No Radius-accept-request received on Radius server

Similar Messages

• Missing AVP 29 VSA 23 in the Radius Access-Request sent by ASA 5545-X 8.6

  Hello,
  we are migrating from ASA 5520 Version 8.4(3) to ASA 5545-X Version 8.6(1)2 with the same configuration ;
  we are stuck with a Radius authentication problem related to an ASA clientless ASA access ;
  when we compare the Radius dialog between each ASA (the old one and the new one) and the same Radius ACS 5.3 server, we can see that the only difference is there is a missing AVP 29 VSA 23 in the Radius Access-Request sent by the new ASA-5545-X compared to the good one sent   by the old ASA 5520;
  this AVP 29 VSA 23 carries the tunnel-group name as defined in the ASA configurtion ;
  5545-X ad 5520 configuration files have been double-checked and compared : no difference between both files
  any help would be appreciated to diagnose this problem
  thanks in advance

  This problem was solved by upgrading the 5545-X from version 8.6(1)2 to version 9.1.2;
  nothing else changed

• After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request dropped."

  Hello,
  I have a two admin node setup for ISE. I just upgraded one of my two ISE Admin nodes to Version 1.2. I still have one of my admin  nodes at 1.1.4. When I disable my Version 1.1.4 node and allow wireless authentications to be handled by the Version 1.2 node I get the message..."5413 RADIUS Accounting-Request dropped". None of my wireless edge devices will be allowed on the network during this time. When I re-enable my 1.1.4 node my wireless devices are then allowed on the network.
  I am currently using ISE to authenticate wireless connectivity.
  I also get the failure reason... "11038 RADIUS Accounting-Request header contains invalid Authentication field".
  Any ideas?
  Bob

  The 5413 RADIUS Accounting-Request dropped may be because the session was active on ISE1 and is now sending update messages to ISE2. Also, verify your shared secret radius key matches on both the wlc and ISE servers. I would try clearing the WLC connection for the test user when switching.  Just turning off wireless and back on doesn't do it.  Also, are you using PEAP-MSChapv2 or EAP-TLS for authenticating the clients.  What type of certificate is presented, public or private?

• Framed-IP-Address in RADIUS Access Request for WLC web-auth users

  We have a web-auth WLAN (with 7.6.130.0 software on a 2504 WLC) configured to authenticate users through RADIUS. The Framed-IP-Address attribute, representing the client device's IP address is sent in the Accounting Request, as expected. However, this information should be available at the WLC before sending the RADIUS Access Request, since the device is already having an IP address. 
  So is there a way to configure the WLC to send the Framed-IP-Address attribute in the RADIUS Access Request as well?

  Hi ,
  Try using:
  aaa accounting delay-start
  Regards,
  ~JG
  Do rate helpful posts

• RADIUS-3-NOSERVERS: No radius hosts configured or no valid server present in the server group

  Hi,
  I currently have an C2960 switch with IOS 15.0(2) SE4. To log on the CLI of the switch authentication against a RADIUS server takes place. Accounting is not wanted. The config of the switch is as follows:
  aaa new-model
  aaa group server radius RADIUSGROUP
   server xxx.xxx.xxx.1 auth-port 1812 acct-port 0
   server xxx.xxx.xxx.2 auth-port 1812 acct-port 0
  aaa authentication login default group RADIUSGROUP local
  aaa authentication dot1x default group RADIUSGROUP
  aaaauthorization network default group RADIUSGROUP
  radius server host xxx.xxx.xxx.1 auth-port 1812 acct-port 0 key 7 [encrypted password]
  radius server host xxx.xxx.xxx.2 auth-port 1812 acct-port 0 key 7 [encrypted password]
  It works fine, the authentication and the login are successful, but every login generates a message in the logging of the switch:
  RADIUS-3-NOSERVERS: No radius hosts configured or no valid server present in the server group
  What is going wrong???
  Any help would be appreciated.

      That's going to be something you are going to have to go the cisco TAC with .  That looks to be some kind of software bug.  Also a feature probably not a lot of people actually use and have knowlwedge about.

