NetworkManager lead to WPA association/authentication failed

Similar Messages

• N80 "WLAN: WPA authentication failed"

  I have a N80 at 4.0623.0.41 (26/07/2006, RM-92, Nokia N80 63.01) branded (TIM-Italy). No further firmware upgrades are available (on 12-09-2007)
  I would like to connect to my 802.1x academic network that uses certificate
  I installed the certificate set up its reliability.
  Then, I followed the indications found in this forum for EAP-PEAP setting up
  Data Bearer: Wlan
  Network status: Public
  Network Mode: Infrastructure
  Security mode: 802.1x
  Security Settings:
  WPA/WPA2: EAP
  EAP Plug In Settings:
  1. EAP-PEAP
  (other options disabled)
  EAP-PEAP:
  Personal Certificate: Not Defined
  Authority Certificate: IC root CA
  Username in use: User Defined
  Username: *****
  Realm in use: From certificate
  Realm: [blank]
  Allow PEAPv0: Yes
  Allow PEAPv1: NO
  Allow PEAPv2: NO
  EAPs:
  1:EAP-MSCHAPv2
  EAP-MSCHAPv2:
  Username: [entered correctly]
  Prompt password: Yes
  Password: [Entered correctly]
  When I try to connect with these settings I get the following error message:
  " WLAN: WPA authentication failed "
  I tried also other unsuccessful variations such
  Allow PEAPv0: Yes
  Allow PEAPv1: YES
  Allow PEAPv2: YES)
  The system admistrators suggested that the problem could be the certificate that is home-made and maybe it is not completely recognized by Symbian v9.1. But they don’t know how to fix the problem
  Indeed I found two certificates from my institution (Root and Server), apparently identical, but the Root one is recognized while the other no.
  Do you know what I should check inside the certificate to gain insights about the reasons of the authentication failure?
  Is there any symbian network utility that could help to understand which step block the authentication?
  I will appreciate any suggestion
  Thank you in advance

  WPA and EAP works great with the N80 - dont worry
  I have tested and runs alot og Nokia Phones with WiFi and EAP etc.
  I currently uses a N80 fw 4.0707.0.7, and there are a v5 fw also.
  I sugguest you get the 4.07
  You subject informs about WPA but you have set your Security mode: 802.1x
  Change this to:
  Security mode: WPA/WPA2
  Then you should be good.
  Also verify the status: hidden/public this is important
  If you can see the SSID in the WLAN Wiz then its public SSID.
  Try clearing the username in the certificate setup/PEAP
  also try different comination of DOMAIN/USERNAME, DOMAIN\USERNAME, DOMAIN@USERNAME etc
  But I would think that you do not need username in the GENERAL page under EAP-PEAP
  You need username under EAP page/EAP-MSCHAPv2
  I assume you have the certificate installed on the handset.
  HTH

• Authentication failed all of a suddden

  We just set up an 1200 AP with WPA and all was well for that day, today of the 3 devices that access it only 2 will connect now. I get Authentication failed on the other. I have re-entered the WPA key a billion times now, I tried turning on some debugging in the CLI but it is apparent I do not know what I am doing/looking for . Any help would be great! At this point I could reconfigure I guess but I want to find out the problem.

  No specific reason we could say about. Only constraint is software support for WPA-PSK. WPA-PSK is being supported by cisco for years now . So all the access point comes with a version that supports WPA-PSK.

• 802.1x authentication fails

  Setup: two 5500 (v6.0.188.0, mix of 1131 and 1141 AP`s
  Laptops running fine for random number of weeks suddenly can´t connect to the wireless network. The output from Client troubleshoot shows:
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Controller association request message received.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Association request received from a client has an invalid RSN IE.(One reason could be mismatch in WPA2 algorithm).
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received reassociation request from client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  The wlan to which client is connecting requires 802 1x authentication.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Client moved to associated state successfully.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received EAP Response from the client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received EAPOL start message from client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received EAP Response from the client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  EAP response from client to AP received.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  EAP response from client to AP received.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received Access-Challenge from the RADIUS server for the client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Sending EAP request to client from radius server.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  EAP response from client to AP received.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received Access-Challenge from the RADIUS server for the client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Sending EAP request to client from radius server.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  EAP response from client to AP received.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received Access-Challenge from the RADIUS server for the client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Sending EAP request to client from radius server.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  EAP response from client to AP received.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received Access-Challenge from the RADIUS server for the client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Sending EAP request to client from radius server.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  EAP response from client to AP received.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received Access-Challenge from the RADIUS server for the client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Sending EAP request to client from radius server.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  EAP response from client to AP received.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received Access-Challenge from the RADIUS server for the client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Sending EAP request to client from radius server.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  EAP response from client to AP received.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received Access-Challenge from the RADIUS server for the client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Sending EAP request to client from radius server.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  EAP response from client to AP received.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Radius packet received. Access-Challenge received from RADIUS server 10.1.1.81, receiveId = 10
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Received Access-Challenge from the RADIUS server for the client.
  05/07/2010 07:03:14 CEST
  INFO
  10.1.1.101
  Sending EAP request to client from radius server.
  05/07/2010 07:03:44 CEST
  ERROR
  10.1.1.101
  Retransmitting EAP-ID request to client,retransmission timer expired.
  05/07/2010 07:04:14 CEST
  ERROR
  10.1.1.101
  Retransmitting EAP-ID request to client,retransmission timer expired.
  05/07/2010 07:04:44 CEST
  ERROR
  10.1.1.101
  Authentication failed for client as EAP ID request from AP reached maxmium retransmissions.
  05/07/2010 07:04:44 CEST
  ERROR
  10.1.1.101
  De-authentication sent to client. slot 0 (claller 1x_ptsm.c:467)
  05/07/2010 07:04:44 CEST
  ERROR
  10.1.1.101
  05/07/2010 07:04:44 CEST
  ERROR
  10.1.1.101
  EAPOL-key is invalid, scheduling client for deletion.

