NAC appliance local authentication not working

Hi,
i am trying a test scenario for NAC. it is oob virtual gateway
I get the login page when i try to access the web but when i try to authenticate to the local db i don;t receive an error message and i remain on the authentication screen.
I listened with tcpdump on both interfaces. on the untrusted side i see traffic but on the trusted side no diffrence in traffic appears(but maybe this is normal)
can someone please help with the detailed steps the authentication follows
not just host->nas->nam(localdb)
or some ideas
Thank you!

I doubt this will help, but here goes. I seem to remember a similar issue here, and I went into my browser's proxy settings and turned them off. Then I could authenticate, but not browse the web. So after authenticating I turned them back on and it was fine. There is a tab on the NAC Device Management > Clean Access Servers > >Advanced> Proxy where you can tell clean access about a proxy server, but I don't know if that's relevant.
I assume you have verified that your local user ID works by testing the auth server with it and that it has a profile that allows you to go someplace.

Similar Messages

  • [svn] 1720: Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints .

    Revision: 1720
    Author: [email protected]
    Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
    Log Message:
    Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
    QA: Yes
    Doc: No
    Details:
    Update to the TomcatLoginCommand to work correctly with NIO endpoints.
    Ticket Links:
    http://bugs.adobe.com/jira/browse/LCDS-304
    Modified Paths:
    blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. java

    Revision: 1720
    Author: [email protected]
    Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
    Log Message:
    Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
    QA: Yes
    Doc: No
    Details:
    Update to the TomcatLoginCommand to work correctly with NIO endpoints.
    Ticket Links:
    http://bugs.adobe.com/jira/browse/LCDS-304
    Modified Paths:
    blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. java

  • Oracle 10gr2 locally is not working after  installing Oracle 11g

    hi ,
    Does anyone has any idea after installing oracle 11g in system, Oracle 10g locally is not working. I am getting below error.
    Forms session <2> failed during startup: no response from runtime process

    Generally this is because the software you install last updates the system environment variables with its information, thereby break products that use files with similar names. Specifically, look at PATH and ORACLE_HOME. Likely you will see that entries for your 11g installation will be displayed first. In order to use v10, you would need to change this or use script files to start executibles. For Forms runtime, be sure to properly set default.env to point to the desired PATH

  • Ldap authentication not working for Solaris 8 host - Help!

    Greetings folks,
    I just recently migrated a host to use LDAP authentication. The only difference between this host and the rest of the hosts in the environment that I've converted to use LDAP is that this one is running Solaris 8.
    Here's the steps I took to migrate it (though, I used the same steps for another Sol8 host in another environment and it works fine):
    ldapclient -P stg -d mydomain.com -D cn=proxyagent,ou=profile,dc=mydomain,dc=com -w secret 192.168.1.69
    My /etc/nsswitch.conf looks like this:
    passwd: files ldap
    group: files ldap
    My /etc/pam.conf looks like this:
    login auth requisite pam_authtok_get.so.1
    login auth required pam_dhkeys.so.1
    login auth sufficient pam_unix_auth.so.1
    login auth required pam_ldap.so.1
    sshd auth requisite pam_authtok_get.so.1
    sshd auth sufficient pam_unix_auth.so.1
    sshd auth required pam_ldap.so.1
    other auth requisite pam_authtok_get.so.1
    other auth required pam_dhkeys.so.1
    other auth sufficient pam_unix_auth.so.1
    other auth required pam_ldap.so.1
    passwd auth sufficient pam_passwd_auth.so.1
    passwd auth required pam_ldap.so.1
    I've also cleared out the local user accounts for my human users, so there aren't any more passwd or shadow entries (yes, I ran pwconv). I also cleaned out the /etc/group entries for the same users. The machine appears to be configured properly, because I can run various DS commands that indicate this:
    hostname# getent passwd user1
    user1::1001:1001:User 1:/opt/home/user1:/bin/bash
    hostname# ldaplist -l passwd user1
    dn: uid=user1,ou=people,dc=mydomain,dc=com
    shadowFlag: 0
    userPassword: {crypt}(removed)
    uid: user1
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: account
    objectClass: top
    cn: user1
    uidNumber: 1001
    gidNumber: 1001
    gecos: User 1
    homeDirectory: /opt/home/user1
    loginShell: /bin/bash
    However, in the end, actual logins to this host fail via ssh. Snooping the traffic reveals that all the right info is being handed back to the client, including the crypt'ed password hash, uid, etc. just like I see with other hosts that work.
    Any ideas?
    Thanks!
    Patrick