• OfficialFile.asmx The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ERROR

  We are getting an error on the authentication piece when trying to submit a file to the OfficialFile.asmx web service to submit a document to the Drop-Off Library. Here is the code snippet -
  public string FileUpload(HttpPostedFile FileInput, RecordsRepositoryProperty[] properties)
  string strFileUrl = string.Empty;
  RecordsRepositorySoapClient repository = new RecordsRepositorySoapClient();
  BinaryReader b = new BinaryReader(FileInput.InputStream);
  byte[] binData = b.ReadBytes(FileInput.ContentLength);
  repository.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(iUserID, iUserPassword, iUserDomain);
  repository.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
  repository.SubmitFile(binData, properties, null, FileInput.FileName, HttpContext.Current.User.Identity.Name);
  strFileUrl = repository.GetFinalRoutingDestinationFolderUrl(properties, null, FileInput.FileName).Url;
  return strFileUrl;
  Although we are setting the network credential in the client call we still get the error
  - The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.
  Ideas?
  Thanks in advance.

  Hi,
  Based on the error message, the issue is related to the authentication type.
  I suggest you can specify the credential type like the below:
  CredentialCache credentialCache = new CredentialCache();
  NetworkCredential credentials = new NetworkCredential(UserName, PassWord, sDomain);
  credentialCache.Add(new Uri(recordCenterUrl), "NTLM", credentials);
  Here is a detailed code demo for your reference:
  http://blogs.msdn.com/b/mcsnoiwb/archive/2011/06/06/sending-files-to-a-record-center-using-the-sp2010-webservice-officialfile-asmx.aspx
  Best Regards
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jerry Guo
  TechNet Community Support

• SOA serve not accepting requests and running

  I have a manged server.
  I am starting up admin first, then SOA and then BAM.
  however when I get to SOA im supposed to get FabricProviderServlet.stateChanged SOA Platform is running and accepting requests however I just get is is started in running mode any ideas why??
  I believe this is the reason I cannot acces
  the BPM composer and BPM workspace
  Any ideas
  Thanks in advance!!

  Hi Ashwin,
  Is there any warnning or error information when you try to restart the PRODUCTION environment?
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• DataSource.Error: SharePoint: Request failed: The remote server returned an error: (500) Internal Server Error.

  Seeing this error when retrieving data from a SharePoint list. I have full access to the list. Any help would be appreciated.
  DataSource.Error: SharePoint: Request failed: The remote server returned an error: (500) Internal Server Error. (An error occurred while processing this request.)
  Details:
  https://xyz/_vti_bin/ListData.svc/ListName
     

  I think I figured out how to use Fiddler. Here's the information I captured-
  This is a Tunnel. Status: OPEN, Raw Bytes Out: 3,797; In: 7,604
  The selected session is a HTTP CONNECT Tunnel. This tunnel enables a client to send raw traffic (e.g. HTTPS-encrypted streams or WebSocket messages) through a HTTP Proxy Server (like Fiddler).
  To enable Fiddler's HTTPS-decryption feature and view decrypted traffic, click Tools > Fiddler Options > HTTPS.
  Request Count:   1
  Bytes Sent:      107  (headers:107; body:0)
  Bytes Received:  107  (headers:107; body:0)
  Tunnel Sent:     3,797
  Tunnel Received: 7,604
  ACTUAL PERFORMANCE
  ClientConnected: 11:06:11.389
  ClientBeginRequest: 11:06:11.395
  GotRequestHeaders: 11:06:11.395
  ClientDoneRequest: 11:06:11.395
  Determine Gateway: 0ms
  DNS Lookup:   176ms
  TCP/IP Connect: 77ms
  HTTPS Handshake: 0ms
  ServerConnected: 11:06:11.649
  FiddlerBeginRequest: 11:06:11.649
  ServerGotRequest: 11:06:11.649
  ServerBeginResponse: 00:00:00.000
  GotResponseHeaders: 00:00:00.000
  ServerDoneResponse: 00:00:00.000
  ClientBeginResponse: 11:06:11.649
  ClientDoneResponse: 11:06:11.649
   Overall Elapsed: 0:00:00.254
  -= Fiddler Event Log =-
  See http://fiddler2.com/r/?FiddlerLog for details.
  10:33:33:8092 Fiddler Running...
  10:33:33:8118 Fiddler.Network.AutoProxy> AutoProxy Detection failed.
  10:33:33:8118 AutoProxy failed. Disabling for this network.
  10:33:33:8118 Windows 8+ AppContainer isolation feature detected.
  11:01:21:4125 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:4145 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:4185 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:4258 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:4268 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:4298 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:4398 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:4398 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:4518 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:4518 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:4528 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:4828 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:5789 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:5820 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:5879 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:6179 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:6530 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
  11:01:21:6924 HTTPSLint> Warning: ClientHello record was 382 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance

