning on file sharing/remote management as well as just turning off my Firewall completely.
Now I've used Filezilla before when I first published my site and everything worked fine. My site is published through Wordpress so most of my editing was done through simply logging into my "wp-login." I recently changed the theme and in order to change the header image in that theme I have to do it through my "wp-content" folder, which means I need to use Filezilla. I feel like a complete moron right now considering I've had my site for about a year and can't even doing something this simple.
I've read that the newer version of Lion/Mountain Lion don't support automatice FTP anymore, which (as I mentioned prior) I attempted to fix through Terminal. However, nothing I do seem to do works.
Can someone walk me through fixing this? And I do mean 'walk me through'. I'm not a tech-savvy nerd who knows all the lingo, I just know the basics so sorry if my ignorance offends you.
HELP!!

First be sure login and password are OK. Sometimes the address starts wit "http://..." and sometime starts with "ftp://...". Try both normal FTP access and Scure FTP access (SFTP). At the end, contact the site's provider.

Authentication failed!!!!help!help!help!!

I have same error:
I am setting the smtp authentication in OCSR2 to true, after that, when ever I sent mail thru the server, it need the smtp authentication. I thought I had been successfully configure the server. But later on, when I trying to send mail to the user in the OCSr2 server(from hotmail mail), the mail was reject due to the error"authentication failed".
It seem that the authentication setting not only affect the mail relaying but also incoming mail connection. Is this true??
pls help me!!!

The JavaMail FAQ has some tips on debugging such problems.

Authentication Failed!? Can someone help please?

Hi everyone,
I'm in need of some real assistance. I have currently purchased and installed ARD 3.0 on my laptop. My girlfriend has just bought her first Mac computer - a new intel iMac. Wanting to help her remotely, I installed the client installer created by my ARD3 version. When I try to connect, it doesn't let me. It says "Authentication Failed". We even tried taking off the password to make it easier, but still nothing. I can connect by "Connect to Server" through the finder, but I just don't understand why it won't connect me through ARD. I've read a few forums about the intel problem, but I understood that problem is having ARD3 installed on the computer as in, "the master host" and not the client installer. Is that right?
Can someone tell me if I am supposed to install the whole program on the iMac I am trying to connect to or does it just have to be on my computer and everyone else gets the custom "Client Installer" I've created. In her preferences under Sharing, it doesn't show Access Privileges, where as it does on mine as I have it fully installed on mine. I am very confused and feeling like a total newbie. Any assistance would be greatly appreciated. Thank you.

Same issue here. I have 25 nodes (mix of Pmacs 2x/4x) and am trying to get imaging going as we're replacing some of the 2x with 4x, Using NetRestore and a lot of help from local experts, I've got the imaging working, but even tho the new nodes are imaged from an existing one (and then renamed), I cannot connect to them with ARD 3.0 (Authentication Failed to [node]).
The nodes are set up to get IPs based on MAC addresses from a MacOSX Server running DHCP and this part works well - they're getting the right IP #s, but not connecting via ARD. They show up in the ARD panel with the correct IP number and ARD version #, but the DNS name is missing (should be 'Q2L1.local' and is blank.)
What kind of auth is being sought? Is it trying to get kerberos authentication via the Server? That service is on and appears to be working fine, altho I could imagine that since it's running off an imaged disk, there might be some kind of auth invalidation occuring.
However, in checking the Server Open Directory logs, I see:
Jul 20 2006 11:59:31 AUTH2: {0x446d07630c6cdd5e0000000f0000000f, hjm} DHX authentication failed, SASL error -13 (password incorrect).
Jul 20 2006 11:59:31 QUIT: {0x446d07630c6cdd5e0000000f0000000f, hjm} disconnected.
Jul 20 2006 11:59:32 RSAVALIDATE: success.
Jul 20 2006 11:59:32 AUTH2: {0x446d07630c6cdd5e0000000f0000000f, hjm} DHX authentication failed, SASL error -13 (password incorrect).
Jul 20 2006 11:59:32 QUIT: {0x446d07630c6cdd5e0000000f0000000f, hjm} disconnected.
I'm logged into the server as 'hjm' but I don't have an account on the target machine (nor the image source machine which works just fine).
The above errors suggest that it's a DHX key problem, but why should it involve 'hjm' and not the user logged in, or the user trying to log in?
Incidentally, resetting the passwd for the logged in user does not work.
***? (Why The Failure?)
Harry

"invalid password "on Iweb Test. and on SEO Tool, Login Failed Login Authentication Failed, ALL SETTING ARE CORRECT HELP

I have been updating my site over the last week, using Iweb SEO TOOL, but suddenly 2 days ago I can no longer update when i go to publish it says "invalid password "on Iweb Test. and on SEO Tool, Login Failed Login Authentication Failed, the password and all settings are correct.
I am 100% sure the all the setting are correct, as it has been working for the last 7 months and I have just been updating it, then suddenly it stopped, I have all the FTP settings wrote down, and even changed the passwords twice hoping that may work to no avail.