  We are using PEAP-MS-CHAP v2 . The IAS certificate is valid to 2014. We have about 300 laptops, but now and then some of them fails to authenticate. Yesterday I noticed that if I had one of the failing computers connected with wire, after some minutes it suddenly authenticated wireless!

• Getting a lot of this error:The reason code is '4(802.1X Authentication failed 3 times.)'. - Controller Name:

  Since we upgraded our WCS system to V6.0.196.0 we are receiving a lot of the following error messages and I haven't figured out why.
  Client 'c0:cb:38:3f:a1:0d (anonymous, 0.0.0.0)' which was associated with interface '802.11a/n' of AP 'ACAA01-00.P04-G2C2.1' is excluded. The reason code is '4(802.1X Authentication failed 3 times.)'. - Controller Name: 205-dg20-bb3-4/2

  Check you ACS (Radius) logs under failures. You will see why its failing. Sounds like a AD account went bad
  or someone is entering the wrong logon ... But check your radius log it will point you in the right direction.

• 802.1X Authentication failed without 802.1X authentication enabled

  Hi,
  we are using 2 WISMs, with version 4.2.207 and a WCS to control them.
  It seemed to work fine for about 2 weeks, and now we detected the following problem in some users. They were connected to the wireless without problems, and then they lost the connection. For authentication we use WPA2, we also use mac-filter.
  When they lost the connection we can see the following error:
  Message:
  Client 'mac address' which was associated with AP 'mac address', interface '1' is excluded. The reason code is '4(802.1X Authentication failed 3 times.)'.
  Message:
  Client 'mac' which was associated with AP 'mac', interface '0' is excluded. The reason code is '4(802.1X Authentication failed 3 times.)'.
  I also attach an output of the troubleshoot mac address...
  Can some help me with this?
  Thank you.
  Best regards,

  Hi Kirbus,
  we open a TAC and we were advised for now to do the following changes:
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman","serif";}
  1.       please make sure to disable Aironet extensions (if present)  , on the WLAN advanced configuration
  2.       disable management frame protection (MFP) signature generation (if present) , MFP also on the WLAN advanced configuration
  3.       on the WLC general configuration , can you please disable aggressive load balancing
  4.       on the security tab on the WLC , please wireless protection policies > disable client exclusion policies
  5.       on the AP network configuration please disable short preamble the original standard was long preambles
  6.       Wireless -> disable auto-RRM channel & power assignment & try "on demand"
  7.       apply these modification on the WLC CLI
  Config advanced eap identity-request-timeout 20
  Config advanced eap identity-request-retries 10
  Config advanced eap request-timeout 20
  Config advanced eap request-retries 10
  Save config, and see if you still face the problem.
  We are still monitoring the solution, but until now we didn't face the problem again.
  Let me now how it goes for you.
  Thank you.
  Best regards,