• ALEAUDIT IDoc cannot find request IDoc in Integration Server

  Hi,
  i m working with a scenario SAP ECC 7.0 -> IDoc -> PI -> IDoc -> R/3 4.6c
  I m sending a purchase order (ORDERS.ORDERS05) from SAP ECC and i want to receive an acknowledgment from R/3. Unfortunately there are only zeros in the field E1ADHDR / E1STATE / DOCNUM, this leads to the error "ALEAUDIT IDoc cannot find request IDoc in Integration Server" on PI.
  Does anybody know what to do in the R/3 system to send the original IDoc number in E1STATE / DOCNUM?
  XML Source of the ALEAUD received at PI:
  <?xml version="1.0" encoding="UTF-8" ?>
  <ALEAUD01>
  <IDOC BEGIN="1">
  <EDI_DC40 SEGMENT="1">
    <TABNAM>EDI_DC40</TABNAM>
    <MANDT>100</MANDT>
    <DOCNUM>0000000004307392</DOCNUM>
    <DOCREL>46C</DOCREL>
    <STATUS>30</STATUS>
    <DIRECT>1</DIRECT>
    <OUTMOD>2</OUTMOD>
    <IDOCTYP>ALEAUD01</IDOCTYP>
    <MESTYP>ALEAUD</MESTYP>
    <SNDPOR>SAPQV1</SNDPOR>
    <SNDPRT>LS</SNDPRT>
    <SNDPRN>QV1CLT100</SNDPRN>
    <RCVPOR>A000000022</RCVPOR>
    <RCVPRT>LS</RCVPRT>
    <RCVPRN>QXC100</RCVPRN>
    <CREDAT>20090605</CREDAT>
    <CRETIM>111523</CRETIM>
    <SERIAL>20090605111521</SERIAL>
    </EDI_DC40>
  <E1ADHDR SEGMENT="1">
    <MESTYP>ORDERS</MESTYP>
    <MESTYP_LNG>ORDERS</MESTYP_LNG>
  <E1STATE SEGMENT="1">
    <DOCNUM>0000000000000000</DOCNUM>
    <STATUS>53</STATUS>
    <STACOD>SAPV1311</STACOD>
    <STATXT>&1 &2 wurde gesichert</STATXT>
    <STAPA1>Terminauftrag EX</STAPA1>
    <STAPA2>2510016042</STAPA2>
    <STATYP>I</STATYP>
    <STAMQU>SAP</STAMQU>
    <STAMID>V1</STAMID>
    <STAMNO>311</STAMNO>
    <STAPA1_LNG>Terminauftrag EX</STAPA1_LNG>
    <STAPA2_LNG>2510016042</STAPA2_LNG>
  <E1PRTOB SEGMENT="1">
    <DOCNUM>0000000004307353</DOCNUM>
    <OBJTYPE>BUS2032</OBJTYPE>
    <OBJKEY>2510016042</OBJKEY>
    </E1PRTOB>
    </E1STATE>
    </E1ADHDR>
    </IDOC>
    </ALEAUD01>
  Regards,
  Udo

