MAB user failed to land correct Authorization policy after posture success

Hi,
We have MAB user who authenticates via webportal using domain username/password and get the NAC web agent download and do the posture.
After posture is complated (say success/passed), the user is landing on Defaul Policy which is DenyAccess.
I have change the gestportal setting with enabling Vlan DHCP Release and CoA, but there is no luck. I have similar rules for wired dot1x and its working fine after posture part, only different is they are MAB users and authenticated via webportal and belongs to different user group in AD.
What we could see on the switch, once you authenticated, it get the Web Redirect and when the user authenticates in get the NAC web agent direct and after posture completed it again go back to Web portal redirection and giving error saying both dot1x and MAB failed,
Attached is the switch logs and ISE configuration and failed logs.
If someone has clue on this or has come across this issue, please update me.
Thanks in advance.

Instead of using the Wired_MAB prefix in your first three authorisation rules, refer to the Endpoint Identity Group instead. The reason you get Deny Access is because the event you're looking for isn't a MAC Auth event, and therefore those rules get skipped. Using the Endpoint Identity Group will allow you to evaluate the MAC Address and will get your rules working as required.
Sent from Cisco Technical Support iPad App

Similar Messages

How to trigger email notification when users fail to give correct answers to reset your password in fim 2010 r2

Hi,
How to trigger email notification when users fail to give correct answers to reset your password in fim 2010 r2
Senario:I want put wrong answering to the Questions that i was during registration if i give wrong answers to the questions then a Email Notification should be trigger to Users.
Regards
Anil Kumar

Hi Sylvain,
I did all thing as you told me.First i created Criteria based Set after this we created a Workflow type Action and Actvities Type Notifcation Email template and finally i called this Workflow in MPR as Set Transition and call Set that i was created below.and
check Advance View of Set this gives
<Filter xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" Dialect="http://schemas.microsoft.com/2006/11/XPathFilterDialect"
xmlns="/Request[(Creator">http://schemas.xmlsoap.org/ws/2004/09/enumeration">/Request[(Creator = 'b0b36673-d43b-4cfa-a7a2-aff14fd90522') and (RequestStatus = 'Denied or PostProcessingError')]</Filter>
But this is not working for me so please tell me where i am wrong.
Regards
Anil Kumar

Problems with Authorization Policy, the USER has expired and the ISE is allowing access.

Hi,
My end customer reported an issue with ISE 1.1.4-218.
The GUEST user is expired but still can authenticate in the WLAN.
That's an known issue/bug?
Thanks!
Regards,
Rafael Eloi

Check if the option in the configuration part of the Authentication process = CONTINUE.
For example, when you use CWA, the IF AUTHENTICATION FAILED Option = CONTINUE so the MAB Auth always fails but based on that Option your connection continues so you are actually redirected using the AUTHORIZATION Policy.

Authorization Policy for Modify user in OIM 11gR2

Hi Experts,
Requirement: I want the users in particular org not to modify certain user attributes and users from other org should be allowed to modify user.
I have created user1 whose organization is org1 and role is role1. I have also created user user2 under same org and same role. I assigned the Admin Role "User Administrator" role to user2.
So If user2 from same org1 tries to modify certain attributes then OIM should throw error message. I have completed till this.
But when the user from diff org say org2 with Admin Role "User Administrator" tries to modify user, OIM is not allowing to modify user which should not be the case.
I want the Auth Policy to trigger only for Org1. I have specified the below condition for my custom policy in OES admin console but it is not triggering.
The condition is
IF ( OrclOIMTargetEntity = 'true' AND OrclOIMUserOrganizations = 'true' AND STRING_AT_LEAST_ONE_MEMBER_OF(OrclOIMUserOrganizations,['25','1000000']) = true )
What am I missing?
Any help is much appreciated.

Hi
Can anyone let me know the steps to restrict modify user operation for the users belonging to specific organization in OIM 11gR2. The condition which I specified under Authorization Policy in APM console is not triggering at all.
Thanks!

Authorization Policy for only search users

Hi all,
I need create a custom authorization policy for only search all users in create request. The users can't see any profile information of others users.
Anyone can help me ?
Regards,
Joel

ViewUser Admin Role can search and view users by default. Since the OES policies for this admin role has action as ViewSearch Entity. In your case, you can write EL's to hide Admin tab which will hide Admin ltab links based on current logged-in user profile.
http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#BABHBFGH

OIM 11g - User Management Authorization policy issues

Hello,
1) Created an organization -> Human Resource
2) Created an Role -> HR_Admins
3) Assigned HR_Admins roles as administrative role of Human Resource organization
4) Created user1 with organization as Human Resource & Assigned HR_Admins role to this user.
5) Created authorization policy for user management with following selections
Permission -> Create User.
Data Constraints -> Selected "Users that are members of selected Organizations" & selected above Human Resource organization.
Assignment -> HR_Admins role .
now when i log into user1 i am not able to see Administration tab where i can select Create user.
I am working on this issue for couple of days ,but not able to find the solution & have i missed some configurations ?
Thank-You
Rahul Shah

Hi Rahul,
I have tested your scenarion.. with below clause
1) Created an organization -> Human Resource
2) Created an Role -> HR_Admins
3) Assigned HR_Admins roles as administrative role of Human Resource organization
4) Created user1 with organization as Human Resource & Assigned HR_Admins role to this user. : default role All Users
5) Created authorization policy for user management with following selections
Permission -> Create User. :- *"Select ALL"*
Data Constraints -> Selected "Users that are members of selected Organizations" & selected above Human Resource organization.
Assignment -> HR_Admins role .
In data constraints
Organization Security Setting Hierarchy Aware (include all Child Organizations)
Now I am able to see the create user tab and, I can create user in Human Resource org only.
If it doesn't work for you. Just assign "REQUEST ADMINISTRATOR" IN AUTH POLICY. Test the result.
Also what is your OIM version?
Test it with fresh data like new role name, org and user,
-kuldeep
Edited by: Kuldeep on May 22, 2012 4:19 AM

Event ID 1085 on DC - Failed to Apply the Group Policy Local Users and Groups Settings

I have a domain with 2 DCs. The primary DC is running Server 2012 and is raising Event ID 1085 every 10 minutes and 20 seconds.
Windows failed to apply the Group Policy Local Users and Groups settings. Group Policy Local Users and Groups settings might have its own log file. Please click on the "More information" link.
System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 1085
Version 0
Level 3
Task 0
Opcode 1
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2014-10-20T20:09:03.706992400Z
EventRecordID 130087
- Correlation
[ ActivityID] {FDDFB8C5-9ECF-41B9-B2B4-3AD0B345A37A}
- Execution
[ ProcessID] 1000
[ ThreadID] 3280
Channel System
Computer SERVER.DOMAIN.NAME
- Security
[ UserID] S-1-5-18
- EventData
SupportInfo1 1
SupportInfo2 4404
ProcessingMode 0
ProcessingTimeInMilliseconds 10343
ErrorCode 183
ErrorDescription Cannot create a file when that file already exists.
DCName \\SERVER.DOMAIN.name
ExtensionName Group Policy Local Users and Groups
ExtensionId {17D89FEC-5C44-4972-B12D-241CAEF74509}
Everything I look up for Event ID 1085 seems to be about a different cause.
Any ideas?