• Help, Authentication failed

  I am having a very difficult time making a simple login program work
  I am using Java SDK 1.4.2_02 on a Windows 2000 host, the DS is on the same host
  My Directory Server is Sun One Directory Server 5.2
  I am using the JAAS package, with a JndiLoginModule
  When I use a bogus uid I get a �user not found� message so I know I am contacting the DS correctly
  The Access log looks like this
  [09/Dec/2003:13:09:52 -0600] conn=1606 op=0 msgId=1 - BIND dn="" method=128 version=3
  [09/Dec/2003:13:09:52 -0600] conn=1606 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn=""
  [09/Dec/2003:13:09:52 -0600] conn=1606 op=1 msgId=2 - SRCH base="ou=people,dc=auto-trol,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
  [09/Dec/2003:13:09:52 -0600] conn=1606 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
  [09/Dec/2003:13:09:52 -0600] conn=1606 op=2 msgId=3 - SRCH base="ou=people,dc=auto-trol,dc=com" scope=1 filter="(uid=jpsb)" attrs=ALL
  [09/Dec/2003:13:09:52 -0600] conn=1606 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0
  [09/Dec/2003:13:09:52 -0600] conn=1606 op=3 msgId=4 - ABANDON targetop=NOTFOUND msgid=3
  My config file looks like this
  Sample
  com.sun.security.auth.module.JndiLoginModule required debug=true
       user.provider.url="ldap://localhost:4661/ou=People,dc=auto-trol,dc=com"
       group.provider.url="ldap//localhost:4661/ou=Group,dc=auto-trol,dc=com";
  The error I get is this:
  [JndiLoginModule] user provider: ldap://localhost:4661/ou=People,dc=auto-trol,dc=com
  [JndiLoginModule] group provider: ldap//localhost:4661/ou=Group,dc=auto-trol,dc=com
  ldap username: jpsb
  ldap password: jim
  [JndiLoginModule] attemptAuthentication() failed
  [JndiLoginModule] regular authentication failed
  [JndiLoginModule]: aborted authentication failed
  Authentication failed:
  Login incorrect
  A stack trace looks like this
  javax.security.auth.login.FailedLoginException: Login incorrect
  at com.sun.security.auth.module.JndiLoginModule.attemptAuthentication(JndiLoginModule.java:552)
  at com.sun.security.auth.module.JndiLoginModule.login(JndiLoginModule.java:310)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
  at LoginJaas.main(LoginJaas.java:93)
  It appears to me that there must be some kind password problem, I can login from the 5.2 console or switch user ids from the console so I know the user and Directory Server are OK.
  Can anyone help? I�ve been pounding on this for a few days and it is getting frustrating.
  Thanks in advance
  Jim