  Hi Volker,
  yes, that was the right hint
  I needed to change the RCVPRT field to LS to force the receiving system to send the ALEAUD with original number at the right place. Strange reaction, but it is SAP software, he, he.
  Regards,
  Udo

• WLC 5508 - Ignoring Primary discovery request received on non-management interface (2) from AP

  Hello,
  Im receving this error on my syslog server:
  capwap_ac_sm.c:1443 Ignoring Primary discovery request received on non-management interface (2) from AP
  already checked the configuration and everything seems ok. They are registered and with clients associated.
  What could be the cause?
  Thanks in advance,
  Chris

  Thanks Scott for your fast response.
  No, I'm not using LAG.
  What do you mean with separate AP Managers?
  I have one AP Manager on vlan 100 (10.100.0.25) and the Management interface on the same Vlan (10.100.0.26)
  And users use vlan 150 (10.150.0.x).
  The switch port where the AP is plugged is configured with:
  interface GigabitEthernet2/0/20
  switchport access vlan 100
  switchport mode access
  spanning-tree portfast
  On WLC I can also check the AP history:
  Last Error Occurred Reason            Layer 3 discovery request not received on management interface

• Empty HTTP request received in SAP RFC test connection type G

  Hi all,
    While checking the RFC connection i am getting error,
  response_line               HTTP/1.0 500 Empty HTTP request received
  server_protocol             HTTP/1.0
  status_code                 500
  status_reason               Empty HTTP request received
  Please let me know if this is right.

  Hi,
    We are trying to connect to an external server. So, we are using Connection Type as G.
  RFC connection Test status is 500.
  But in our case, Idoc is getting generated but it is in the XI Box, throwing the below error,
  <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!-- Call Adapter
  -->
  - <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
  <SAP:Category>XIServer</SAP:Category>
  <SAP:Code area="SECURITY">SECURITY_VERIFY_ERROR</SAP:Code>
  <SAP:P1>Check Signature</SAP:P1>
  <SAP:P2 />
  <SAP:P3 />
  <SAP:P4 />
  <SAP:AdditionalText>Signature error Error while valdiating the digital signature. Theerror was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the</SAP:AdditionalText>
  <SAP:ApplicationFaultMessage namespace="" />
  <SAP:Stack>Error during message security handling in inbound channel: Security profile 'Check Signature'</SAP:Stack>
  <SAP:Retry>M</SAP:Retry>
  </SAP:Error>
  Since the RFC is working now, we were not able to find what is the issue. Even SSL certificates are valid.

• The WinRM client received an HTTP server error status (500)

  Hi All,
  I have installed the Exchange 2010 Management Tools and a few roles on our DC (Windows Server 2008 R2) but i cannot even connect to it to configure anything.
  If i use the management tools GUI i get an error message saying:
  "Connecting to remote server failied with the following error message: The WinRM client received an HTTP server error status (500), but the remove service did not include any other informaition about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic. It was running the command 'Discover-ExchangeServer -UseWIA $true -SuppressError $true'."
  Using the Exchange Management Shell is get a similar error:
  "Connecting to remote server failied with the following error message: The WinRM client received an HTTP server error status (500), but the remove service did not include any other informaition about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic.
  + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
  + FullyQualifiedErrorId: PSSessionOpenFailed"
  This comes up 3 times and then said it failed to connect and to enter the Server FQDN i want to connect to.
  I have seen other posts where they have said to disable anonymous access for PowerShell in IIS which i have done and to also run the set-user yourusername -remotepowershellenabled:$true which i cannot run because i cannot even connect into it via PowerShell.
  Tried to see if there was a way to reinstall the management tools because i have a feeling they didnt install properly but cant find a way to do that.
  Tried to uninstall everything but i cannot because it says there are already mailboxes created (presume some default ones) but i cannot connect to remove them to uninstall.
  I seem to have reached a wall and cannot see how to proceed.
  Please help. Thanks.