I enabled tracing on a domain gpo and I still get the error when running gpupdate /force .
I'm also still getting Event 1085. Here's the trace file. I've anonymized the site/domain and the GUIDs.
2014-10-21 11:16:54.003 [pid=0x3e8,tid=0xcd0] Entering ProcessGroupPolicyExLocUsAndGroups()
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{GUID-1}
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] BackgroundPriorityLevel ( 0 )
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] DisableRSoP ( 0 )
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] LogLevel ( 2 )
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Background priority set to 0 (Idle).
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ----- Parameters
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] CSE GUID : {GUID-1}
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Flags : ( X ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Token (computer or user SID): S-1-5-18
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Abort Flag : Yes (0x313be090)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] HKey Root : Yes (0x80000002)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Deleted GPO List : No
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Changed GPO List : Yes
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Asynchronous Processing : Yes
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Status Callback : No (0x00000000)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] WMI namespace : Yes (0x32273740)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] RSoP Status : Yes (0x320cc7f4)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Planning Mode Site : (none)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Computer Target : No (0x00000000)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] User Target : No (0x00000000)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Calculated list relevance. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ----- Changed - 0
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Version : 19267878 (0x01260126)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-2},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-2}\Machine
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Policy
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-2}
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkDomain - The GPO is linked to a domain.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Prev GPO : No
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Next GPO : Yes
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-4}{GUID-5}{GUID-6}{GUID-7}{GUID-8}][{GUID-9}{GUID-10}][{GUID-11}{GUID-5}{GUID-6}]
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam2 : 0x3146f978
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Link : LDAP://DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-2}\Machine\Preferences\Groups\Groups.xml
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ----- Changed - 1
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Version : 1245203 (0x00130013)
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-12},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-12}\Machine
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Controllers Policy
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-12}
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkDomain - The GPO is linked to a domain.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Prev GPO : Yes
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Next GPO : No
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-9}{GUID-10}]
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam2 : 0x324e8198
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Link : LDAP://OU=Domain Controllers,DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-12}\Machine\Preferences\Groups\Groups.xml
2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Completed get next GPO. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] WQL : SELECT * FROM RSOP_PolmkrSetting WHERE polmkrBaseCseGuid = "{GUID-1}"
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Purged 2 old RSoP entries.
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Logging 2 new RSoP entries.
2014-10-21 11:16:54.159 [pid=0x3e8,tid=0xcd0] RSoP Entry 0
2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] RSoP Entry 1
2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] Completed get GPO list. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] IsRsopPlanningMode() [SUCCEEDED(S_FALSE)]
2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed settings update (csePostProcess). [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed CSE post-processing. [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
2014-10-21 11:17:04.267 [pid=0x3e8,tid=0xcd0] Leaving ProcessGroupPolicyExLocUsAndGroups() returned 0x000000b7

SSO- Connection failed. Make sure user mapping is set correctly and all....

Hi All...
I configured SSO Between EP6.0 and BW 3.5...By following this tutorial:
http://help.sap.com/saphelp_nw04/helpdata/en/84/30984076b84063e10000000a1550b0/frameset.htm
every thing is working fine... when i trying to check the preview for an iveiw (it is invoking BEx in the BW
System) it is again asking BW System username & Password. I already done user mapping between the
portal user with the BW user.
After i reviewd my entire work i got one problem at:
System Administration --> System configuration --> Portal content --> opened my created system object ->
Selected Connection Tests --> Select Connection test for Connectors --> Click on Test Button --> Here i
got the following error : Retrieval of default alias successful
Connection failed. Make sure user mapping is set correctly and all connection parameters are correct.
I checked the usermapping area and connector Parameters those all are correct according to the document.
I was stuck at this place from 4 days please advice me what are the causes for this error
Best Regards
Abhi...

Have you tested the SSO setting by running the program "RSPOR_SETUP"?
Yes Rajesh I tested by running the program RSPOR_SETUP in BW System.
It is saying connection is success to communicate with RFC Server.
The problem is comming from the portal side when i test connector properties for System object.
But it is saying WEB AS Connection properties are success for System object.
The exact Error Message is :
Connection failed. Make sure user mapping is set correctly and all connection properties are correct.
Best Regards
Sudhakar A

Not able to see the users in Authorization Policy Manager

I have configured a OID provider in the myrealm of weblogic for OES Server. I also added the following lines to jps-config.xml
<serviceInstance provider=”idstore.ldap.provider” name=”idstore.ldap”>
<property value=”oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider” name=”idstore.config.provider”/>
<property value=”oracle.security.idm.providers.stdldap.JNDIPool” name=”CONNECTION_POOL_CLASS”/>
<property name=”idstore.type” value=”OID”/>
</serviceInstance>
Even then I cannot see any of the users from the OID through application policy manager.
Anybody aware of any other settings that need to be done ?
oes server version is 11.1.1.6. and OID is 11.1.1.5.
Any help will be appreciated.
Edited by: ssarkar on May 10, 2012 1:15 PM

externalize the users.

User + Mac Address Authorization Policy

Hi,
Is there any option to bind a user who is authorized correctly from external identity with the mac-address of his workstation ?
The point is to give him access to the network only from a specific Workstation and denied him from any other workstation.
Thanks

1. ISE 1.2 is having the role of Radius
2. Really i don't know I guess the binding should be happen before the login as i don't want the user to login from any other PC.
The key point on this scenario is a user to login on the corporate wired network only from his PC (User+MAC) and denied from any other PC.
If you want describe me both ways to understand which might fit in my case.
3. The PC has the native supplicant of Windows and authenticated through PEAP MS CHAPv2
Thanks in advance