  Here it is along with some bat files to make and run. I can't understand why it does not work. It is mostly a slightly modified example from Sun. I'm using Sun code, a Sun Directory Server and a Sun's JndiLoginModule so why the damn thing does not work is a mystery. I have looked EVERYWHERE for a sample JAAS/LDAP Authenicate code and can't find a thing. Makes me think there isn't any and JAAS is not the way to go. I and going to try with a different DS maybe open LDP or active Directory and if that doesn't work I'll forget JAAS and use JNDI instead.
  Any help would be greatly appreciated.
  thanks in advance
  jim
  Start LoginJass.java
  * @(#)LoginJaas.java
  * Copyright 2001-2002 Sun Microsystems, Inc. All Rights Reserved.
  * Redistribution and use in source and binary forms, with or
  * without modification, are permitted provided that the following
  * conditions are met:
  * -Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  * -Redistribution in binary form must reproduct the above copyright
  * notice, this list of conditions and the following disclaimer in
  * the documentation and/or other materials provided with the
  * distribution.
  * Neither the name of Sun Microsystems, Inc. or the names of
  * contributors may be used to endorse or promote products derived
  * from this software without specific prior written permission.
  * This software is provided "AS IS," without a warranty of any
  * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
  * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
  * EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
  * DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
  * RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
  * ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
  * FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
  * SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
  * CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
  * THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  * You acknowledge that Software is not designed, licensed or
  * intended for use in the design, construction, operation or
  * maintenance of any nuclear facility.
  import javax.security.auth.Subject;
  import javax.security.auth.callback.*;
  import javax.security.auth.login.*;
  import com.sun.security.auth.callback.TextCallbackHandler;
  import java.security.PrivilegedAction;
  * This LoginJaas application attempts to authenticate a user
  * and reports whether or not the authentication was successful.
  * If successful, it then sets up subsequent execution of
  * code in the run method of the SampleAction class such that
  * access control checks for security-sensitive operations will be
  * based on the user running the code.
  public class LoginJaas
       private static Subject mySubject;
       public static void main(String[] args)
            // Obtain a LoginContext, needed for authentication. Tell it
            // to use the LoginModule implementation specified by the
            // entry named "JaasSample" in the JAAS login configuration
            // file and to also use the specified CallbackHandler.
            LoginContext lc = null;
            try
                 lc = new LoginContext("Sample", new TextCallbackHandler());
            catch (LoginException le)
                 System.err.println("le:Cannot create LoginContext. "
                 + le.getMessage());
                 le.printStackTrace();
                 System.exit(-1);
            catch (SecurityException se)
                 System.err.println("se:Cannot create LoginContext. "
                 + se.getMessage());
                 se.printStackTrace();
                 System.exit(-1);
            try
                 // attempt authentication
                 lc.login();
            catch (LoginException le)
                 System.err.println("Authentication failed:");
                 System.err.println(" " + le.getMessage());
                 le.printStackTrace();
                 System.exit(-1);
            System.out.println("Authentication succeeded!");
            // now try to execute the SampleAction as the authenticated Subject
            Subject mySubject = lc.getSubject();
            PrivilegedAction action = new SampleAction();
            Subject.doAsPrivileged(mySubject, action, null);
  End LoginJass.java
  Start MyCallbackHandler.java
  import java.io.*;
  import javax.security.auth.*;
  import javax.security.auth.callback.*;
  public class MyCallbackHandler implements CallbackHandler
       public void handle(Callback callbacks[]) throws IOException, UnsupportedCallbackException
            for(int i=0;i<callbacks.length;i++)
                 if(callbacks[i] instanceof NameCallback)
                 NameCallback nc = (NameCallback) callbacks[0];
                 System.err.print(nc.getPrompt());
                 System.err.flush();
                 String name = (new BufferedReader(new InputStreamReader(System.in))).readLine();
                 nc.setName(name);
                 else
                 throw(new UnsupportedCallbackException(callbacks,
                           "Callback handler not support"));
  End MyCallbackHandler.java
  Start Sample.java
  * @(#)Sample.java     1.19 00/01/11
  * Copyright 2000-01 Sun Microsystems, Inc. All rights reserved.
  * Copyright 2000-01 Sun Microsystems, Inc. Tous droits reserves.
  import java.io.*;
  import java.util.*;
  import java.security.Principal;
  import javax.security.auth.*;
  import javax.security.auth.callback.*;
  import javax.security.auth.login.*;
  import javax.security.auth.spi.*;
  import com.sun.security.auth.*;
  * <p> This Sample application attempts to authenticate a user
  * and executes a SampleAction as that user.
  * <p> If the user successfully authenticates itself,
  * the username and number of Credentials is displayed.
  * @version 1.19, 01/11/00
  public class Sample {
  * Attempt to authenticate the user.
  * <p>
  * @param args input arguments for this application. These are ignored.
  public static void main(String[] args) {
       // use the configured LoginModules for the "Sample" entry
       LoginContext lc = null;
       try {
       lc = new LoginContext("Sample", new MyCallbackHandler());
       } catch (LoginException le) {
       le.printStackTrace();
       System.exit(-1);
       // the user has 3 attempts to authenticate successfully
       int i;
       for (i = 0; i < 3; i++) {
       try {
            // attempt authentication
            lc.login();
            // if we return with no exception, authentication succeeded
            break;
       } catch (AccountExpiredException aee) {
            System.out.println("Your account has expired. " +
                      "Please notify your administrator.");
            System.exit(-1);
       } catch (CredentialExpiredException cee) {
            System.out.println("Your credentials have expired.");
            System.exit(-1);
       } catch (FailedLoginException fle) {
            System.out.println("Authentication Failed");
            try {
            Thread.currentThread().sleep(3000);