    I assume you have applied lastest kernel patch and 108993 to this Solaris8 machine, and its nss_ldap.so.1 and pam_ldap.so.1 are the same as the other Solaris8 LDAP clients that are working for ssh via LDAP auth.
    1) Please replace "objectClass: account" with "objectClass: person", I know SUN ONE DS5.2 likes "person".
    2) Did you test and verify telnet/ftp/su working? but SSH not working?
    3) If telnet/ftp/su all worked, and SSH (SUN-SSH or OpenSSH), make sure you have "UsePAM yes" in sshd_config and restart sshd.
    4) It is not a must I think but normally I will add "shadow: files ldap" to /etc/nsswitch.conf, restart nscd after that.
    5) Whenever ldapclient command is run and ldap_cachemgr is restarted, I usually also restart nscd and sshd after that, if not testing result may not be accurate as nscd is still remembering OLD stuffs cached which could be very misleading.
    6) You may use "ssh -v userid@localhost" to watch the SSH communications, on top of your usual "snoop"ing of network packets.
    7) Use the sample pam.conf that is meant for pam_ldap from Solaris 10 system admin guide with all the pam_unix_cred.so.1 lines commented out. This works for me, there is no sshd defintions as it will follow "other".
    http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view
    Gary

  • Sg300 - 802.1x NPS - mac authentication not working

    I configured 802.1x on a sg300 switch. It is working very well with some Windows 7 machines and a Windows Server 2008 NPS server.
    Now I tried to get the MAC authentication running, on a 3850X it is working without problems, but every access request sent from the SG300 is declined.
    My current port configuration on the SG300:
    interface fastethernet1
     dot1x guest-vlan enable
     dot1x max-req 1
     dot1x reauthentication
     dot1x timeout quiet-period 10
     dot1x authentication 802.1x mac
     dot1x radius-attributes vlan static
     dot1x port-control auto
     switchport mode access
    On the Windows NPS server there is following error to see:
    Authentication Details:
        Connection Request Policy Name:    Secure Wire
        Network Policy Name:        -
        Authentication Provider:        Windows
        Authentication Server:        myradius.local
        Authentication Type:        -
        EAP Type:            -
        Account Session Identifier:        30353030399999
        Reason Code:            1
        Reason:                An internal error occurred. Check the system event log for additional information.
    There is compared to the message from the 3850 the authentication type missing (PAP) and a not very helpful error message displayed...

    Still not working.
    I tried different settings and (also older) software versions on the SF302-08P.
    Also started to change the settings on the NPS (though it is working with the 3850X!), without success.
    The NPS reports following error:
    Schannel:
    The following fatal alert was received: 40.
    EventID 36887
    If I search for this error, every source is pointing to certificate errors, but there should not be any certificate involved?!
    ... is this a bug on the SF302-08P?

  • NAC OOB logoff feature not working

    Hi all,
    I've deployed NAC in L2 OOB VG mode with ADSSO and I'm trying to use the OOB logoff feature but it's not working. The VLAN change detect feature doesn't work either (I think the two problems might be related).
    It will work if each user role is assigned a different auth/access VLAN pair but in my setup, everyone has a common auth vlan and separate role-based access vlans. Because of this, I have to use the IP refresh feature as well (this works fine).
    I'm running Windows Vista and version 4.8.0 of the NAC software with version 4.8.1.5 of the agent
    I checked the release notes and found that caveat CSCth60233 identifies this bug with the VLAN change detect with the workaround being to refresh the IP address automatically after being logged out. Does anyone know of a workaround for this problem to do this automatically? Is a solution for this problem in the works?
    Also would anyone be able to help me with my OOB logoff feature not working? I've configured everything according to the documentation.
    I appreciate your responses
    ~Xavier