Try the following:
delete the iWeb preference files, com.apple.iWeb.plist and com.apple.iWeb.plist.lockfile, that resides in your Home() /Library/Preferences folder.
go to your Home()/Library/Caches/com.apple.iWeb folder and delete its contents.
Click to view full size
launch iWeb and try again.
If that doesn't help continue with:
move the domain file from your Home/Library/Application Support/iWeb folder to the Desktop.
launch iWeb, create a new test site, save the new domain file and close iWeb.
go to the your Home/Library/Application Support/iWeb folder and delete the new domain file.
move your original domain file from the Desktop to the iWeb folder.
launch iWeb and try again.

Help: Form Based Authentication Failed

 Can someone from bea help me with this? We're using servlet's j_security_check to authenticate the user and from time to time, this message
 "Form based authentication failed. One of the following reasons could cause it:
 HTTP sessions are disabled.
 An old session ID was stored in the browser"
 pops out. How can we prevent this from happening?
 thanks in advanced...
 Jerson


Please see the recent thread in the Security section dealing with the same
 message. (Search on "Form based authentication failed".) There appears to
 be at least one bug in WL that causes this, although I wouldn't rule out a
 config issue.
 At any rate, the error message printed out to the console (and log) is
 stupid. Chances are your problem has nothing to do with either an old
 session ID or sessions being disabled, both of which WebLogic should be able
 to tell you for sure if they were indeed the problem.
 Peace,
 Cameron Purdy
 Tangosol, Inc.
 http://www.tangosol.com
 +1.617.623.5782
 WebLogic Consulting Available
 "Jerson Chua" <[email protected]> wrote in message
 news:3a30499c$[email protected]..
 >
 > Can someone from bea help me with this? We're using servlet's
 j_security_check to authenticate the user and from time to time, this
 message
 > "Form based authentication failed. One of the following reasons could
 cause it:
 > HTTP sessions are disabled.
 > An old session ID was stored in the browser"
 > pops out. How can we prevent this from happening?
 >
 > thanks in advanced...
 > Jerson
 >

Tacacs authentication fails for one user account for only one switch

Hi,
I am having an scenario, where as Tacacs authentication fails for one user account for only one switch.
The same user account works well for other devices.
The AAA configs are same on every devices in the network.
Heres the show tacacs output from the switch where only one user account fails;
              Socket opens:        157
             Socket closes:        156
             Socket aborts:        303
             Socket errors:          1
           Socket Timeouts:          2
   Failed Connect Attempts:          0
        Total Packets Sent:       1703
        Total Packets Recv:       1243
          Expected Replies:          0
What could be the reason ?
No errors on ACS server; same rights had been given to the user account.
Thanks to advise.
Prasey

Hi there,
Does the user get authenticated in the ACS logs?
reports and activity----> failed attempts
ro
reports and activity-----> passed authentications
That will help narrow it down.
Brad

I keep getting a notification that says "Google Talk authentication failed"...does anyone know how to get rid of this? I tried looking for it in the apps but not really sure what google talk is or how to get rid of this message that keeps popping up.

How do i get rid of the message that keeps popping up that says "google talk authentication failed"????

funwidowlady,
Good afternoon! I'm glad I can be here to help with this error. In the device this application is identified only as 'Talk', so that be more familiar to you. First I recommend opening the 'Market' app on your phone, then Menu>My Apps to see if this application requires an update. It will display a list on top of all applications that need to be updated. If nothing exists, tap 'Home' and go into 'Settings>Applications>Manage Applications>Talk, then tap 'Clear Cache' and 'Clear Data' to remove the history of that application and stop the notifications. The app will remain on your phone for future use, if you desire to take advantage of it. Read more about Google Talk here
Thank you!
AdamE_VZW
Follow us on Twitter @VZWSupport