            } catch (Exception e) {
            // ignore
       } catch (Exception e) {
            System.out.println("Unexpected Exception - unable to continue");
            e.printStackTrace();
            System.exit(-1);
       // did they fail three times?
       if (i == 3) {
       System.out.println("Sorry");
       System.exit(-1);
       // let's see what Principals we have
       Iterator principalIterator = lc.getSubject().getPrincipals().iterator();
       System.out.println("Authenticated user has the following Principals:");
       while (principalIterator.hasNext()) {
       Principal p = (Principal)principalIterator.next();
       System.out.println("\t" + p.toString());
       System.out.println("User has " +
                 lc.getSubject().getPublicCredentials().size() +
                 " Public Credential(s)");
       // now try to execute the SampleAction as the authenticated Subject
       Subject.doAs(lc.getSubject(), new SampleAction());
       System.exit(0);
  End Sample.java
  Start SampleAction.java
  * @(#)SampleAction.java     1.4 00/01/11
  * Copyright 2000-01 Sun Microsystems, Inc. All rights reserved.
  * Copyright 2000-01 Sun Microsystems, Inc. Tous droits reserves.
  import java.io.File;
  import java.security.PrivilegedAction;
  * <p> This is a Sample PrivilegedAction implementation, designed to be
  * used with the Sample application.
  * @version 1.4, 01/11/00
  public class SampleAction implements PrivilegedAction {
  * <p> This Sample PrivilegedAction performs the following operations:
  * <ul>
  * <li> Access the System property, <i>java.home</i>
  * <li> Access the System property, <i>user.home</i>
  * <li> Access the file, <i>foo.txt</i>
  * </ul>
  * @return <code>null</code> in all cases.
  * @exception SecurityException if the caller does not have permission
  *          to perform the operations listed above.
  public Object run() {
       System.out.println("\nYour java.home property: "
                 +System.getProperty("java.home"));
       System.out.println("\nYour user.home property: "
                 +System.getProperty("user.home"));
       File f = new File("foo.txt");
       System.out.print("\nfoo.txt does ");
       if (!f.exists())
       System.out.print("not ");
       System.out.println("exist in the current working directory.");
       return null;
  End SampleAction.java
  Start princible/SamplePrincipal.java
  package principal;
  * @(#)SamplePrincipal.java     1.4 00/01/11
  * Copyright 2000-01 Sun Microsystems, Inc. All rights reserved.
  * Copyright 2000-01 Sun Microsystems, Inc. Tous droits reserves.
  import java.security.Principal;
  * <p> This class implements the <code>Principal</code> interface
  * and represents a Sample user.
  * <p> Principals such as this <code>SamplePrincipal</code>
  * may be associated with a particular <code>Subject</code>
  * to augment that <code>Subject</code> with an additional
  * identity. Refer to the <code>Subject</code> class for more information
  * on how to achieve this. Authorization decisions can then be based upon
  * the Principals associated with a <code>Subject</code>.
  * @version 1.4, 01/11/00
  * @see java.security.Principal
  * @see javax.security.auth.Subject
  public class SamplePrincipal implements Principal, java.io.Serializable {
  * @serial
  private String name;
  * Create a SamplePrincipal with a Sample username.
  * <p>
  * @param name the Sample username for this user.
  * @exception NullPointerException if the <code>name</code>
  *               is <code>null</code>.
  public SamplePrincipal(String name) {
       if (name == null)
       throw new NullPointerException("illegal null input");
       this.name = name;
  * Return the Sample username for this <code>SamplePrincipal</code>.
  * <p>
  * @return the Sample username for this <code>SamplePrincipal</code>
  public String getName() {
       return name;
  * Return a string representation of this <code>SamplePrincipal</code>.
  * <p>
  * @return a string representation of this <code>SamplePrincipal</code>.
  public String toString() {
       return("SamplePrincipal: " + name);
  * Compares the specified Object with this <code>SamplePrincipal</code>
  * for equality. Returns true if the given object is also a
  * <code>SamplePrincipal</code> and the two SamplePrincipals
  * have the same username.
  * <p>
  * @param o Object to be compared for equality with this
  *          <code>SamplePrincipal</code>.
  * @return true if the specified Object is equal equal to this
  *          <code>SamplePrincipal</code>.
  public boolean equals(Object o) {
       if (o == null)
       return false;
  if (this == o)
  return true;
  if (!(o instanceof SamplePrincipal))
  return false;
  SamplePrincipal that = (SamplePrincipal)o;
       if (this.getName().equals(that.getName()))
       return true;
       return false;
  * Return a hash code for this <code>SamplePrincipal</code>.
  * <p>
  * @return a hash code for this <code>SamplePrincipal</code>.
  public int hashCode() {
       return name.hashCode();
  End princible/SamplePrincipal.java
  Start ample_jaas.config
  /** Login Configuration for the JAAS Sample Application **/
  Sample
       //SampleLoginModule required debug=true;
       com.sun.security.auth.module.JndiLoginModule required debug=true
       user.provider.url="ldap://localhost:4661/ou=People,dc=testing,dc=com"
       group.provider.url="ldap//localhost:4661/ou=Group,dc=testing,dc=com";
  End Sample_jaas.config
  Start sample.policy
  /** Java 2 Access Control Policy for the JAAS Sample Application **/
  /** Code-Based Access Control Policy for LoginJaas **/
  grant codebase "file:./sample.jar
  permission javax.security.auth.AuthPermission
  "createLoginContext.JaasSample";
  permission javax.security.auth.AuthPermission "doAsPrivileged";
  permission java.security.AllPermission; //darf alles
  /** User-Based Access Control Policy for the LoginAction class
  ** instantiated by LoginJaas
  grant     codebase "file:./SampleAction.jar", Principal principal.SamplePrincipal "jimshi"
  permission java.util.PropertyPermission "java.home", "read";
  permission java.util.PropertyPermission "user.home", "read";
  permission java.io.FilePermission "foo.txt", "read";
  End sample.policy
  Start makelogin.bat
  REM
  javac LoginJaas.java principal/SamplePrincipal.java
  jar -cvf LoginJaas.jar LoginJaas.class principal/SamplePrincipal.java
  REM
  javac SampleAction.java
  jar -cvf SampleAction.jar SampleAction.class
  REM
  REM javac SampleLoginModule.java
  REM jar -cvf sample_module.jar SampleLoginModule.class
  REM
  javac Sample.java
  REM jar -cvf sample.jar MyCallbackHandler.class Sample.class
  javac com/sun/security/auth/module/*.java
  End makelogin.bat
  Start run.bat
  REM java -classpath ./;SampleAction.jar;LoginJaas.jar -Djava.security.manager -Djava.security.policy=sample.policy -Djava.security.auth.login.config=sample_jaas.conf LoginJaas
  java -classpath ./;SampleAction.jar;LoginJaas.jar -Djava.security.auth.login.config==D:\STUFF\LDAP\loginJim\sample_jaas.config LoginJaas
  End run.bat