    Here are my configs if necessary. Tell me if anything else is needed.
    User Management > User Roles
    List of Roles
    Edit Role
    Traffic Control
    Bandwidth
    Schedule
    Disable this role
    Role Name
    Role Description
    Role Type
    Normal Login Role Quarantine Role
    *Max Sessions per User Account             ( Case-Insensitive Session Identifiers             )
    (1 – 255; 0 for unlimited)  
    Retag Trusted-side Egress Traffic with VLAN (In-Band)
    (0 – 4095, or leave it  blank)(*This option has been deprecated, and it will be removed in  upcoming  releases)
    *Out-of-Band User Role VLAN
    VLAN ID VLAN Name                 (if left blank, it will default to the default access vlan             settings in the Port Profile)
    *Bounce Switch Port After Login (OOB)
    Enable               Disable               (This option is effective only when port profile is set to use it)
    *Refresh IP After Login (OOB)
    Enable               Disable               (This option only applies to L2 OOB Virtual Gateway with Role VLAN             as Access VLAN and switch port is NOT bounced after VLAN change)
    *After Successful Login Redirect to
    previously requested URL
    this URL:
    (e.g. http://www.cisco.com/)
    Redirect Blocked Requests to
    default access blocked page
    this URL or HTML message:
    *Show Logged-on Users
    User info
    Logout button
    Enable Passive Re-assessment                          (To enable Passive Re-assessment for OOB Agent             connections, you must also enable the OOB Logoff option at             Device Management > Clean Access > General Setup > Agent Login.)
    Re-assessment Interval
    (Minimum of 60 minutes and maximum of 1440 minutes [24 hours])
    Grace Timer
    (Minimum of 5 minutes and maximum of 30 minutes)
    Default action on failure
    Continue Allow user to remediate Logoff user immediately
    (*only applies to normal login role)
    Device Management > Clean Access
    Certified Devices
    General Setup
    Network Scanner
    Clean Access Agent
    Updates
                Web Login   ·  Agent Login 
    User Role
    Unauthenticated Role(not common) role_engineer role_developer role_admin role_sales role_guest
    Operating System 
    ALL WINDOWS_ALL WINDOWS_XP WINDOWS_VISTA_ALL WINDOWS_7_ALL MAC_ALL MAC_OSX LINUX FREEBSD SOLARIS_ALL SOLARIS_86 SOLARIS_SPARC UNIX VMS OS2 PALM
    (By default, 'ALL' settings apply to all client operating systems if no OS-specific settings are specified.)
    Enable OOB logoff for Windows NAC Agent and Mac OS X Agent        (This global option applies to all OOB CASs and user roles and  enables Agent logout and heartbeat timers for OOB Agent connections. You  must also enable this option for Passive Re-assessment to function with  OOB Agent connections.)
    Require use of Agent
    (for Windows & Macintosh OSX only)
    Agent Download Page Message (or URL):
               Network  Security Notice: This network is protected by a Cisco NAC  Appliance Agent, a component of the Cisco NAC Appliance Suite. The Agent  ensures that your computer meets the requirements for accessing this  network, and helps you keep your computer secure and up-to-date. 
    Please use the Agent to log in to the network.
    If you  don't have the Agent software yet, download it by clicking the button  below. After downloading the installation file, run it to complete the  installation.
    If you have already downloaded and installed the  Agent, please close this window and right-click the Agent icon in the  system tray and choose Login from the menu. Enter your usual network  user name and password in the login window.
    Require use of Cisco NAC Web Agent (for Windows only)
              Cisco NAC Web Agent Launch Page Message (or URL):
    Network  Security Notice: This network is protected by the Cisco NAC  Web Agent, a component of the Cisco NAC Appliance Suite. The Cisco NAC  Web Agent ensures that your computer meets the requirements for  accessing this network, and helps you keep your computer secure and  up-to-date.
    Please launch Cisco NAC Web Agent by clicking the  button below.
    Allow restricted network access in case user cannot use   NAC Agent or Cisco NAC Web Agent
              Restricted Access User Role: 
    role_engineer role_developer role_admin role_sales role_guest
              Restricted Access Button Text: 
    Restricted Network Access Message:
               Restricted  Network Access: If you cannot use a Cisco NAC Appliance  Agent, you can obtain restricted network access temporarily by clicking  the button below.
    Show Network Policy to NAC Agent and Cisco NAC Web Agent users (for Windows only)
              Network Policy Link:  
    Logoff NAC Agent users from network on their machine logoff or shutdown after   
        secs (for Windows & In-Band setup, for OOB setup when OOB Logoff is enabled)
         (Setting the time to zero secs will logout user immediately. Valid range: 0 - 300 secs.)
    Refresh Windows domain group policy after login
    (for Windows only)
    Automatically close login success screen after    
        secs
         (Setting the time to zero secs will not display the login success screen. Valid range: 0 - 300 secs.)
    Automatically close logout success screen after    
        secs
    (for Windows only)
         (Setting the time to zero secs will not display the logout success screen. Valid range: 0 - 300 secs.)