ERROR: Ldap Authentication failed for dap during installation of iAS 6.0 SP3

I am attempting to install ias Enterprise Edition (6.0 SP3) on solaris 2.8 using typical in basesetup. I am trying to install new Directory server as I don't have an existing one.
During the installation I got the following error.
ERROR: Ldap Authentication failed for url ldap://hostname:389/o=NetScape Root user id admin (151: Unknown Error)
Fatal Slapd did not add Directory server information to config Server.
Warning slapd could'nt populate with ldif file Yes error code 151.
ERROR:Failure installing iPlanet Directory Server.
Do you want to continue: ( I entered yes )
Configuring Administration Server Segmentation fault core dumped.
Error: Failure installing Netscape Administration Server.
Do you want to continue:( I responded with yes).
And during the Extraction I got the following
ERROR:mple_bind: Can't connect to the LDAP server - No route to host
ERROR: Unable to connect to LDAP Directory Server
Hostname: hostname
Port: 389
User: cn=Directory Manager
Password: <password-for-cn=Directory Manager
Please make sure this Directory Server is currently running.
You might need to run 'stop-slapd' and then
'start-slapd' in the Directory Server home directory, in order to restart
LDAP. When finished, press ENTER to continue, or S to skip this step:
Start registering Bootstrap EJB...
javax.naming.NameNotFoundException
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled > Code)
at javax.naming.NamingException.<init>(NamingException.java:114)
at javax.naming.NameNotFoundException.<init>(NameNotFoundException.java: 48)
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
"ldaperror" 76 lines, 2944 characters
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at javax.naming.InitialContext.bind(InitialContext.java:371)
at com.netscape.server.deployment.EjbReg.deployToNaming(Unknown Source)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled Code)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled Code)
at com.netscape.server.deployment.EjbReg.run(Compiled Code)
at com.netscape.server.deployment.EjbReg.main(Unknown Source)
Start registering iAS 60 Fortune Application...
Start iPlanet Application Server
Start iPlanet Application Server
Start Web Server iPlanet-WebServer-Enterprise/6.0SP1 B08/20/200100:58
warning: daemon is running as super-user
[LS ls1] http://gedemo1.plateau.com, port 80 ready
to accept requests
startup: server started successfully.
After completion of installation, I tried to start the console. But I got the following error;
"Cant connect ot the admin server. The url is not correct or the server is not running.
Finally,when I started the admintool(iASTT),it shows the iAS1
was registered( marked with a red cross mark) and says "cant login. make sure the user
name & passwdord are correct" when i click on it.
Thanks in advance for any help
Madhavi

Hi,
Make sure that the directory server is installed first. If it is running
ok, then you can try adding an admin user, please check the following
technote.
http://knowledgebase.iplanet.com/ikb/kb/articles/4106.html
regards
Swami
madhavi korupolu wrote:
I am attempting to install ias Enterprise Edition (6.0 SP3) on
solaris 2.8 using typical in basesetup. I am trying to install new
Directory server as I don't have an existing one.
During the installation I got the following error.
ERROR: Ldap Authentication failed for url
ldap://hostname:389/o=NetScape Root user id admin (151: Unknown
Error)
Fatal Slapd did not add Directory server information to config
Server.
Warning slapd could'nt populate with ldif file Yes error code 151.
ERROR:Failure installing iPlanet Directory Server.
Do you want to continue: ( I entered yes )
Configuring Administration Server Segmentation fault core dumped.
Error: Failure installing Netscape Administration Server.
Do you want to continue:( I responded with yes).
And during the Extraction I got the following
ERROR:mple_bind: Can't connect to the LDAP server - No route to host
ERROR: Unable to connect to LDAP Directory Server
Hostname: hostname
Port: 389
User: cn=Directory Manager
Password: <password-for-cn=Directory Manager
Please make sure this Directory Server is currently running.
You might need to run 'stop-slapd' and then
'start-slapd' in the Directory Server home directory, in order to
restart
LDAP. When finished, press ENTER to continue, or S to skip this
step:
Start registering Bootstrap EJB...
javax.naming.NameNotFoundException
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled > Code)
at javax.naming.NamingException.<init>(NamingException.java:114)
at
javax.naming.NameNotFoundException.<init>(NameNotFoundException.java:
48)
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
"ldaperror" 76 lines, 2944 characters
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at javax.naming.InitialContext.bind(InitialContext.java:371)
at com.netscape.server.deployment.EjbReg.deployToNaming(Unknown
Source)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled
Code)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled
Code)
at com.netscape.server.deployment.EjbReg.run(Compiled Code)
at com.netscape.server.deployment.EjbReg.main(Unknown Source)
Start registering iAS 60 Fortune Application...
Start iPlanet Application Server
Start iPlanet Application Server
Start Web Server iPlanet-WebServer-Enterprise/6.0SP1 B08/20/200100:58
warning: daemon is running as super-user
[LS ls1] http://gedemo1.plateau.com, port 80 ready
to accept requests
startup: server started successfully.
After completion of installation, I tried to start the console. But I
got the following error;
"Cant connect ot the admin server. The url is not correct or the
server is not running.
Finally,when I started the admintool(iASTT),it shows the iAS1
was registered( marked with a red cross mark) and says "cant login.
make sure the user
name & passwdord are correct" when i click on it.
Thanks in advance for any help
Madhavi
Try our New Web Based Forum at http://softwareforum.sun.com
Includes Access to our Product Knowledge Base!