ISE Authorization Policy Issues

Hello Team,
I´m getting troubles during my implementation: The User PC never gets IP Address from Access VLAN after AuthZ Policy succeded.
I have two vlans in my implementation:
Vlan ID 802 for Authentication (Subnet 10.2.39.0)
Vlan ID 50 for Access Users (Subnet Y.Y.Y.Y)
When I start my User PC, I get IP for VLAN 802 (10.2.39.3) and After Posture process, ISE inform the switch to put the User PC port in VLAN 50.
Here I have my Switch Port Configuration:
interface GigabitEthernet0/38
switchport access vlan 802
switchport mode access
switchport nonegotiate
switchport voice vlan 120
ip access-group ACL-DEFAULT in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 50
authentication event server dead action authorize voice
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
end
And Here, I have outputs AuthZ Policy in Action:
Oct 7 09:22:01.574 ANG: %DOT1X-5-SUCCESS: Authentication successful for client (0022.1910.4130) on Interface Gi0/38 AuditSessionID 0A022047000000F6126E9B17
Oct 7 09:22:01.582 ANG: %AUTHMGR-5-VLANASSIGN: VLAN 50 assigned to Interface Gi0/38 AuditSessionID 0A022047000000F6126E9B17
Oct 7 09:22:01.591 ANG: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC 0022.1910.4130| AuditSessionID 0A022047000000F6126E9B17| AUTHTYPE DOT1X| EVENT APPLY
Oct 7 09:22:01.591 ANG: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-537cb1d6| EVENT DOWNLOAD-REQUEST
Oct 7 09:22:01.633 ANG: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-537cb1d6| EVENT DOWNLOAD-SUCCESS
Oct 7 09:22:01.633 ANG: %EPM-6-IPEVENT: IP 0.0.0.0| MAC 0022.1910.4130| AuditSessionID 0A022047000000F6126E9B17| AUTHTYPE DOT1X| EVENT IP-WAIT
SWISNGAC8FL02#
Oct 7 09:22:02.069 ANG: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0022.1910.4130) on Interface Gi0/38 AuditSessionID 0A022047000000F6126E9B17
SWISNGAC8FL02#
Oct 7 09:22:02.731 ANG: %EPM-6-IPEVENT: IP 10.2.39.3| MAC 0022.1910.4130| AuditSessionID 0A022047000000F6126E9B17| AUTHTYPE DOT1X| EVENT IP-ASSIGNMENT
Oct 7 09:22:02.731 ANG: %EPM-6-POLICY_APP_SUCCESS: IP 10.2.39.3| MAC 0022.1910.4130| AuditSessionID 0A022047000000F6126E9B17| AUTHTYPE DOT1X| POLICY_TYPE Named ACL| POLICY_NAME xACSACLx-IP-PERMIT_ALL_TRAFFIC-537cb1d6| RESULT SUCCESS
After that, I have:
SWISNGAC8FL02#sh auth sess int g0/38
Interface: GigabitEthernet0/38
MAC Address: 0022.1910.4130
IP Address: 10.2.39.3
User-Name: SNL\enzo.belo
Status: Authz Success
Domain: VOICE
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 50
ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-537cb1d6
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A022047000000F6126E9B17
Acct Session ID: 0x000001A7
Handle: 0x710000F7
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
Apparently, everything is OK, but NOT. The User PC never gets IP Address from Access VLAN 50.
If I do SWISNGAC8FL02#sh mac address-table | inc 0022.1910.4130
50 0022.1910.4130 STATIC Gi0/38
802 0022.1910.4130 STATIC Gi0/38
And
SWISNGAC8FL02#sh epm session summary
EPM Session Information
Total sessions seen so far : 17
Total active sessions : 1
Interface IP Address MAC Address VLAN Audit Session Id:
GigabitEthernet0/38 10.2.39.3 0022.1910.4130 802 0A022047000000F6126E9B17
My Switch is a Cisco IOS Software, C3560E Software (C3560E-IPBASEK9-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2)
I am using ISE Version 1.2.1.198 Patch Info 2
Could you help me in this Case ?
Best Regards,
Daniel Stefani

It seems like the PC is operating in the VOICE-domain according to the cmd auth sess int you showed. Do you think that has something to do with your problem? I've experienced some PC's having problem with that.
If you could, try getting the PC to operate in the DATA-domain by not sending the voice-attribute from ISE after the authorization.

ISE Authorization Policy

Hey guys,
I have a question regarding ISE Authorization Policy. In my test lab, I don't have any wired station, and what I have is a wireless lapotp. I have configured to allow only EAP-TLS authentication. Now, my problem is I keep getting "15039 Rejected per authorization profile."
Under the Policy > Authorization, I created a rule where I just want to allow on EAP-TLS either via machine or user identity, and the bottom is the default DenyAccess. When I tried to join the wireless network, I kept getting denied. I checked the ACL counters on the WLC side and it was not increasing.
I changed the default DenyAccess to PermitAccess, and I was able to join the wireless network no problem, and the ACL counters on the WLC side increased.
It seems like I am hitting the default Authorization Policy first which is on the bottom of the authorization policy.
I attached the failed and authenticated logs that I got from ISE.
Has anyone have encoutered this issue?
The version that I have is 1.1.1
Thanks
P.S.
I went back to check my autorization condition, and it is blank (See the 1st screenshot)

Hi,
it is obvious that you are not matching any condition.
rather than keeping the condition blank, fill it with a condition that is always match and try if that helps.
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you"

ISE authorization Policy not working

Hi ,
I have configured the ISE as per the belwo link
https://supportforums.cisco.com/document/110031/central-web-authentication-cwa-guests-ise
but my authorization policy is not working as when user get connected to guest wlan it get authneticated but when it look for authorization
it going to default policy it should hit on above policy created screen shot as below

What version of ISE + patch are you running?. Could you please send an screenshot of AUTH policies including the default --- > USE part?. Are you using customized portal for the first authentication process?
CWA is pretty straightforward. Only issues I faced was multiple VM (ISE Personas) running on one single server was not replicating properly the AUTHZ policies so I added the PSN persona into the PAN Node and everything worked fine immediately. In addition to that, I realized that I needed at least ONE ENTRY into the ISE PAN Internal Endpoints DB so I could hit the AUTH Policy for MAB & user not found condition which sent me to the AUTHZ = User Unknown + Redirect. Once I authenticated the user using the Default Portal that meant I hit the GUEST FLOW policy. If you are using customized portals for the first authentication process, check: web portal mgmt. --- > Guest --- > MultiPortal Configurations --- > Customized Portal -- > Authentication part.