  Have you tried loading EMS via Admin Tools > Windows Powershell Modules? Amazingly, that will probably work fine for you.
  Assuming that loads, or that you can run EMS on another machine:
  Check Powershell directory in IIS on the problem server. Make sure SSL is not required. Allow only Anonymous access - no basic/IWA auth etc.
  If you can get into Windows Powershell Modules, run the set-user command suggested above from there.
  Remove-powershellvirtualdirectory, and then New-powershellvirtualdirectory (either remotely or using Windows Powershell Modules.
  Re-check SSL/authentication once this is done.
  -Max
  Hi Max,
  Tried loading EMS via Admin Tools > Windows Powershell Modules but didnt work. Got the following error:
  Import-Module : There were errors in loading the format data file:
  Microsoft.Exchange.Management.PowerShell.Setup, C:\Program Files\Microsoft\Exchange Server\V14\bin\Exchange.format.ps1x
  ml : File skipped because it was already present from "Microsoft.Exchange.Management.PowerShell.E2010".
  At line:24 char:34
  +                     Import-Module <<<<  $_.Name -ErrorAction SilentlyContinue
      + CategoryInfo          : InvalidOperation: (:) [Import-Module], RuntimeException
      + FullyQualifiedErrorId : FormatXmlUpateException,Microsoft.PowerShell.Commands.ImportModuleCommand
  I think it is a problem with the PowerShell IIS VirtualDirectory because when i browse any other virtual directory i get a response of some sort but when i browse the PowerShell virtual directory i get the same 500 error message.
  This error (HTTP 500 Internal Server Error) means that the website you are visiting had a server problem which prevented the webpage from displaying.
  Now i think i have made things worse. I was looking at the remove and new point you made an accidently deleted the whole PowerShell virtual directory in IIS using the IIS GUI. I didnt use the Remove-powershellvirtualdirectory command. Now i dont know how to get it back :(
  When i try to run New-powershellvirtualdirectory and specify to call it PowerShell it says it is already
  New-PowerShellVirtualDirectory : The virtual directory 'PowerShell' already exists under 'DC01.mainserver/Default Web S
  ite'.
  Parameter name: VirtualDirectoryName
  At line:1 char:31
  + New-PowerShellVirtualDirectory <<<<
      + CategoryInfo          : InvalidArgument: (DC01\PowerShell (Default Web Site):ADObjectId) [New-PowerShellVirtualD
     irectory], ArgumentException
      + FullyQualifiedErrorId : 7833EE63,Microsoft.Exchange.Management.SystemConfigurationTasks.NewPowerShellVirtualDire
     ctory
  I have tried to use the remove command but it doesnt find it no matter what i put in the identify parameter. It should be "Default Web Site" right?
  Anyways, i have created a new PowerShell virtual directory called ExchPowerShell (still would like to find a way have it called PowerShell) and removed SSL and enabled only Anonymous access. Now get a different error message:
  VERBOSE: Connecting to DC01.mainserver
  [dc01.mainserver] Connecting to remote server failed with the following error message : The WinRM client sent a request
   to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HT
  TP server that does not support the WS-Management protocol. For more information, see the about_Remote_Troubleshooting
  Help topic.
      + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
     eption
      + FullyQualifiedErrorId : PSSessionOpenFailed
  Did a search and i think this is because i now had a different PowerShell virtual directory so if i try to connect and specify the new virtual directory name i get the same error i was getting.
  Failed to connect to any Exchange Server in the current site.
  Please enter the Server FQDN where you want to connect: DC01.mainserver/ExchPowerShell
  VERBOSE: Connecting to DC01.mainserver/ExchPowerShell
  [dc01.mainserver] Connecting to remote server failed with the following error message : The WinRM client received an HT
  TP server error status (500), but the remote service did not include any other information about the cause of the failu
  re. For more information, see the about_Remote_Troubleshooting Help topic.
      + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
     eption
      + FullyQualifiedErrorId : PSSessionOpenFailed
  Thank for all you help so far.