802.1x port authentication failing after getting a access-accept packet

Hi all,
Im not 100% sure what the hell is going on here.
Any idea's or help will be appreciated.
Heres the topology.
1 x windows 2012 NPS
1x 3750X
1x Windows 7 x64
data flow
<laptop> - - [gi 1/0/13]<3750X>[gi 1/0/48]- -[gi 5/39]<6513>[po 1] - - [po 4]<6509><5/1> - - <VMWARE>[NPS Server]
The switch that is doing the authentication is the 3750X. Here is the IOS version.
Switch Ports Model SW Version SW Image
* 1 54 WS-C3750X-48 15.2(1)E C3750E-UNIVERSALK9-M
A wireshark trace on the NPS server shows that the packets are arriving and being sent back
Wireshark on a mirror of the trunk port connecting the 6513. It also shows packets being sent and arriving. access-accept packets are being recieved.
As you can see in the debug output, the switch is getting a access-accept, then it is stating a AAA failure.
here is a debug output as you plug in the laptop.
Oct 24 10:53:44.653: dot1x-ev:[Gi1/0/13] Interface state changed to DOWN
Oct 24 10:53:44.653: dot1x-ev:[Gi1/0/13] No DOT1X subblock found for port down
Oct 24 10:53:45.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to down
Oct 24 10:53:46.641: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to down
Oct 24 10:53:47.538: dot1x-ev:[Gi1/0/13] Interface state changed to UP
Oct 24 10:53:47.564: dot1x-packet:[6431.500e.9b00, Gi1/0/13] queuing an EAPOL pkt on Auth Q
Oct 24 10:53:47.572: dot1x-ev:DOT1X Supplicant not enabled on GigabitEthernet1/0/13
Oct 24 10:53:47.572: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x1
Oct 24 10:53:47.572: dot1x-packet: length: 0x0000
Oct 24 10:53:47.572: dot1x-ev:[Gi1/0/13] Dequeued pkt: Int Gi1/0/13 CODE= 0,TYPE= 0,LEN= 0
Oct 24 10:53:47.572: dot1x-ev:[Gi1/0/13] Received pkt saddr =6431.500e.9b00 , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
Oct 24 10:53:47.572: dot1x-ev:[Gi1/0/13] Couldn't find the supplicant in the list
Oct 24 10:53:47.572: dot1x-ev:[6431.500e.9b00, Gi1/0/13] New client detected, sending session start event for 6431.500e.9b00
Oct 24 10:53:47.572: AAA/BIND(00000047): Bind i/f
Oct 24 10:53:47.580: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Sending create new context event to EAP for 0x15000045 (6431.500e.9b00)
Oct 24 10:53:47.580: EAP-EVENT: Received context create from LL (Dot1x-Authenticator) (0x15000045)
Oct 24 10:53:47.580: EAP-AUTH-EVENT: Received AAA ID 0x00000047 from LL
Oct 24 10:53:47.580: EAP-AUTH-AAA-EVENT: Assigning AAA ID 0x00000047
Oct 24 10:53:47.580: EAP-AUTH-AAA-EVENT: CTS not enabled on interface Gi1/0/13
Oct 24 10:53:47.580: EAP-AUTH-EVENT: Received Session ID "C0A846660000004700DF6030" from LL
Oct 24 10:53:47.580: EAP-AUTH-EVENT: Setting authentication mode: Passthrough
Oct 24 10:53:47.580: eap_authen : initial state eap_auth_initialize has enter
Oct 24 10:53:47.580: EAP-EVENT: Allocated new EAP context (handle = 0xE8000047)
Oct 24 10:53:47.580: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Created a client entry (0x15000045)
Oct 24 10:53:47.580: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Dot1x authentication started for 0x15000045 (6431.500e.9b00)
Oct 24 10:53:47.580: %AUTHMGR-5-START: Starting 'dot1x' for client (6431.500e.9b00) on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
Oct 24 10:53:47.580: EAP-EVENT: Received EAP event 'EAP_AUTHENTICATOR_START' on handle 0xE8000047
Oct 24 10:53:47.580: eap_authen : during state eap_auth_initialize, got event 25(eapStartTmo)
Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_initialize -> eap_auth_select_action
Oct 24 10:53:47.580: eap_authen : during state eap_auth_select_action, got event 20(eapDecisionPropose)
Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_select_action -> eap_auth_propose_method
Oct 24 10:53:47.580: eap_authen : idle during state eap_auth_propose_method
Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_propose_method -> eap_auth_method_request
Oct 24 10:53:47.580: eap_authen : idle during state eap_auth_method_request
Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_method_request -> eap_auth_tx_packet
Oct 24 10:53:47.580: EAP-AUTH-EVENT: Current method = Identity
Oct 24 10:53:47.580: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_CUSTOMIZE_ID_REQUEST' on handle 0xE8000047
Oct 24 10:53:47.580: eap_authen : idle during state eap_auth_tx_packet
Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_tx_packet -> eap_auth_idle
Oct 24 10:53:47.589: EAP-AUTH-TX-PAK: Code:REQUEST ID:0x1 Length:0x0005 Type:IDENTITY
Oct 24 10:53:47.589: EAP-EVENT: Started 'Authenticator ReqId Retransmit' timer (30s) for EAP sesion handle 0xE8000047
Oct 24 10:53:47.589: EAP-EVENT: Started EAP tick timer
Oct 24 10:53:47.589: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_TX_PACKET' on handle 0xE8000047
Oct 24 10:53:47.597: dot1x-ev:[Gi1/0/13] Sending EAPOL packet to group PAE address
Oct 24 10:53:47.597: dot1x-ev:[Gi1/0/13] Sending out EAPOL packet