[SOLVED]UEFI boot gives 'failed to install override security policy'

Hi, newb here who has hit a dead end quite early in the process of installing Arch.
When trying to boot Arch into EFI mode, it says
'failed to install override security policy'
Of course I did my research and it seems that only three other people on this planet have had the same problem, and their solutions do not work for me.
http://superuser.com/questions/615142/u … ity-policy
Overwriting EFI/boot/bootx64.efi with loader.efi enables me to see a menu where I can choose from booting Arch, UEFI shell v1 or UEFI shell v2. Still, selecting Arch results in a blank screen with two grey bars at the top and bottom of the screen, so not really not much help.
I'm not a UNIX nor an EFI wizard, so please bear with me. I'm a Windows user with some anecdotal Linux knowledge (I have installed Ubuntu countless times, wanted a bit of a challenge this time) who wanted to make the switch to the Linux ecosystem, but this error prevents me from doing so. I also tried to install rEFInd as suggested here: https://bbs.archlinux.org/viewtopic.php?id=174734
But I seem to be unable to boot into any UEFI shell v2, it's also printing the errors:
ASSERT_EFI_ERROR (Status = Not Found)
ASSERT C:\svn_code...and so on )
My Windows installation is on BIOS/MBR, so I cannot install rEFInd manually using Windows, and I also cannot use the v1 UEFI shell because of the lacking bcfg command. I don't know how to procede from here. My board is an AsRock P67 Extreme4 Rev 09 with a 2.10 EFI. This board doesn't even have Secure Boot if I'm correct, I also searched every possible submenu of the EFI for an option to disable Secure Boot, but haven't found anything.
Last edited by 0x33 (2015-03-11 17:35:56)

I presume you are trying to use gummiboot?
Please post the contents of /boot/loader/loader.conf and also your gummiboot configuration file for your Arch system (if you are not using gummiboot post the config. files for whichever boot loader/manager you are using).
Load the Arch live ISO, mount all your partitions and `arch-chroot` into your system and then post the output of:
lsblk -f
# parted -l
# efibootmgr -v
Last edited by Head_on_a_Stick (2015-03-10 21:05:43)