• Nexus 5K and 7K RADIUS Authorization with Steel Belted RADIUS

  I am attempting to provide very basic authorization via Steel Belted RADIUS for a Nexus deployment.
  Here is the code from the Nexus:
  radius-server host [server]  key [key]
  radius-server host [server]  key [key]
  ip radius source-interface mgmt0
  aaa group server radius GEN_AAA
      server [server]
      server [server]
      use-vrf management
      source-interface mgmt0
  aaa authentication login default group GEN_AAA
  aaa authentication login console group GEN_AAA
  aaa accounting default group GEN_AAA
  aaa authentication login error-enable
  On the Steel Belted RADIUS server the client is setup as a basic IOS 11.1 or later (Nexus is not an option).  The group setup for the relevant user group has a return code of:
  shell:roles*"network-admin"
  shell:priv-lvl=15
  When I authenticate from a Catalyst 6509 with IOS 12.2 the authorization based on the shell:priv-lvl works fine.  Only those users in the 'special' group have admin (lvl 15) access.
  With the Nexus gear I authenticate fine but the RADIUS user is always put in the network-operator role (default) regardless of the 'special' group shell:roles*"network-admin" return code defined.
  In other words it seems to work fine for IOS devices (Catalyst 6500 and 3750E so far) but not at all for Nexus gear.  Unfortunately I am not in a position to suggest and implement ACS or another AAA server that supports TACACS.
  Is there any way to pull this off with SBR?
  Any help is much appreciated.

  Hello Nusrat,
  I appreciate the pointer.  If I was using TACACS for AAA, authorization sets would be a consideration.  However, authorization is not permitted when using RADIUS for AAA on the Nexus platform.
  In any case I was able to resolve the issue with the assistance of the customer and their support contact at Juniper.  For the VSA feature to begin working a change to the INI file and a restart of the SBR services was required.  Placing the desired group of users in the network-admin group is functioning as desired.
  NOTE:
  In addition to the configuration in the original post the following should be added to stop any 'standard' users defined on the SBR server from logging in with network-operator privileges:
  no aaa user default-role
  If no role is provided from the RADIUS server via the Cisco-AVPAIR VSA (ex. Cisco-AVPAIR = shell:roles*network-admin) by default a Nexus box places the user in the network-operator role.  This role has complete read access on the system allowing, among other things, a read view of the configuration.  The above command stops any role mapping resulting in non-configured users / groups on the RADIUS box not being able to log in period.

• Since I downloaded Firefox 5 I cannot get the links to work for accepting or receiving gifts for Farmville & Frontiersville, what can I do

  Since I downloaded Firefox 5 I cannot get the links to work for accepting or receiving gifts for Farmville & Frontiersville, what can I do. When a request is posted on my FB page and I click on it to send or receive a gift it just shows that its "connecting" and sits there for several minutes then only sometimes actually goes to the gift. How can I fix it. My other computer that is still on firefox 4 does not have this problem.

  Hello AKBOB, if exist a problem with update or permissions then the better way is to '''download and install the new version'''.
  1. Download a copy of the latest firefox from http://www.mozilla.org/en-US/firefox/all.html
  2. '''Trash''' the current Firefox application to do a clean install.
  3. Install the version that you have downloaded.
  Do not select to remove your personal data, your profile data is stored elsewhere in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Firefox Profile Folder], so you won't lose your bookmarks or other personal data.
  see also: [https://support.mozilla.org/en-US/kb/install-firefox-mac#os=mac&browser=fx22 Installing Firefox on Mac]
  thank you