Oct 24 10:53:47.597: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Oct 24 10:53:47.597: dot1x-packet: length: 0x0005
Oct 24 10:53:47.597: dot1x-packet:EAP code: 0x1 id: 0x1 length: 0x0005
Oct 24 10:53:47.597: dot1x-packet: type: 0x1
Oct 24 10:53:47.597: dot1x-packet:[6431.500e.9b00, Gi1/0/13] EAPOL packet sent to client 0x15000045
Oct 24 10:53:47.606: dot1x-packet:[6431.500e.9b00, Gi1/0/13] Queuing an EAPOL pkt on Authenticator Q
Oct 24 10:53:47.606: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Oct 24 10:53:47.606: dot1x-packet: length: 0x001F
Oct 24 10:53:47.606: dot1x-ev:[Gi1/0/13] Dequeued pkt: Int Gi1/0/13 CODE= 2,TYPE= 1,LEN= 31
Oct 24 10:53:47.606: dot1x-ev:[Gi1/0/13] Received pkt saddr =6431.500e.9b00 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.001f
Oct 24 10:53:47.606: dot1x-packet:EAPOL pak rx - Ver: 0x1 type: 0x0
Oct 24 10:53:47.606: dot1x-packet: length: 0x001F
Oct 24 10:53:47.606: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Response sent to the server from 0x15000045
Oct 24 10:53:47.606: EAP-EVENT: Received LL (Dot1x-Authenticator) event 'EAP_RX_PACKET' on handle 0xE8000047
Oct 24 10:53:47.606: EAP-AUTH-RX-PAK: Code:RESPONSE ID:0x1 Length:0x001F Type:IDENTITY
Oct 24 10:53:47.606: Payload: 47454E4552414C5C72616E64792E636F ...
Oct 24 10:53:47.606: eap_authen : during state eap_auth_idle, got event 1(eapRxPacket)
Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_idle -> eap_auth_received
Oct 24 10:53:47.606: EAP-AUTH-EVENT: EAP Response received by context 0xE8000047
Oct 24 10:53:47.606: EAP-AUTH-EVENT: EAP Response type = Identity
Oct 24 10:53:47.606: EAP-EVENT: Stopping 'Authenticator ReqId Retransmit' timer for EAP sesion handle 0xE8000047
Oct 24 10:53:47.606: eap_authen : during state eap_auth_received, got event 10(eapMethodData)
Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_received -> eap_auth_method_response
Oct 24 10:53:47.606: EAP-AUTH-EVENT: Received peer identity: GENERAL\randy.coburn.admin
Oct 24 10:53:47.606: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_IDENTITY' on handle 0xE8000047
Oct 24 10:53:47.606: eap_authen : during state eap_auth_method_response, got event 13(eapMethodEnd)
Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_method_response -> eap_auth_select_action
Oct 24 10:53:47.606: eap_authen : during state eap_auth_select_action, got event 19(eapDecisionPass)
Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_select_action -> eap_auth_passthru_init
Oct 24 10:53:47.606: eap_authen : during state eap_auth_passthru_init, got event 22(eapPthruIdentity)
Oct 24 10:53:47.614: @@@ eap_authen : eap_auth_passthru_init -> eap_auth_aaa_req
Oct 24 10:53:47.614: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_GET_PEER_MAC_ADDRESS' on handle 0xE8000047
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Adding Audit-Session-ID "C0A846660000004700DF6030" to RADIUS Req
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Added Audit-Session-ID
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Adding IDB "0x070B90F8" to RADIUS Req
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Added IDB
Oct 24 10:53:47.614: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_CUSTOMIZE_AAA_REQUEST' on handle 0xE8000047
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: eap_auth_aaa_authen_request_shim aaa_service 19, eap aaa_list handle 0, mlist handle 0
Oct 24 10:53:47.614: AAA/AUTHEN/8021X (00000000): Pick method list 'default'
Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Request sent successfully
Oct 24 10:53:47.614: eap_authen : during state eap_auth_aaa_req, got event 24(eapAAAReqOk)
Oct 24 10:53:47.614: @@@ eap_authen : eap_auth_aaa_req -> eap_auth_aaa_idle
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute hwidb
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute aaa-authen-type
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute aaa-authen-service
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute clid-mac-addr
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute target-scope
Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute aaa-unique-id
Oct 24 10:53:47.614: RADIUS(00000000): Config NAS IP: 0.0.0.0
Oct 24 10:53:47.614: RADIUS(00000000): sending
Oct 24 10:53:47.614: RADIUS/ENCODE: Best Local IP-Address 192.168.70.102 for Radius-Server 192.168.19.121
Oct 24 10:53:47.614: RADIUS(00000000): Send Access-Request to 192.168.19.121:1645 id 1645/21, len 288
Oct 24 10:53:47.614: RADIUS: authenticator F1 BA E5 31 71 54 BF 1A - A2 B1 5E 1A 63 72 1E 72
Oct 24 10:53:47.614: RADIUS: User-Name [1] 28 "GENERAL\randy.coburn.admin"
Oct 24 10:53:47.614: RADIUS: Service-Type [6] 6 Framed [2]
Oct 24 10:53:47.614: RADIUS: Vendor, Cisco [26] 27
Oct 24 10:53:47.614: RADIUS: Cisco AVpair [1] 21 "service-type=Framed"
Oct 24 10:53:47.614: RADIUS: Framed-MTU [12] 6 1500
Oct 24 10:53:47.614: RADIUS: Called-Station-Id [30] 19 "AC-F2-C5-75-7D-0D"