"error: command failed to execute correctly" on several packages

Last night, when I updated before shutting down, I got a few errors, as in the subject. As it was very late, I thought I'd pick it up today.
Unfortunately, the pacman log only lists one of the ones that failed as libgpg-error. The other one that I remember erroring was gawk. There were a few others, maybe four or five, but I couln't reliably recall them all, so won't guess.
Here's a new attempt to reinstall gawk with --debug. I did the same with libgpg-error and the error occurred at the same place, with very similar output, so I think the issue is the same for all failures.
debug: pacman v4.2.1 - libalpm v9.0.1
debug: parseconfig: options pass
debug: config: attempting to read file /etc/pacman.conf
debug: config: finish section '(null)'
debug: config: new section 'options'
debug: config: HoldPkg: pacman
debug: config: HoldPkg: glibc
debug: config: usedelta (default 0.7)
debug: config: arch: x86_64
debug: config: verbosepkglists
debug: config: chomp
debug: config: SigLevel: Required
debug: config: SigLevel: DatabaseOptional
debug: config: SigLevel: TrustedOnly
debug: config: LocalFileSigLevel: Optional
debug: config: finish section 'options'
debug: config: new section 'core'
debug: config file /etc/pacman.conf, line 78: including /etc/pacman.d/mirrorlist
debug: config: attempting to read file /etc/pacman.d/mirrorlist
debug: config: finished parsing /etc/pacman.d/mirrorlist
debug: config: finish section 'core'
debug: config: new section 'extra'
debug: config file /etc/pacman.conf, line 81: including /etc/pacman.d/mirrorlist
debug: config: attempting to read file /etc/pacman.d/mirrorlist
debug: config: finished parsing /etc/pacman.d/mirrorlist
debug: config: finish section 'extra'
debug: config: new section 'xyne-x86_64'
debug: config: finish section 'xyne-x86_64'
debug: config: new section 'community'
debug: config file /etc/pacman.conf, line 91: including /etc/pacman.d/mirrorlist
debug: config: attempting to read file /etc/pacman.d/mirrorlist
debug: config: finished parsing /etc/pacman.d/mirrorlist
debug: config: finish section 'community'
debug: config: new section 'multilib'
debug: config file /etc/pacman.conf, line 100: including /etc/pacman.d/mirrorlist
debug: config: attempting to read file /etc/pacman.d/mirrorlist
debug: config: finished parsing /etc/pacman.d/mirrorlist
debug: config: finish section 'multilib'
debug: config: new section 'infinality-bundle'
debug: config: finish section 'infinality-bundle'
debug: config: new section 'infinality-bundle-multilib'
debug: config: finish section 'infinality-bundle-multilib'
debug: config: new section 'infinality-bundle-fonts'
debug: config: finish section 'infinality-bundle-fonts'
debug: config: new section '(null)'
debug: config: finished parsing /etc/pacman.conf
debug: setup_libalpm called
debug: option 'logfile' = /var/log/pacman.log
debug: option 'gpgdir' = /etc/pacman.d/gnupg/
debug: option 'cachedir' = /var/cache/pacman/pkg/
debug: parseconfig: repo pass
debug: config: attempting to read file /etc/pacman.conf
debug: config: finish section '(null)'
debug: config: new section 'options'
debug: config: finish section 'options'
debug: config: new section 'core'
debug: config file /etc/pacman.conf, line 78: including /etc/pacman.d/mirrorlist
debug: config: attempting to read file /etc/pacman.d/mirrorlist
debug: config: finished parsing /etc/pacman.d/mirrorlist
debug: config: finish section 'core'
debug: registering sync database 'core'
debug: database path for tree core set to /var/lib/pacman/sync/core.db
debug: "/var/lib/pacman/sync/core.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/core.db.sig could not be opened
debug: missing optional signature
debug: setting usage of 15 for core repoistory
debug: adding new server URL to database 'core': http://arch.tamcore.eu/core/os/x86_64
debug: adding new server URL to database 'core': http://mirror.one.com/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': http://mirror.gnomus.de/core/os/x86_64
debug: adding new server URL to database 'core': http://mirror.js-webcoding.de/pub/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': http://archlinux.polymorf.fr/core/os/x86_64
debug: config: new section 'extra'
debug: config file /etc/pacman.conf, line 81: including /etc/pacman.d/mirrorlist
debug: config: attempting to read file /etc/pacman.d/mirrorlist
debug: config: finished parsing /etc/pacman.d/mirrorlist
debug: config: finish section 'extra'
debug: registering sync database 'extra'
debug: database path for tree extra set to /var/lib/pacman/sync/extra.db
debug: "/var/lib/pacman/sync/extra.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/extra.db.sig could not be opened
debug: missing optional signature
debug: setting usage of 15 for extra repoistory
debug: adding new server URL to database 'extra': http://arch.tamcore.eu/extra/os/x86_64
debug: adding new server URL to database 'extra': http://mirror.one.com/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': http://mirror.gnomus.de/extra/os/x86_64
debug: adding new server URL to database 'extra': http://mirror.js-webcoding.de/pub/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': http://archlinux.polymorf.fr/extra/os/x86_64
debug: config: new section 'xyne-x86_64'
debug: config: SigLevel: Required
debug: config: finish section 'xyne-x86_64'
debug: registering sync database 'xyne-x86_64'
debug: database path for tree xyne-x86_64 set to /var/lib/pacman/sync/xyne-x86_64.db
debug: GPGME version: 1.5.4
debug: GPGME engine info: file=/usr/bin/gpg2, home=/etc/pacman.d/gnupg/
debug: checking signature for /var/lib/pacman/sync/xyne-x86_64.db
debug: 1 signatures returned
debug: fingerprint: EC3CBE7F607D11E663149E811D1F0DC78F173680
debug: summary: valid
debug: summary: green
debug: status: Success
debug: timestamp: 1430676813
debug: exp_timestamp: 0
debug: validity: full; reason: Success
debug: key: EC3CBE7F607D11E663149E811D1F0DC78F173680, Xyne. (key #3) <[email protected]>, owner_trust unknown, disabled 0
debug: signature is valid
debug: signature is fully trusted
debug: setting usage of 15 for xyne-x86_64 repoistory
debug: adding new server URL to database 'xyne-x86_64': http://xyne.archlinux.ca/repos/xyne
debug: config: new section 'community'
debug: config file /etc/pacman.conf, line 91: including /etc/pacman.d/mirrorlist
debug: config: attempting to read file /etc/pacman.d/mirrorlist
debug: config: finished parsing /etc/pacman.d/mirrorlist
debug: config: finish section 'community'
debug: registering sync database 'community'
debug: database path for tree community set to /var/lib/pacman/sync/community.db
debug: "/var/lib/pacman/sync/community.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/community.db.sig could not be opened
debug: missing optional signature
debug: setting usage of 15 for community repoistory
debug: adding new server URL to database 'community': http://arch.tamcore.eu/community/os/x86_64
debug: adding new server URL to database 'community': http://mirror.one.com/archlinux/community/os/x86_64
debug: adding new server URL to database 'community': http://mirror.gnomus.de/community/os/x86_64
debug: adding new server URL to database 'community': http://mirror.js-webcoding.de/pub/archlinux/community/os/x86_64
debug: adding new server URL to database 'community': http://archlinux.polymorf.fr/community/os/x86_64
debug: config: new section 'multilib'
debug: config file /etc/pacman.conf, line 100: including /etc/pacman.d/mirrorlist