• Cisco1941W error massage "%DOT11-7-AUTH_FAILED: Station 0011.f596.eecb Authentication failed"

  I am using Cisco1941W.
  When I connect CliantPC to Wireless(1941W) I got bellow massage from 1941AP.
  "%DOT11-7-AUTH_FAILED: Station 0011.f596.eecb Authentication failed"
  And I couldn't ping from my PC to AP and Router.
  Its possible communication from AP to Router.
  I show 1941AP configration.
  Could you find wrong?
  By the way, my PC connected to AP by 108Mbps.
  But my PC supported only 802.11a/b/g .
  My PC use Static IP Address and use TEST-2  ssid.
  I couldn't find error from my PC.
  (start)
  hostname TEST
  enable secret test
  aaa new-model
  aaa group server radius rad_eap
  server 10.73.12.2 auth-port 1645 acct-port 1646
  aaa session-id common
  dot11 syslog
  dot11 ssid TEST-1
     vlan 100
     authentication open eap eap_methods
     authentication key-management wpa
     mbssid guest-mode
  dot11 ssid TEST-2
     vlan 200
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii testtesttesttesttest
  dot11 aaa csid ietf
  username Cisco password 7 05280F1C2243
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  no shut
  encryption vlan 100 mode ciphers aes-ccm
  encryption vlan 200 mode ciphers aes-ccm
  ssid TEST-1
  ssid TEST-2
  mbssid
  antenna gain 0
  station-role root
  interface Dot11Radio0.100
  encapsulation dot1Q 100 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.200
  encapsulation dot1Q 200
  no ip route-cache
  bridge-group 2
  bridge-group 2 subscriber-loop-control
  bridge-group 2 block-unknown-source
  no bridge-group 2 source-learning
  no bridge-group 2 unicast-flooding
  bridge-group 2 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  no shut
  encryption vlan 100 mode ciphers aes-ccm
  encryption vlan 200 mode ciphers aes-ccm
  ssid TEST-1
  ssid TEST-2
  antenna gain 0
  no dfs band block
  channel 5180
  station-role root
  interface Dot11Radio1.100
  encapsulation dot1Q 100 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1.200
  encapsulation dot1Q 200
  no ip route-cache
  bridge-group 2
  bridge-group 2 subscriber-loop-control
  bridge-group 2 block-unknown-source
  no bridge-group 2 source-learning
  no bridge-group 2 unicast-flooding
  bridge-group 2 spanning-disabled
  interface GigabitEthernet0
  description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
  no ip address
  no ip route-cache
  bridge-group 5
  no bridge-group 5 source-learning
  bridge-group 5 spanning-disabled
  no shut
  interface GigabitEthernet0.100
  encapsulation dot1Q 100 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0.200
  encapsulation dot1Q 200
  no ip route-cache
  bridge-group 2
  no bridge-group 2 source-learning
  bridge-group 2 spanning-disabled
  interface BVI1
  ip address 10.73.12.7 255.255.255.0
  no ip route-cache
  ip default-gateway 10.73.12.1
  ip http server
  no ip http secure-server
  radius-server deadtime 1440
  bridge 1 route ip
  (end)
  I guess errer massage is telling Radio Frequency error.
  I tried to change configuration "speed".
  But still get error massage and I couldn't ping from my PC.

  Thanks, leolaohoo.
  > My PC use Static IP Address and use TEST-2  ssid.
  so I use TEST-2.
  in this case, ignore TEST-1.
  I just paste real configuration.
  I tried to connect again.
  But still I can't ping from PC to AP.
  I use other PC.
  I configured bellow.
    -interface dot11Radio0
    -speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  It was same resault.
  Is cisco1941w broken?
  I'd like to know one more.
  I configured bellow, but I couldn't use 802.11a.
    -interface dot11Radio0
    -shutdown
  how to use 802.11a(5GHz)?

• WLC Client excluded - web authentication failed 3 times

  Is there any more I can do with the following? The customer only has 4400 controllers and WCS' both on the highest firmware currently available...
  An example of the alert generated in the event of an excessive authentication failure is as follows:
  Client '08:60:6e:35:7c:29 (172.16.235.133)' which was associated with interface '802.11b/g/n' of AP '25CS-AP21-24SE' is excluded. The reason code is '5(Web Authentication failed 3 times.)'.
  E-mail will be suppressed up to 30 minutes for these alarms.
  I need clarification of the following so that a process can be put in place to show if it is possible to deal with potential threats/attempts to hack into the network as the customers security are not accepting notification only. Therefore please advise:
  - What does ‘excluded’ mean in this scenario? Is the client permanently excluded or only temporarily?
  - If the client is not permanently excluded - if there are multiple occurrences of this alert for the same client can the client be disabled via the WCS console?
  - If necessary could e-mail suppression be turned off - for this alert only?
  Hope you can help but I think they need Prime and ISE to satisfy their security concerns myself!
  BR
  Rockford

  There is a command line syntax which will also allow you to export and import an IAS config to other IAS servers. Then you will be sure they are identical...
  http://support.microsoft.com/kb/883619

• FreeNX - Authentication failed.