Oct 24 10:53:47.614: RADIUS: Calling-Station-Id [31] 19 "64-31-50-0E-9B-00"
Oct 24 10:53:47.614: RADIUS: EAP-Message [79] 33
Oct 24 10:53:47.614: RADIUS: 02 01 00 1F 01 47 45 4E 45 52 41 4C 5C 72 61 6E 64 79 2E 63 6F [GENERAL\randy.co]
Oct 24 10:53:47.622: RADIUS: 62 75 72 6E 2E 61 64 6D 69 6E [ burn.admin]
Oct 24 10:53:47.622: RADIUS: Message-Authenticato[80] 18
Oct 24 10:53:47.622: RADIUS: EE 52 4D ED B9 06 F3 CE 63 AC 9D 73 24 1B A7 ED [ RMcs$]
Oct 24 10:53:47.622: RADIUS: EAP-Key-Name [102] 2 *
Oct 24 10:53:47.622: RADIUS: Vendor, Cisco [26] 49
Oct 24 10:53:47.622: RADIUS: Cisco AVpair [1] 43 "audit-session-id=C0A846660000004700DF6030"
Oct 24 10:53:47.622: RADIUS: Vendor, Cisco [26] 20
Oct 24 10:53:47.622: RADIUS: Cisco AVpair [1] 14 "method=dot1x"
Oct 24 10:53:47.622: RADIUS: NAS-IP-Address [4] 6 192.168.70.102
Oct 24 10:53:47.622: RADIUS: NAS-Port [5] 6 60000
Oct 24 10:53:47.622: RADIUS: NAS-Port-Id [87] 23 "GigabitEthernet1/0/13"
Oct 24 10:53:47.622: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Oct 24 10:53:47.622: RADIUS(00000000): Sending a IPv4 Radius Packet
Oct 24 10:53:47.622: RADIUS(00000000): Started 10 sec timeout
Oct 24 10:53:47.622: RADIUS: Received from id 1645/21 192.168.19.121:1645, Access-Accept, len 66
Oct 24 10:53:47.622: RADIUS: authenticator 92 F6 07 AF C1 AB 0B 4C - 1D 9E A0 D1 01 36 27 26
Oct 24 10:53:47.622: RADIUS: Class [25] 46
Oct 24 10:53:47.622: RADIUS: 76 E3 06 66 00 00 01 37 00 01 02 00 C0 A8 13 79 00 00 00 00 00 00 00 00 00 00 00 00 01 CE CF F8 1F 7B 75 41 00 00 00 00 00 00 00 50 [ vf7y{uAP]
Oct 24 10:53:47.622: RADIUS(00000000): Received from id 1645/21
Oct 24 10:53:47.622: EAP-EVENT: eap_aaa_reply
Oct 24 10:53:47.622: EAP-AUTH-AAA-EVENT: Reply received session_label 72000033
Oct 24 10:53:47.622: EAP-EVENT: Received AAA event 'EAP_AAA_FAIL' on handle 0xE8000047
Oct 24 10:53:47.622: eap_authen : during state eap_auth_aaa_idle, got event 8(eapAAAFail)
Oct 24 10:53:47.622: @@@ eap_authen : eap_auth_aaa_idle -> eap_auth_failure
Oct 24 10:53:47.631: EAP-EVENT: Received get canned status from lower layer (0xE8000047)
Oct 24 10:53:47.631: EAP-AUTH-TX-PAK: Code:FAILURE ID:0x1 Length:0x0004
Oct 24 10:53:47.631: EAP-AUTH-EVENT: FAIL for EAP method ID: 1, name: , on handle 0xE8000047
Oct 24 10:53:47.631: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_FAIL' on handle 0xE8000047
Oct 24 10:53:47.631: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Received an EAP Fail
Oct 24 10:53:47.639: %DOT1X-5-FAIL: Authentication failed for client (6431.500e.9b00) on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
Oct 24 10:53:47.639: dot1x-packet:[6431.500e.9b00, Gi1/0/13] Added username in dot1x
Oct 24 10:53:47.639: dot1x-packet:[6431.500e.9b00, Gi1/0/13] Dot1x did not receive any key data
Oct 24 10:53:47.639: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Processing client delete for hdl 0x15000045 sent by Auth Mgr
Oct 24 10:53:47.639: dot1x-ev:[6431.500e.9b00, Gi1/0/13] 6431.500e.9b00: sending canned failure due to method termination
Oct 24 10:53:47.639: EAP-EVENT: Received get canned status from lower layer (0xE8000047)
Oct 24 10:53:47.639: dot1x-ev:[Gi1/0/13] Sending EAPOL packet to group PAE address
Oct 24 10:53:47.639: dot1x-ev:[Gi1/0/13] Sending out EAPOL packet
Oct 24 10:53:47.639: dot1x-packet:EAPOL pak Tx - Ver: 0x3 type: 0x0
Oct 24 10:53:47.639: dot1x-packet: length: 0x0004
Oct 24 10:53:47.639: dot1x-packet:EAP code: 0x4 id: 0x1 length: 0x0004
Oct 24 10:53:47.639: dot1x-packet:[6431.500e.9b00, Gi1/0/13] EAPOL canned status packet sent to client 0x15000045
Oct 24 10:53:47.639: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Deleting client 0x15000045 (6431.500e.9b00)
Oct 24 10:53:47.639: %AUTHMGR-7-STOPPING: Stopping 'dot1x' for client 6431.500e.9b00 on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
Oct 24 10:53:47.639: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (6431.500e.9b00) on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
Oct 24 10:53:47.648: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Delete auth client (0x15000045) message
Oct 24 10:53:47.648: EAP-EVENT: Received free context (0xE8000047) from LL (Dot1x-Authenticator)
Oct 24 10:53:47.648: dot1x-ev:Auth client ctx destroyed
Oct 24 10:53:47.648: EAP-EVENT: Received LL (Dot1x-Authenticator) event 'EAP_DELETE' on handle 0xE8000047
Oct 24 10:53:47.648: EAP-AUTH-EVENT: Freed EAP auth context
Oct 24 10:53:47.648: EAP-EVENT: Freed EAP context
Oct 24 10:53:48.621: EAP-EVENT: Stopped EAP tick timer
Oct 24 10:53:49.485: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to up
Oct 24 10:53:50.491: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to up
Oct 24 10:53:53.528: dot1x-ev:[Gi1/0/13] Interface state changed to DOWN
Oct 24 10:53:53.528: dot1x-ev:[Gi1/0/13] No DOT1X subblock found for port down
Oct 24 10:53:54.518: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to down
Oct 24 10:53:55.524: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to down