• Cookie - Bad Request - Size of a request header field exceeds server limit -

  We are on cq5.5. We see this error intermittently. What is the best way to fix this? Cookie size seems to be adding to the issue.
  Bad Request
  Your browser sent a request that this server could not understand.
  Size of a request header field exceeds server limit.
  Cookie: cq-mrss=path%3D%252Fcontent%252Fdam%26p.limit%3D-1%26mainasset%3Dtrue%26type%3Ddam%3AAsse t; __unam=acfbce4-13b8ffd6084-6070cfe6-4; __utma=16528299.1850197993.1355330446.1361568697.1362109625.3; __utmz=16528299.1355330446.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); REM_ME=1004; SessionPersistence-author-lx_qa_author2=CLIENTCONTEXT%3A%3DvisitorId%3Danonymous%2Cvisito rId_xss%3Danonymous%7CPROFILEDATA%3A%3DauthorizableId%3Danonymous%2CformattedName%3DAnonym ous%20Surfer%2Cpath%3D%2Fhome%2Fusers%2Fa%2Fanonymous%2Cavatar%3D%2Fetc%2Fdesigns%2Fdefaul t%2Fimages%2Fcollab%2Favatar.png%2Cage%3D%2Cage_xss%3D%7CTAGCLOUD%3A%3Dtopic%3Aworkflow%3D 14%2Cindustry%3Aprocess_management%3D2%2Ctopic%3Aprocess_mining%3D3%2Ctopic%3Aprocess_docu mentation%3D1%2Ctopic%3Aintelligent_capture%3D5%2Cindustry%3Acapture%3D5%2Ctopic%3Adocumen t_imaging%3D2%2Ctopic%3Adistributed_intelligent_capture%3D2%2Ctopic%3Adocument_output_mana gement%3D4%2Cindustry%3Acontent_management%3D14%2Cindustry%3Asoftware_solutions_hardware%3 D4%2Cindustry%3Adevice_management%3D2%2Ctopic%3Ahelp_desk_services%3D2%2Cindustry%3Aintera ct%3D15%2Ctopic%3Asecure_content_monitor%3D2%2Ctopic%3Aelectronic_forms%3D2%2Ctopic%3Ainte lligent_forms%3D2%2Ctopic%3Adocument_accounting%3D2%2Ctopic%3Aerp_output_management%3D2%2C topic%3Aprint_release%3D2%2Cindustry%3Aoutput_management%3D4%2Ctopic%3Aerp_printing%3D4%2C topic%3Aenterprise_search%3D4%2Ctopic%3Amicrosoft_sharepoint%3D6%2Ctopic%3Adocument_filter s%3D4%2Cindustry%3Asearch%3D4%2Ctopic%3Ahuman_services_case_management%3D2%2Cindustry%3Aca se_management%3D2%2Cindustry%3Aimprove_business_processes%3D6%2Ctopic%3Abusiness_process_m odeling%3D1%2Ctopic%3Alawson%3D1%2Ctopic%3Aapplication_integration%3D8%2Cindustry%3Asoluti on%3D4%2Ctopic%3Amicrosoft_dynamics_crm%3D2%2Cindustry%3Ahealthcare%3D13%2Cindustry%3Areta il%3D8%2Cindustry%3Abanking%3D3%2Cindustry%3Aincrease_efficiency%3D7%2Cindustry%3Agovernme nt%3D8%2Ctopic%3Amicrosoft_outlook%3D2%2Ctopic%3Aesri%3D2%2Ctopic%3Ajd_edwards%3D2%2Ctopic %3Asap%3D1%2Cindustry%3Adrive_business_growth%3D1%2Cindustry%3Abusiness_challenges%3D6%2Ci ndustry%3Aconnect_distributed_workforce%3D1%2Ctype%3Alanding_page%3D2%2Ctopic%3Aconsulting _services%3D2%2Ctopic%3Aretail_pharmacy%3D2%2Cindustry%3Aindustry_solutions%3D5%2Ctopic%3A health_information_management%3D3%2Ctopic%3Apatient_scheduling%3D3%2Ctopic%3Aclinical_depa rtment_solutions%3D3%2Ctopic%3Aclinical_hit_integration%3D3%2Ctopic%3Apatient_admissions_r egistration%3D3%2Ctopic%3Ahealthcare_forms_management%3D3%2Ctopic%3Apatient_access%3D3%2Ct opic%3Aenterprise_print_management_software%3D2%2Ctopic%3Aprint_queue_management%3D2%2Ctop ic%3Aadvanced_print_management%3D2%2Ctopic%3Aemployee_onboarding%3D3%2Ctopic%3Ahuman_resou