  • Local printers not working with 2504 WLC

                       I have a 2504  WLC with 3 1262 WAPs in lightweight mode.
         Clients connect using WPA2 PSK AES with no problem.  Clients are Windows XP Home SP3.  Test pages end up in print queue and eventually get a error printing status.  Clients are not part of a domain and in a standalone workgroup - techstream.
    Printer can be pinged from wireless client.
    Another 1262N WAP in standalone mode connected to same lan from windows 7 sp1 clients have no problem printing to a local printer.
    What does work on the Windows XP Home client is connecting to a network shared printer authenticating with domain admin id and password and it works.  Reboot and the network shared printer can not connect multiple reasons are "access is denied" and message box says "only security tab will be displayed....."   Another Windows XP Home SP3 client on reboot can't open the network shared printer with message "Can't find printer"
    The local printers do work on these pc's with an old colubris router that has an outside interface on our lan and internal network with clients getting dhcp address from colubris router of 192.168.3.XXX  . 
    What is wrong with the wireless 2504 WLC?
    Thanks
    Broadcast forwarding was enabled.

    Although a cisco tech support was helpful in making sure multicasting was enabled and a multicast server defined, the problem was at the CP2025DN printer. It had old network ip mask and gateway configured on the printer.
    The new devices were part of the new network configuration (Mask and gateway had changed). I didn’t change that printer when I changed all the other printers at the facility because it was still active thru the old wireless network. I forgot to change the printer ip config when I brought the new wap on the new wireless network with the wlc 2504.
    End result was the clients were part of a different subnet and gateway configuration then the printer and this disrupted the communication between clients and the printer. Once I corrected the mask and gateway on the printer to be the same as the dhcp scope of the wireless network, communication and printing worked.
    Problem solved.  User error

  • Wireless with PEAP Authentication not working using new NPS server

    All,
    We are planning to migrate from our old IAS server to new NPS server. We are testing the new NPS server with our wireless infrastructure using WISM. We are using PEAP with server Cert for authentication. For testing purpose we are doing user authentication but our goal is to do machine authentication. On client side we are using Windows XP, Windows 7 & iPAD’s
    I believe I have configured the NPS & CA server as per the documents I found on Cisco support forum & Microsoft’s site.
    But it is not working for me. I am getting the following error message on the NPS server.
    Error # 1
    =======
    Cryptographic operation.
    Subject:
                Security ID:                 SYSTEM
                Account Name:                       MADXXX
                Account Domain:                    AD
                Logon ID:                    0x3e7
    Cryptographic Parameters:
                Provider Name:          Microsoft Software Key Storage Provider
                Algorithm Name:         RSA
                Key Name:      XXX-Wireless-NPS
                Key Type:       Machine key.
    Cryptographic Operation:
                Operation:       Decrypt.
                Return Code:  0x80090010
    Error # 2
    ======
    An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
    I was wondering if anyone has any insight on what is going on.
    Thanks, Ds