debug: config: attempting to read file /etc/pacman.d/mirrorlist
debug: config: finished parsing /etc/pacman.d/mirrorlist
debug: config: finish section 'multilib'
debug: registering sync database 'multilib'
debug: database path for tree multilib set to /var/lib/pacman/sync/multilib.db
debug: "/var/lib/pacman/sync/multilib.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/multilib.db.sig could not be opened
debug: missing optional signature
debug: setting usage of 15 for multilib repoistory
debug: adding new server URL to database 'multilib': http://arch.tamcore.eu/multilib/os/x86_64
debug: adding new server URL to database 'multilib': http://mirror.one.com/archlinux/multilib/os/x86_64
debug: adding new server URL to database 'multilib': http://mirror.gnomus.de/multilib/os/x86_64
debug: adding new server URL to database 'multilib': http://mirror.js-webcoding.de/pub/archlinux/multilib/os/x86_64
debug: adding new server URL to database 'multilib': http://archlinux.polymorf.fr/multilib/os/x86_64
debug: config: new section 'infinality-bundle'
debug: config: finish section 'infinality-bundle'
debug: registering sync database 'infinality-bundle'
debug: database path for tree infinality-bundle set to /var/lib/pacman/sync/infinality-bundle.db
debug: checking signature for /var/lib/pacman/sync/infinality-bundle.db
debug: 1 signatures returned
debug: fingerprint: A9244FB5E93F11F0E975337FAE6866C7962DDE58
debug: summary: valid
debug: summary: green
debug: status: Success
debug: timestamp: 1430276639
debug: exp_timestamp: 0
debug: validity: full; reason: Success
debug: key: A9244FB5E93F11F0E975337FAE6866C7962DDE58, bohoomil (dev key) <[email protected]>, owner_trust unknown, disabled 0
debug: signature is valid
debug: signature is fully trusted
debug: setting usage of 15 for infinality-bundle repoistory
debug: adding new server URL to database 'infinality-bundle': http://bohoomil.com/repo/x86_64
debug: config: new section 'infinality-bundle-multilib'
debug: config: finish section 'infinality-bundle-multilib'
debug: registering sync database 'infinality-bundle-multilib'
debug: database path for tree infinality-bundle-multilib set to /var/lib/pacman/sync/infinality-bundle-multilib.db
debug: checking signature for /var/lib/pacman/sync/infinality-bundle-multilib.db
debug: 1 signatures returned
debug: fingerprint: A9244FB5E93F11F0E975337FAE6866C7962DDE58
debug: summary: valid
debug: summary: green
debug: status: Success
debug: timestamp: 1430087321
debug: exp_timestamp: 0
debug: validity: full; reason: Success
debug: key: A9244FB5E93F11F0E975337FAE6866C7962DDE58, bohoomil (dev key) <[email protected]>, owner_trust unknown, disabled 0
debug: signature is valid
debug: signature is fully trusted
debug: setting usage of 15 for infinality-bundle-multilib repoistory
debug: adding new server URL to database 'infinality-bundle-multilib': http://bohoomil.com/repo/multilib/x86_64
debug: config: new section 'infinality-bundle-fonts'
debug: config: finish section 'infinality-bundle-fonts'
debug: registering sync database 'infinality-bundle-fonts'
debug: database path for tree infinality-bundle-fonts set to /var/lib/pacman/sync/infinality-bundle-fonts.db
debug: checking signature for /var/lib/pacman/sync/infinality-bundle-fonts.db
debug: 1 signatures returned
debug: fingerprint: A9244FB5E93F11F0E975337FAE6866C7962DDE58
debug: summary: valid
debug: summary: green
debug: status: Success
debug: timestamp: 1430276566
debug: exp_timestamp: 0
debug: validity: full; reason: Success
debug: key: A9244FB5E93F11F0E975337FAE6866C7962DDE58, bohoomil (dev key) <[email protected]>, owner_trust unknown, disabled 0
debug: signature is valid
debug: signature is fully trusted
debug: setting usage of 15 for infinality-bundle-fonts repoistory
debug: adding new server URL to database 'infinality-bundle-fonts': http://bohoomil.com/repo/fonts
debug: config: new section '(null)'
debug: config: finished parsing /etc/pacman.conf
debug: loading package cache for repository 'core'
debug: opening archive /var/lib/pacman/sync/core.db
debug: added 208 packages to package cache for db 'core'
debug: adding package 'gawk'
debug: loading package cache for repository 'local'
debug: added 1122 packages to package cache for db 'local'
warning: gawk-4.1.2-1 is up to date -- reinstalling
debug: adding package gawk-4.1.2-1 to the transaction add list
resolving dependencies...
debug: resolving target's dependencies
debug: started resolving dependencies
debug: checkdeps: package gawk-4.1.2-1
debug: finished resolving dependencies
looking for conflicting packages...
debug: looking for conflicts
debug: check targets vs targets
debug: check targets vs targets
debug: check targets vs db and db vs targets
debug: check targets vs db
debug: check db vs targets
debug: checking dependencies
debug: checkdeps: package gawk-4.1.2-1
debug: found cached pkg: /var/cache/pacman/pkg/gawk-4.1.2-1-x86_64.pkg.tar.xz
debug: setting download size 0 for pkg gawk
debug: sorting by dependencies
debug: started sorting dependencies
debug: sorting dependencies finished
Package (1) Old Version New Version Net Change
core/gawk 4.1.2-1 4.1.2-1 0.00 MiB
Total Installed Size: 2.19 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] y
debug: using cachedir: /var/cache/pacman/pkg/
debug: using cachedir: /var/cache/pacman/pkg/
checking keyring...
debug: looking up key 771DF6627EDF681F locally
debug: key lookup success, key exists
checking package integrity...
debug: found cached pkg: /var/cache/pacman/pkg/gawk-4.1.2-1-x86_64.pkg.tar.xz
debug: sig data: iQEcBAABCAAGBQJVQNc+AAoJEHcd9mJ+32gfQZgH/jkRiirmPTb4nE0xgcFGKc8wrxw3k9ooGyMFoeqAthTICB/5dBzNfEQ8b4X74gi8KiYQVYm4WE8kWIidUj5ekJhGwngO6Gk+lwyBq+Uh8rUHDJKw557fImM2bBah2lxNUxqZzxYTA1FByq2lptLB5EPJgAPemyUXACMXITDfqtWMpuHIEPLZi5WW9+cB0eMKz5IeEEfZi4lO2fyfRqxNkRDNSmC5NEDkfhm+XVXBEd4gugSOmYpKzlA67mjw2HP+oOyNheL8st4SjgFr/qVDdbfiBbaTTujC4mF1n73z5qp4K5/xgHqk42ftoo003XFQYVOAg3bDWMvUF5d63D4+HKg=
debug: checking signature for /var/cache/pacman/pkg/gawk-4.1.2-1-x86_64.pkg.tar.xz
debug: 1 signatures returned
debug: fingerprint: 5B7E3FB71B7F10329A1C03AB771DF6627EDF681F
debug: summary: valid
debug: summary: green
debug: status: Success
debug: timestamp: 1430312766
debug: exp_timestamp: 0
debug: validity: full; reason: Success
debug: key: 5B7E3FB71B7F10329A1C03AB771DF6627EDF681F, Tobias Powalowski <[email protected]>, owner_trust unknown, disabled 0
debug: signature is valid
debug: signature is fully trusted
loading package files...
debug: found cached pkg: /var/cache/pacman/pkg/gawk-4.1.2-1-x86_64.pkg.tar.xz
debug: replacing pkgcache entry with package file for target gawk
debug: opening archive /var/cache/pacman/pkg/gawk-4.1.2-1-x86_64.pkg.tar.xz
debug: starting package load for /var/cache/pacman/pkg/gawk-4.1.2-1-x86_64.pkg.tar.xz
debug: found mtree for package /var/cache/pacman/pkg/gawk-4.1.2-1-x86_64.pkg.tar.xz, getting file list
debug: finished mtree reading for /var/cache/pacman/pkg/gawk-4.1.2-1-x86_64.pkg.tar.xz
debug: sorting package filelist for /var/cache/pacman/pkg/gawk-4.1.2-1-x86_64.pkg.tar.xz
checking for file conflicts...
debug: looking for file conflicts
debug: searching for file conflicts: gawk
debug: searching for filesystem conflicts: gawk
checking available disk space...
debug: checking available disk space
debug: discovered mountpoint: /tmp
debug: discovered mountpoint: /sys/kernel/security
debug: discovered mountpoint: /sys/kernel/debug
debug: discovered mountpoint: /sys/kernel/config
debug: discovered mountpoint: /sys/fs/pstore
debug: discovered mountpoint: /sys/fs/cgroup/systemd