Hi Jatin,
See below the data that you have requested.
show run bits.
aaa new-model
aaa authentication dot1x default group radius
aaa session-id common
clock timezone BST 0 0
clock summer-time UTC recurring last Sun Mar 1:00 last Sun Oct 2:00
dot1x system-auth-control
interface GigabitEthernet1/0/13
switchport access vlan 80
switchport mode access
authentication port-control auto
dot1x pae authenticator
spanning-tree portfast
interface GigabitEthernet1/0/48
switchport trunk encapsulation dot1q
switchport trunk native vlan 70
switchport mode trunk
radius server NPS1
address ipv4 192.168.19.121 auth-port 1645 acct-port 1646
timeout 10
key thesecret
ip default-gateway 192.168.70.1
SW1-randy#show auth sessions interface gig 1/0/13
Interface MAC Address Method Domain Status Fg Session ID
Gi1/0/13 803f.5d09.189e N/A UNKNOWN Unauth C0A846660000002F00251DBC
SW1-randy#Show mac address-table Interface GigabitEthernet1/0/13
 Mac Address Table
Vlan Mac Address Type Ports
80 803f.5d09.189e DYNAMIC Drop
SW1-randy#ping 192.168.19.121
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.19.121, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
Here is a wireshark of the accept packet.
Message was edited by: randy coburn
Added wireshark trace