    Scott,
    I have disabled MS-CHAP v1 & only MS-CHAP v2 is enabled on Network Policies > Constraints.
    I  disabled validate Certificate on Windows 7 and tried to authenticate, it is still failing. Here is the output from the event viewer:
    Cryptographic operation.
    Subject:
    Security ID: SYSTEM
    Account Name: MADHFSVNPSPI01$
    Account Domain: AD
    Logon ID: 0x3e7
    Cryptographic Parameters:
    Provider Name: Microsoft Software Key Storage Provider
    Algorithm Name: RSA
    Key Name: DOT-Wireless-NPS
    Key Type: Machine key.
    Cryptographic Operation:
    Operation: Decrypt.
    Return Code: 0x80090010
    Network Policy Server denied access to a user.
    Contact the Network Policy Server administrator for more information.
    User:
    Security ID: AD\mscdzs
    Account Name: AD\mscdzs
    Account Domain: AD
    Fully Qualified Account Name: AD\mscdzs
    Client Machine:
    Security ID: NULL SID
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: 64-ae-0c-00-de-f0:DOT
    Calling Station Identifier: a0-88-b4-e2-79-cc
    NAS:
    NAS IPv4 Address: 130.47.128.7
    NAS IPv6 Address: -
    NAS Identifier: WISM2B
    NAS Port-Type: Wireless - IEEE 802.11
    NAS Port: 29
    RADIUS Client:
    Client Friendly Name: WISM2B
    Client IP Address: 130.47.128.7
    Authentication Details:
    Connection Request Policy Name: Secure Wireless Connections
    Network Policy Name: Secure Wireless Connections
    Authentication Provider: Windows
    Authentication Server: MADHFSVNPSPI01.AD.DOT.STATE.WI.US
    Authentication Type: PEAP
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 23
    Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
    Attached are EAP logs & debug logs from the controller.
    Thanks for all the help. I really appreciate.

  • Local Printer not working via Remote Link

    I have a problem with my remote desktop printing to my local printer.  I connect via RD on Windows 7 Home to Windows 7 Pro.  I have installed an HP Laserjet Pro CM1415fn printer.  All prints fine locally.  Also everything printed fine
    but have had to have a recent update to my Remote PC that I log into.  So the printer had to be reinstalled.
    All worked ok for about 6 print jobs then stopped working.  Nothing has changed.  I have changed the settings on the printer as it seemed to be when the printer went into 'Sleep' mode.  I have tried restarting the Printer Spooler in Services
    and rebooting the remote PC but no joy.
    Any ideas please.

    Hi,
    You mean after the reinstallation, the local printer worked for a while and then stopped working with nothing changed?
    Take a try with the printer troubleshooter:
    Open the Printer troubleshooter
    Also see if the below thread could help:
    Local Printing with
    Remote Desktop not working: Windows 7 Pro 32-bit & MS Server 2003
    Best regards
    Michael Shao
    TechNet Community Support

  • Absolute links on hml page in local directory not working

    All the absolute links on my html pages (which are on my hardrive) are being treated as local links and are therefore not working - i.e. Firefox is adding the local file path before the url. For example, the original link is: http://www.insidehousing.co.uk/legal/criminal-conviction-for-illegally-subletting-tenant/6518844.article
    But Firefox is adding the directory path so the url string becomes: /www.insidehousing.co.uk/legal/criminal-conviction-for-illegally-subletting-tenant/6518844.article%E2%80%9D
    It is also being appended with: %E2%80%9D (which, when tested from a Word page, leads to site but generates page not found error).
    For testing purposes, is there any way I can reconfigure Firefox to parse my links as absolute?
    Many thanks