debug: discovered mountpoint: /sys/fs/cgroup/net_cls
debug: discovered mountpoint: /sys/fs/cgroup/memory
debug: discovered mountpoint: /sys/fs/cgroup/freezer
debug: discovered mountpoint: /sys/fs/cgroup/devices
debug: discovered mountpoint: /sys/fs/cgroup/cpuset
debug: discovered mountpoint: /sys/fs/cgroup/cpu,cpuacct
debug: discovered mountpoint: /sys/fs/cgroup/blkio
debug: discovered mountpoint: /sys/fs/cgroup
debug: discovered mountpoint: /sys
debug: discovered mountpoint: /run/user/1000
debug: discovered mountpoint: /run
debug: discovered mountpoint: /proc/sys/fs/binfmt_misc
debug: discovered mountpoint: /proc
debug: discovered mountpoint: /home/skanky/personal
debug: discovered mountpoint: /home
debug: discovered mountpoint: /dev/shm
debug: discovered mountpoint: /dev/pts
debug: discovered mountpoint: /dev/mqueue
debug: discovered mountpoint: /dev/hugepages
debug: discovered mountpoint: /dev
debug: discovered mountpoint: /
debug: loading fsinfo for /
debug: partition /, needed 0, cushion 5121, free 1174711
debug: installing packages
reinstalling gawk...
debug: reinstalling package gawk-4.1.2-1
debug: opening archive /var/cache/pacman/pkg/gawk-4.1.2-1-x86_64.pkg.tar.xz
debug: extracting: .INSTALL
debug: removing old package first (gawk-4.1.2-1)
debug: removing 110 files
debug: unlinking /usr/share/man/man3/time.3am.gz
debug: unlinking /usr/share/man/man3/rwarray.3am.gz
debug: unlinking /usr/share/man/man3/revtwoway.3am.gz
debug: unlinking /usr/share/man/man3/revoutput.3am.gz
debug: unlinking /usr/share/man/man3/readfile.3am.gz
debug: unlinking /usr/share/man/man3/readdir.3am.gz
debug: unlinking /usr/share/man/man3/ordchr.3am.gz
debug: unlinking /usr/share/man/man3/inplace.3am.gz
debug: unlinking /usr/share/man/man3/fork.3am.gz
debug: unlinking /usr/share/man/man3/fnmatch.3am.gz
debug: unlinking /usr/share/man/man3/filefuncs.3am.gz
debug: keeping directory /usr/share/man/man3/ (contains files)
debug: unlinking /usr/share/man/man1/igawk.1.gz
debug: unlinking /usr/share/man/man1/gawk.1.gz
debug: keeping directory /usr/share/man/man1/ (contains files)
debug: keeping directory /usr/share/man/ (contains files)
debug: unlinking /usr/share/locale/vi/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/vi/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/vi/ (contains files)
debug: unlinking /usr/share/locale/sv/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/sv/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/sv/ (contains files)
debug: unlinking /usr/share/locale/pl/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/pl/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/pl/ (contains files)
debug: unlinking /usr/share/locale/nl/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/nl/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/nl/ (contains files)
debug: unlinking /usr/share/locale/ms/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/ms/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/ms/ (contains files)
debug: unlinking /usr/share/locale/ja/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/ja/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/ja/ (contains files)
debug: unlinking /usr/share/locale/it/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/it/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/it/ (contains files)
debug: unlinking /usr/share/locale/fr/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/fr/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/fr/ (contains files)
debug: unlinking /usr/share/locale/fi/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/fi/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/fi/ (contains files)
debug: unlinking /usr/share/locale/es/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/es/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/es/ (contains files)
debug: unlinking /usr/share/locale/de/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/de/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/de/ (contains files)
debug: unlinking /usr/share/locale/da/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/da/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/da/ (contains files)
debug: unlinking /usr/share/locale/ca/LC_MESSAGES/gawk.mo
debug: keeping directory /usr/share/locale/ca/LC_MESSAGES/ (contains files)
debug: keeping directory /usr/share/locale/ca/ (contains files)
debug: keeping directory /usr/share/locale/ (contains files)
debug: unlinking /usr/share/info/gawkinet.info.gz
debug: unlinking /usr/share/info/gawk.info.gz
debug: keeping directory /usr/share/info/ (contains files)
debug: unlinking /usr/share/awk/zerofile.awk
debug: unlinking /usr/share/awk/walkarray.awk
debug: unlinking /usr/share/awk/strtonum.awk
debug: unlinking /usr/share/awk/shellquote.awk
debug: unlinking /usr/share/awk/round.awk
debug: unlinking /usr/share/awk/rewind.awk
debug: unlinking /usr/share/awk/readfile.awk
debug: unlinking /usr/share/awk/readable.awk
debug: unlinking /usr/share/awk/quicksort.awk
debug: unlinking /usr/share/awk/processarray.awk
debug: unlinking /usr/share/awk/passwd.awk
debug: unlinking /usr/share/awk/ord.awk
debug: unlinking /usr/share/awk/noassign.awk
debug: unlinking /usr/share/awk/libintl.awk
debug: unlinking /usr/share/awk/join.awk
debug: unlinking /usr/share/awk/inplace.awk
debug: unlinking /usr/share/awk/group.awk
debug: unlinking /usr/share/awk/gettime.awk
debug: unlinking /usr/share/awk/getopt.awk
debug: unlinking /usr/share/awk/ftrans.awk
debug: unlinking /usr/share/awk/ctime.awk
debug: unlinking /usr/share/awk/cliff_rand.awk
debug: unlinking /usr/share/awk/bits2str.awk
debug: unlinking /usr/share/awk/assert.awk
debug: keeping directory /usr/share/awk/ (in new package)
debug: keeping directory /usr/share/ (contains files)
debug: unlinking /usr/lib/gawk/time.so
debug: unlinking /usr/lib/gawk/testext.so
debug: unlinking /usr/lib/gawk/rwarray.so
debug: unlinking /usr/lib/gawk/revtwoway.so
debug: unlinking /usr/lib/gawk/revoutput.so
debug: unlinking /usr/lib/gawk/readfile.so
debug: unlinking /usr/lib/gawk/readdir.so
debug: unlinking /usr/lib/gawk/ordchr.so
debug: unlinking /usr/lib/gawk/inplace.so
debug: unlinking /usr/lib/gawk/fork.so
debug: unlinking /usr/lib/gawk/fnmatch.so
debug: unlinking /usr/lib/gawk/filefuncs.so
debug: keeping directory /usr/lib/gawk/ (in new package)
debug: unlinking /usr/lib/awk/pwcat
debug: unlinking /usr/lib/awk/grcat
debug: keeping directory /usr/lib/awk/ (in new package)
debug: keeping directory /usr/lib/ (contains files)
debug: unlinking /usr/include/gawkapi.h
debug: keeping directory /usr/include/ (contains files)
debug: unlinking /usr/bin/igawk
debug: unlinking /usr/bin/gawk-4.1.2
debug: unlinking /usr/bin/gawk
debug: unlinking /usr/bin/awk
debug: keeping directory /usr/bin/ (contains files)
debug: keeping directory /usr/ (contains files)
debug: removing database entry 'gawk'
debug: removing entry 'gawk' from 'local' cache
debug: extracting files
debug: opening archive /var/cache/pacman/pkg/gawk-4.1.2-1-x86_64.pkg.tar.xz
debug: skipping extraction of '.PKGINFO'
debug: extracting /var/lib/pacman/local/gawk-4.1.2-1/install
debug: extracting /var/lib/pacman/local/gawk-4.1.2-1/mtree
debug: extract: skipping dir extraction of /usr/
debug: extract: skipping dir extraction of /usr/lib/
debug: extract: skipping dir extraction of /usr/share/
debug: extract: skipping dir extraction of /usr/include/
debug: extract: skipping dir extraction of /usr/bin/
debug: extracting /usr/bin/igawk
debug: extracting /usr/bin/awk