Policy Agent Authentication Failed!!!

Hi All,
I configured the Policy Agent based on Apache 2.055, and browsed server, it display 500 error code : Internal Server Error. The followings is the debug log,
Error 900:7f2028 AuthService: AuthService::processLoginStatus() Exception message=[Authentication Failed!!] errorCode='107' templateName=login_failed_template.jsp.
2005-11-15 14:04:38.093 Error 900:7f2028 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Authentication Failed!!] errorCode='107' templateName=login_failed_template.jsp and code:3
2005-11-15 14:04:38.093 Warning 900:7f2028 PolicyAgent: am_web_is_access_allowed()(http://exchange.hzliqun.com:8080/, GET) denying access: status = Identity Server authentication service failure
2005-11-15 14:04:38.093 Debug 900:7f2028 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://exchange.hzliqun.com:8080/.
2005-11-15 14:04:38.093 Info 900:7f2028 PolicyAgent: am_web_is_access_allowed()(http://exchange.hzliqun.com:8080/, GET) returning status: Identity Server authentication service failure.
2005-11-15 14:04:38.093 Info 900:7f2028 PolicyAgent: process_request(): Access check for URL http://exchange.hzliqun.com:8080/ returned Identity Server authentication service failure.
2005-11-15 14:04:38.093 Debug 900:7f2028 PolicyAgent: process_request(): returning web result AM_WEB_RESULT_ERROR, data []
2005-11-15 14:04:38.093 Debug 900:7f2028 PolicyAgent: am_web_process_request(): Rendering web result AM_WEB_RESULT_ERROR
2005-11-15 14:04:38.093 Debug 900:7f2028 PolicyAgent: am_web_process_request(): render result function returned AM_SUCCESS.
Please help to sovle it.
Any help will be appreciated.
Thanks,
Peter

Looks like the agent can't authenticate. Check the AM URL and the amldapuser password. Check the amserver amAuthApplication and amComm debug files to see if there are any agent authentication related exceptions. If you have ethereal installed you can do a network trace to see the XML passed between the agent and the server

Authentication failed

hello!
my aol email has frozen on my phone. I tried refreshing and that did not work. I deleted my email account and now when I try to restart the email account it says authentication failed (after checking incoming server settings). my friend has the same phone, her email froze last week, she refreshed it and now it works. I don't understand why mine is not working. any help or suggestions would be appreciated.

Artesianrev,
We want you to be able to enjoy using your email account on your Samsung Galaxy S4! Have you checked to make sure your email account does not have 2-step verification set up on it? http://bit.ly/1njb5e4 Are you manually entering it the server information for the email account? http://vz.to/1jZGAq6
LindseyT_VZW
Follow us on Twitter @VZWSupport

Authentication failed on device 3 times. Failed to detect SSH version running on the device. PRIMARY-STARTUP config Fetch Operation failed for TFTP

I have devices loaded but new devices keep getting this error "Authentication failed on device 3 times. Failed to detect SSH version running on the device. PRIMARY-STARTUP config Fetch Operation failed for TFTP" - which trying to get configurations. I am using LMS 3.0.1
I tried to TELNET on devices via Putty port 22 no good. Please help?
Name Version License Status Size CiscoWorks Common Services 3.1.1 Licensed Not applicable Campus Manager 5.0.3 Purchased 1500 CiscoView 6.1.7 Licensed Not applicable CiscoWorks Assistant 1.0.1 Licensed Not applicable Device Fault Manager 3.0.3 Purchased 1500 Internetwork Performance Monitor 4.0.1 Purchased 1500 Integration Utility 1.7.1 Licensed Not applicable LMS Portal 1.0.1 Licensed Not applicable Resource Manager Essentials 4.1.1 Purchased 1500

Showing 1-1 of 1 records
Go to page:
of 1 pages
Device Name
SysObjectID
Model
Device Status
Inventory Status
Inventory Last Updated Time
Config Status
Config Last Updated Time
1.
R2020012_01
.1.3.6.1.4.1.9.1.576
Cisco 2811 Integrated Services Router
Normal
Success
Jan 13 2011 10:43:49 EST
Failed
Jan 13 2011 10:37:24 EST
Rows per page:
20 50 100 500
Go to page:
of 1 pages

"Authentication Failed" and "Your session has timed out" messages

Hi All,
In our implementation, we are using Sun Access Manager 7.0 Patch 6. We noticed that sometimes when we enter invalid credentials, we receive "Authentication Failed" message which we understand is a correct behavior. But sometimes instead of "Authentication Failed", we get "Your session has timed out" message even though we did not go over the module timeout of 2 minutes(i.e. default timeout value in SUN Access Manager).
Is this a known anomaly? Did anybody else have seen this kind of behavior?
Thanks,
Jaya

I'm having issues too! Help!

'Authentication Failed' for Adobe Content Viewer on iPad

I could not sign in to Adobe Content Viewer on iPad using my Adobe ID? Message received was 'Authentication failed'. I tried signed in to Adobe website using the name ID and password, there was no problem. Could someone PLEASE HELP me!

I Know nothing about this, but a Google search revealed this from the Adobe Support site.
https://forums.adobe.com/thread/892219..
SInce it is an Adobe app, you would probably be better off seeking help on their forums anyway.

Help, Authentication failed

Similar Messages

Maybe you are looking for