    Thanks, both. I have carried out cor-el's suggestion of replacing the smart quotes with dumb quotes, then tried viewing link on file again using different encoading, including UTF-16 - same result as before.
    Below I've set the HTML of the whole page, as per yalam96's request (it includes cor-el's suggested fix to the "prosecute" link):
    <pre><nowiki><h3>Who do you need to inform (in the UK)?</h3>
    <p>If you have a mortgage, you will need to inform your provider (with most lenders this shouldn't be an issue – you do not need “consent to let” as you would if you were letting out the whole property) but you do still need to inform them; why? This is partly for the protection of your lodger, if you should default on the mortgage or die, but mostly for your own protection – if the property was destroyed or badly damaged because of the negligence of your lodger.</p>
    <p>If own your property and it's leasehold, check the lease – you may need permission from the freeholder.</p>
    <p>If you rent your property, you will need to firstly check with your landlord (this applies whether you rent privately or from a public landlord – Local Authority or Housing Association), and get their permission in writing, just as you would with a mortgage provider. Incidently, in the UK, a public landlord is only likely to object to the let if moving a lodger in would mean your home becomes over crowded (e.g. you have a two bed flat and your children would have to share your bedroom). They will also object – they might even <a href=&#x201d;http://www.insidehousing.co.uk/legal/criminal-conviction-for-illegally-subletting-tenant/6518844.article&#x22;>prosecute</a> - if you move out and let the whole property to the “lodger” (who wouldn't be a lodger in that case, but a full tenant, with full tenant's rights).</p>
    <p>You may also need to cancel any existing residential home insurance and take out <a href=”http://www.landlordinsurance.biz/landlord-insurance-guides/landlord-insurance-faq/”>landlord insurance</a>. A few residential policies will, however, allow lodgers. Landlord insurance will not cover the lodger's possessions, they will need to get their own insurance, known as Tenant Insurance – policies can be compared on sites such as <a href=”http://www.confused.com/campaign/home-insurance/tenants-content-insurance?MediaCode=1054&kw=lodger+contents+insurance+broad&gclid=CPbbn9-Nj7MCFanItAod3GAAog”>confused.com</a></p>
    <p>If you get a single occupier's discount on your council tax, you will need to inform your local authority, unless your lodger is <a href=”https://www.gov.uk/council-tax/council-tax-exemptions”>exempt</a> from paying council tax (e.g. they're a university student).</p>
    <p>NB People claiming Jobseeker's Allowance and most other benefit claimants are <b>not</b> exempt – they are, however, usually entitled to Council Tax Benefit to help with some or all the cost of their council tax.</p>
    <p>If you're letting on a Monday – Friday basis (to someone who only needs a week night let), this person would not normally pay council tax at your property, as they already pay against their main (family) home. However, if for whatever reason you and your Monday – Friday lodger decided that they would use your address as their main home, they would then become liable to pay council tax at your address and you would lose any single occupier's discount.</p>
    <p>If you claim any kind of means tested benefit (such as job seeker's allowance, housing benefit or council tax benefit) as benefit rules currently stand (January 2013) your rental income will affect this. <b>Contribution</b> based Job Seeker's allowance (JSA(C)) will be affected if your weekly rental income exceeds £50. If you're on income based jobseeker's allowance (JSA(I)), it's very likely to be affected; however, to what extent will depend on your rental earnings and circumstances and a DWP adjudicator will decide this.</p>
    <p>However, from October 2013, when Universal Credit takes effect in the UK, <a href=”http://www.insidehousing.co.uk/tenancies/lodger-rules-to-ease-impact-of-bedroom-tax/6522846.article?MsgId=57059”>a <b>public housing</b> tenant's income from renting a room will no longer affect their benefit entitlement.</a></p></nowiki></pre>

  • Maverick Local Host Not Working Correctly

    Hello,
    I recently upgraded to Maverick 10.9.2. Now my local host is working incorrectly? Now when I try to access one of my sites on my local machine, it just shows the php code and not loading the pages? I also restored httpd.conf~previous to httpd.conf, and still the same issue?
    Also
    * Web sharing is on
    *PHP is enabled
    *Mysql is running
    Did I mis something?
    Thanks JR

    Hello,
    I recently upgraded to Maverick 10.9.2. Now my local host is working incorrectly? Now when I try to access one of my sites on my local machine, it just shows the php code and not loading the pages? I also restored httpd.conf~previous to httpd.conf, and still the same issue?
    Also
    * Web sharing is on
    *PHP is enabled
    *Mysql is running
    Did I mis something?
    Thanks JR