  Hi, I installed Freenx by pacman and I get this in a windows client:
  NX> 203 NXSSH running with pid: 4856
  NX> 285 Enabling check on switch command
  NX> 285 Enabling skip of SSH config files
  NX> 285 Setting the preferred NX options
  NX> 200 Connected to address: 91.117.182.217 on port: 22
  NX> 202 Authenticating user: nx
  NICE TO SEE YOU AGAIN FRIEND!!!
  NX> 208 Using auth method: publickey
  NX> 204 Authentication failed.
  I was looking in the freenx arch wiki post, but I cant solved my problem
  Tell me what you need to help me, thanks

  I found this on the nomachine web
  2.5. Getting the Node to Authenticate the Server
  The NX Server public DSA Key must be added to the node to allow this server to connect to the node running on the remote host. Please note that in the current implementation, each node can be associated only to one server.
  Copy the server public DSA key on the node host, for example:
  # scp /usr/NX/etc/keys/node.localhost.id_dsa.pub root@node_host:/tmp
  The general form of the command to add the server public DSA key is:
  nxnode --keyadd KEY
  KEY is the path to the server public DSA key.
  For example:
  nxnode --keyadd /tmp/node.localhost.id_dsa.pub
  I don't know if it works on FreeNX or even if this is the solution... I dont understand what to do

• REP-50171 Authentication Failed

  i am trying to run a 6i report via rwservlet using 9ias reports services.
  i am running it from the command line successfully [rwclient server=test1
  userid=test/test@testdb report=c:\reports\myreport.rdf destype=cache
  desformat=html]. i am not able to migrate this report at this time.
  i defined the report server to the portal
  [http://hostname:port/reports/rwservlet], defined the report to the portal
  [myreport.rdf] and associated the two. i am getting the following
  error:
  REP-50171 Authentication Failed
  i tried commenting out the [security id="rwSec...] entry in the
  test1.conf under my 9ias_mid_tier_home/reports/conf, but the error
  still occurs. i cannot find the error documented anywhere. can
  anyone tell me what it means?

  It's not clear to me how you run the report when you got the error message -- from Portal or from URL directly?
  Anyway please check if you have provided valid user name/password, and in Reports server config file, It is connecting to the same portal which you have registered Reports server/rdfs.
  -Jeff

• REP-50171 Authentication Failed running report under portal

  i am trying to run a 6i report via rwservlet using 9ias reports services.
  i am running it from the command line successfully [rwclient server=test1
  userid=test/test@testdb report=c:\reports\myreport.rdf destype=cache
  desformat=html]. i am not able to migrate this report at this time.
  i defined the report server to the portal
  [http://hostname:port/reports/rwservlet], defined the report to the portal
  [myreport.rdf] and associated the two. i am getting the following
  error:
  REP-50171 Authentication Failed
  i tried commenting out the [security id="rwSec...] entry in the
  test1.conf under my 9ias_mid_tier_home/reports/conf, but the error
  still occurs. i cannot find the error documented anywhere. can
  anyone tell me what it means?

  It's not clear to me how you run the report when you got the error message -- from Portal or from URL directly?
  Anyway please check if you have provided valid user name/password, and in Reports server config file, It is connecting to the same portal which you have registered Reports server/rdfs.
  -Jeff

• SAP Business One Integration Services Authentication Failed

  Dear ,
  ALL SAP forum members,
  Iam Using SAP Business One 8.81 PL 06, Micorsoft SQL 2008 R2
  In SLD B1DI and  JDBC, the connections were tested successfully.
  Whenever I log into SBO, I am getting "SAP Business One Integration Services Authentication Failed" error message. I did extensive research on all possible SBO documents dating 1 year back especially in B1ic Troubleshooting Document (New and Old) and searched the length of the SBO forums, but I could not a solution.
  I uninstalled and reinstalled the B1f package many a time. The integration services we re also restarted many times and the connections were all tested successfully. Firewall, AntiVirus also checked.
  In the B1f, in the Monitoring Window, the login is "Ok" but the AuthCheck is "Failed". I checked Authent.Monitor->Authentic Info  and I found the following message under Action message "Wrong Usrname and Password".
  I debugged and i found again "/com.sap.b1i.vplatform.scenarios.authen/sap.Xcelsius/Authenticate_Check.bfd
  But could not understand much of it.
  But i could go no further. The experts are requested to suggest their solutions, If any, to me as Iam stuck in this phase for the last 3 week
  I hope some experts will guide me over this issue
  Thanks and regards
  Ashish Gupte

  Hi Konstantin Ryahovsky
  Thanks for your reply. My problem is solved.
  And frankly speaking i dont know how it was solved. I have not uninstall, install ,not even i had restarted the server also.
  only change i did in SLD >> Maintainance >>> cfg Runtime >>>> Put server IP address instead of server Name and restarted the services.
  Thanks & regards
  Ashish Gupte