debug: extracting /usr/bin/gawk-4.1.2
debug: extracting /usr/bin/gawk
debug: extracting /usr/include/gawkapi.h
debug: extract: skipping dir extraction of /usr/share/locale/
debug: extract: skipping dir extraction of /usr/share/awk/
debug: extract: skipping dir extraction of /usr/share/info/
debug: extract: skipping dir extraction of /usr/share/man/
debug: extract: skipping dir extraction of /usr/share/man/man3/
debug: extract: skipping dir extraction of /usr/share/man/man1/
debug: extracting /usr/share/man/man1/gawk.1.gz
debug: extracting /usr/share/man/man1/igawk.1.gz
debug: extracting /usr/share/man/man3/filefuncs.3am.gz
debug: extracting /usr/share/man/man3/fnmatch.3am.gz
debug: extracting /usr/share/man/man3/fork.3am.gz
debug: extracting /usr/share/man/man3/inplace.3am.gz
debug: extracting /usr/share/man/man3/ordchr.3am.gz
debug: extracting /usr/share/man/man3/readdir.3am.gz
debug: extracting /usr/share/man/man3/readfile.3am.gz
debug: extracting /usr/share/man/man3/revoutput.3am.gz
debug: extracting /usr/share/man/man3/revtwoway.3am.gz
debug: extracting /usr/share/man/man3/rwarray.3am.gz
debug: extracting /usr/share/man/man3/time.3am.gz
debug: extracting /usr/share/info/gawk.info.gz
debug: extracting /usr/share/info/gawkinet.info.gz
debug: extracting /usr/share/awk/zerofile.awk
debug: extracting /usr/share/awk/walkarray.awk
debug: extracting /usr/share/awk/strtonum.awk
debug: extracting /usr/share/awk/shellquote.awk
debug: extracting /usr/share/awk/round.awk
debug: extracting /usr/share/awk/rewind.awk
debug: extracting /usr/share/awk/readfile.awk
debug: extracting /usr/share/awk/readable.awk
debug: extracting /usr/share/awk/quicksort.awk
debug: extracting /usr/share/awk/processarray.awk
debug: extracting /usr/share/awk/ord.awk
debug: extracting /usr/share/awk/noassign.awk
debug: extracting /usr/share/awk/libintl.awk
debug: extracting /usr/share/awk/join.awk
debug: extracting /usr/share/awk/inplace.awk
debug: extracting /usr/share/awk/gettime.awk
debug: extracting /usr/share/awk/getopt.awk
debug: extracting /usr/share/awk/ftrans.awk
debug: extracting /usr/share/awk/ctime.awk
debug: extracting /usr/share/awk/cliff_rand.awk
debug: extracting /usr/share/awk/bits2str.awk
debug: extracting /usr/share/awk/assert.awk
debug: extracting /usr/share/awk/group.awk
debug: extracting /usr/share/awk/passwd.awk
debug: extract: skipping dir extraction of /usr/share/locale/vi/
debug: extract: skipping dir extraction of /usr/share/locale/sv/
debug: extract: skipping dir extraction of /usr/share/locale/pl/
debug: extract: skipping dir extraction of /usr/share/locale/nl/
debug: extract: skipping dir extraction of /usr/share/locale/ms/
debug: extract: skipping dir extraction of /usr/share/locale/ja/
debug: extract: skipping dir extraction of /usr/share/locale/it/
debug: extract: skipping dir extraction of /usr/share/locale/fr/
debug: extract: skipping dir extraction of /usr/share/locale/fi/
debug: extract: skipping dir extraction of /usr/share/locale/es/
debug: extract: skipping dir extraction of /usr/share/locale/de/
debug: extract: skipping dir extraction of /usr/share/locale/da/
debug: extract: skipping dir extraction of /usr/share/locale/ca/
debug: extract: skipping dir extraction of /usr/share/locale/ca/LC_MESSAGES/
debug: extracting /usr/share/locale/ca/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/da/LC_MESSAGES/
debug: extracting /usr/share/locale/da/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/de/LC_MESSAGES/
debug: extracting /usr/share/locale/de/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/es/LC_MESSAGES/
debug: extracting /usr/share/locale/es/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/fi/LC_MESSAGES/
debug: extracting /usr/share/locale/fi/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/fr/LC_MESSAGES/
debug: extracting /usr/share/locale/fr/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/it/LC_MESSAGES/
debug: extracting /usr/share/locale/it/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/ja/LC_MESSAGES/
debug: extracting /usr/share/locale/ja/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/ms/LC_MESSAGES/
debug: extracting /usr/share/locale/ms/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/nl/LC_MESSAGES/
debug: extracting /usr/share/locale/nl/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/pl/LC_MESSAGES/
debug: extracting /usr/share/locale/pl/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/sv/LC_MESSAGES/
debug: extracting /usr/share/locale/sv/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/share/locale/vi/LC_MESSAGES/
debug: extracting /usr/share/locale/vi/LC_MESSAGES/gawk.mo
debug: extract: skipping dir extraction of /usr/lib/gawk/
debug: extract: skipping dir extraction of /usr/lib/awk/
debug: extracting /usr/lib/awk/pwcat
debug: extracting /usr/lib/awk/grcat
debug: extracting /usr/lib/gawk/filefuncs.so
debug: extracting /usr/lib/gawk/fnmatch.so
debug: extracting /usr/lib/gawk/fork.so
debug: extracting /usr/lib/gawk/inplace.so
debug: extracting /usr/lib/gawk/ordchr.so
debug: extracting /usr/lib/gawk/readdir.so
debug: extracting /usr/lib/gawk/readfile.so
debug: extracting /usr/lib/gawk/revoutput.so
debug: extracting /usr/lib/gawk/revtwoway.so
debug: extracting /usr/lib/gawk/rwarray.so
debug: extracting /usr/lib/gawk/testext.so
debug: extracting /usr/lib/gawk/time.so
debug: updating database
debug: adding database entry 'gawk'
debug: writing gawk-4.1.2-1 DESC information back to db
debug: writing gawk-4.1.2-1 FILES information back to db
debug: adding entry 'gawk' in 'local' cache
debug: executing ". /tmp/alpm_r21DA5/.INSTALL; post_upgrade 4.1.2-1 4.1.2-1"
debug: executing "/usr/bin/bash" under chroot "/"
debug: call to waitpid succeeded
error: command failed to execute correctly
debug: running ldconfig
debug: executing "/usr/bin/ldconfig" under chroot "/"
debug: call to waitpid succeeded
debug: unregistering database 'local'
debug: freeing package cache for repository 'local'
debug: unregistering database 'core'
debug: freeing package cache for repository 'core'
debug: unregistering database 'extra'
debug: unregistering database 'xyne-x86_64'
debug: unregistering database 'community'
debug: unregistering database 'multilib'
debug: unregistering database 'infinality-bundle'
debug: unregistering database 'infinality-bundle-multilib'
debug: unregistering database 'infinality-bundle-fonts'
pacman thinks the upgrade/reinstall was successful in that the latest version is installed.
I did a search on the forums and the only other issue that I thought was connected might be microcode not up to date, but I had followed the update instructions some time back and as far as I can tell, the microcode is up to date.
I have two main questions:
1) How do I work out what's causing the error, from above?
2) Is there a way I can work out which packages gave the error, so I can make sure they're installed properly?
Thanks.

The following packages also had problems
( 2/17) upgrading glibc
error: command failed to execute correctly
( 3/17) upgrading binutils
error: command failed to execute correctly
( 4/17) upgrading coreutils
error: command failed to execute correctly
( 8/17) upgrading gcc
error: command failed to execute correctly
( 9/17) upgrading gcc-fortran
error: command failed to execute correctly
(10/17) upgrading gcc-libs
error: command failed to execute correctly
Does anybody have a clue?
Thanks,

MAB user failed to land correct Authorization policy after posture success

Similar Messages

Maybe you are looking for