  • Cisco Ise Central Web authentication not working

    Hello Guys,
    CWA is not working. It says that authentication suceeded but posture status is pending. No error in my Monitor--authentication. Checking it in my Windows 7, it does not shows the CWA portal.
    What might be the possible problem of this.?
    thanks

    Kindly review the below links:
    http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml
    http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml

  • "Allow insecure authentication" not working on mac mail after upgrade to Yosimite

    I recently upgraded to the new Yosemite OS.  Since then, I have not been able to access my ISP's IMAP server. After spending time troubleshooting with the service provider, it seems that the "allow insecure authentication" feature is not working.  The password appears to be sent as a series of "*" which the server can not recognize and I fail the login. It is of note that I am still able to access this email account through my iPhone 4S with all the same settings and had no issues before the Yosimite upgrade. Is there anyway around this issue?

    I had the same problem. Rebooting the computer fixed the issue for me.

  • J2EE and user authentication not working

    Hi,
    has anyone gotten the basic/form based authentication to
    work in the latest version of the 9iAS?
    Oracle9iAS (9.0.2.0.0)
    I've read all the posts and articles from orionsupport.com
    BUT it still does not work.
    Support Folks from ORacle: Where is the latest documentation
    for the Server ???? Everything seems outdated??
    cheers,
    Vijay

    Hi,
    You can change User and password through SU01 through UME. and also read SNote:  Note 891614 - Login problems / Expired password
    Regards
    Thomas

  • Kerberos Authentication Not Working on OS X 10.6

    Using FF version 20.0, on OS X 10.6.8, I can not get it to use Kerberos authentication to allow SSO to a SharePoint web site.
    On OS X 10.8, with the same configuration in the about:config, everything works fine - the user is not prompted for credentials.
    I have put the necessary entires in network.negotiate-auth.delegation-uris and network.automatic-ntlm-auth.trusted-uris, network.negotiate-auth.gsslib is set to true.
    When I have setup to log the errors from the authentication module, I find in the log file "Fail to load gssapi library".
    Interestingly on 10.8, when I start Firefox from the command line the Kerberos authentication does not work. When I start it via the icon, it does. What is the difference? Are the preferences not being loaded when launching via the command line?
    Thanks for any help,
    Richard

    Found the solution:
    Was a combination of kinit being run on login (apparently a known 10.6 bug). Our Mac team were able to alter the appropriate plist file so that this does happen on login.
    We also had to add an extra SPN for the actual server, as well as the DNS name of the SharePoint site we were trying to access with Kerberos authentication - although this may have something to do with using host-named site collections at the SharePoint end.
    Main problem was the kinit thing though.

Maybe you are looking for

  • What Soundcard do I have?

    Hello all, I own a 15 inch 2.66 Ghz i7 Macbook Pro. I am interested in getting involved with audio production with this computer and was wondering what soundcard the Macbook Pro is currently equipped with and whether or not I should consider upgradin

  • HT4928 is there anyway to delete hidden apps?

    Hi there, recently had an ipad and downloaded a few naughty apps that i deleted after a few days, they always still appear even when i have hidden them, i have sold my ipad on now and only have an iphone and a new macbook pro, when i sign into itunes

  • Problem with GOS view attachment list in SAP Upgrade

    Hi, The view attachment list is working fne in 4.6c for the Z  transaction. When I run the same transaction in ECC6, I am getting the 'GOS View Attachment List' icon, but when I click on this icon, it is given short dump in ECC6 where as in 4.6c it i

  • Failed to Finish Transition(Subscript out of Range)

    We are receiving this error message during playback intermittently: Failed to Finish Transition(Subscript out of Range). Does anyone what causes this and how to resolve it?

  • Old hardrive in new Mac pro

    I bought a second internal hardrive for my old 1.6 G5. I bought it from an apple reseller so assume it is the standard type. Can I install this in my new Mac pro 2.88 (when it arrives)? Also, I want to use this hardrive with logic and some third part