• Toshiba EXCITE Pro - WIFI connection. Authentication failed after update

  Hello.
  Just received this Tablet.
  Everything seemed ok while updating to the latest version (did that first to solve the heat problems).
  After the last update *i lost my WIfi connection. Authentication failed* (didnt change something - was connecting - updating ok 1 minute before the last update).
  After that i started testing ,Wps connection , No security Wifi etc etc.
  *Finally at a random time (and with the initial settings) i got connected*. After i shut down the tablet the same problem occured.
  After doing the same things again i finally got connected and this time it seems to be ok, even after i shut down the tablet.
  However this is frustrating.
  Maybe you have to sort this out?
  I have seen and other people returning this tablet after having this problem.
  It is not a hardware problem since its working ok before the update.
  Of course tried factory reset twice.
  Hope i dont have this problem again, *but i am informing in hope that you fix this in a future update.*

  Toshiba sent me the fix for this. Figured I would use Facebook and they sorted a solution straight away.
  It requires a complete reset. Not the soft reset from within Android.
  I'll post it here as they will check through moderation I guess.
  Thanks for sending a private message Ben. For us to get this resolved for you we would advise to perform a reset from the Android system recovery menu, to do the reset please follow these steps:
  The reset process will delete any data, settings, and applications on your tablet. You must have a backup of any data you wish to keep before proceeding.
  1. Make sure the tablet is off and not in standby.
  2. Hold down the Volume Up and Power buttons simultaneously until the two Android icons appear.
  3. Use the volume buttons to select the white box on the right.
  4. Once selected, press the power button.
  5. Use the volume buttons to select wipe cache partition and then press the power button.
  6. Select Yes and press the power button.
  7. Use the volume buttons to select wipe data/factory reset and then press the power button.
  8. Select Yes and press the power button.
  9. The tablet will now reset.
  If you have any issues after the reset please get back to us as soon as possible!
  Its been working well ever since. I guess the cache clean part might be the main one. You'll have to select the reboot yourself as I did at the end.
  Might be best to use Facebook i'll see if I can find my post as the response was quick and efficient unlike their responses in here. I.e nowt from them so far.
  They needed my name and serial numbers probably to log problems etc.
  Message was edited by: bensimmo

• I'm trying to connect through the FTP client Filezilla. When I try to login with the wizard, it gives me a "503 Failure of Data Connection" reply; when I attempt to login myself, it gives me a "530 Login Authentication Failed." HELP!!!

  My current softward is: Mac OS X Lion 10.7.5 (11G63)
  When I attempt to use the Filezilla connection wizard I get the following message:
  Connecting to probe.filezilla-project.org
  Response: 220 FZ router and firewall tester ready
  USER FileZilla
  Response: 331 Give any password.
  PASS 3.7.1.1
  Response: 230 logged on.
  Checking for correct external IP address
  Retrieving external IP address from http://ip.filezilla-project.org/ip.php
  Checking for correct external IP address
  IP 27.0.19.56 ch-a-bj-fg
  Response: 200 OK
  PREP 52470
  Response: 200 Using port 52470, data token 1871898076
  PORT 27,0,19,56,204,246
  Response: 200 PORT command successful
  LIST
  Response: 150 opening data connection
  Response: 503 Failure of data connection.
  Server sent unexpected reply.
  Connection closed
  When I attempt to login Host/Username/Password myself I get the following message:
  Status:          Resolving address of amyhoney.com
  Status:          Connecting to 184.168.54.1:21...
  Status:          Connection established, waiting for welcome message...
  Response:          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
  Response:          220-You are user number 12 of 500 allowed.
  Response:          220-Local time is now 04:05. Server port: 21.
  Response:          220-This is a private system - No anonymous login
  Response:          220 You will be disconnected after 3 minutes of inactivity.
  Command:          USER 5475****
  Response:          331 User 5475**** OK. Password required
  Command:          PASS ********************
  Response:          530 Login authentication failed
  Error:          Critical error
  Error:          Could not connect to server
  Now before anyone points out the obvious: my username and password are correct. I've already gone through changing them so I know they are.
  Additionally, I've pretty much tried EVERYTHING I've read online, from messing with "terminal" (and subsequently the FTP and STFP options) to changing the sharing options and turning on file sharing/remote management as well as just turning off my Firewall completely.
  Now I've used Filezilla before when I first published my site and everything worked fine. My site is published through Wordpress so most of my editing was done through simply logging into my "wp-login." I recently changed the theme and in order to change the header image in that theme I have to do it through my "wp-content" folder, which means I need to use Filezilla. I feel like a complete moron right now considering I've had my site for about a year and can't even doing something this simple.
  I've read that the newer version of Lion/Mountain Lion don't support automatice FTP anymore, which (as I mentioned prior) I attempted to fix through Terminal. However, nothing I do seem to do works.
  Can someone walk me through fixing this? And I do mean 'walk me through'. I'm not a tech-savvy nerd who knows all the lingo, I just know the basics so sorry if my ignorance offends you.
  HELP!!

  First be sure login and password are OK. Sometimes the address starts wit "http://..." and sometime starts with "ftp://...". Try both normal FTP access and Scure FTP access (SFTP). At the end, contact the site's provider.