rces%3D1%2Cindustry%3Ahuman_resources%3D3%2Ctopic%3Aemployee_recruitment%3D1%2Cindustry%3A manufacturing%3D2%2Ctopic%3Aplatform_integration%3D1%2Ctopic%3Awealth_management%3D2%2Cind ustry%3Afinancial_services%3D2%2Ctopic%3Aaccount_opening%3D2%2Ctopic%3Acompliance%3D1%2Cin dustry%3Acompliance%3D1%2Ctopic%3Abusiness_operations_solutions_for_banking%3D2%2Ctopic%3A retail_delivery%3D1%2Ctopic%3Aloan_processing%3D1%2Ctopic%3Aon_demand_negotiable_documents %3D1%2Ctopic%3Anew_account_openings%3D1%2Ctopic%3Aon_demand_forms_customer_communications% 3D1%2Cindustry%3Ainsurance%3D1%2Ctopic%3Amicr_printing%3D1%2Ctopic%3Abank_branch_capture%3 D1%2Ctopic%3Aagency_capture%3D1%7C; ys-cq-damadmin-tree=o%3Awidth%3Dn%253A240%5EselectedPath%3Ds%253A/content/dam; ys-cq-damadmin-grid-assets=o%3Acolumns%3Da%253Ao%25253Aid%25253Ds%2525253Anumberer%25255E width%25253Dn%2525253A23%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253At humbnail%25255Ewidth%25253Dn%2525253A45%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25 253Ds%2525253Atitle%25255Ewidth%25253Dn%2525253A78%25255Ehidden%25253Db%2525253A1%25255Eso rtable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Aname%25255Ewidth%25253Dn%2525253A3 37%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Apublished%25255Ewidth%2 5253Dn%2525253A37%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Amodified %25255Ewidth%25253Dn%2525253A78%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%25 25253Ascene7Status%25255Ewidth%25253Dn%2525253A78%25255Ehidden%25253Db%2525253A1%25255Esor table%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Astatus%25255Ewidth%25253Dn%2525253A 71%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Dn%2525253A8%25255Ewidth%25253Dn%2 525253A78%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Aworkflow%25255Ew idth%25253Dn%2525253A78%25255Ehidden%25253Db%2525253A1%25255Esortable%25253Db%2525253A1%25 5Eo%25253Aid%25253Ds%2525253Awidth%25255Ewidth%25253Dn%2525253A37%25255Esortable%25253Db%2 525253A1%255Eo%25253Aid%25253Ds%2525253Aheight%25255Ewidth%25253Dn%2525253A37%25255Esortab le%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Asize%25255Ewidth%25253Dn%2525253A37%25 255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Areferences%25255Ewidth%25253 Dn%2525253A199%25255Esortable%25253Db%2525253A1%5Esort%3Do%253Afield%253Ds%25253Alabel%255 Edirection%253Ds%25253AASC; amlbcookie=04; ObLK=0x82abacf3a5e3b1e2|0x1cf34305ac210c7e9b2b07e3725392e2; iPlanetDirectoryPro=AQIC5wM2LY4Sfcw0UQ2MST5NlqDAsUi2dscer0wO7VMy9pE.*AAJTSQACMDYAAlMxAAIw NA..*; renderid=rend01; login-token=c9c0d027-c5f9-4e5a-9a90-09d1cf21cfd2%3a0279e369-1689-433c-80ef-d8411040efe5_6 15c2fd1eba8fd42%3acrx.default; ys-cq-siteadmin-grid-pages=o%3Acolumns%3Da%253Ao%25253Aid%25253Ds%2525253Anumberer%25255E width%25253Dn%2525253A23%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253At humbnail%25255Ewidth%25253Dn%2525253A50%25255Ehidden%25253Db%2525253A1%25255Esortable%2525 3Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Atitle%25255Ewidth%25253Dn%2525253A386%25255Es ortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Aname%25255Ewidth%25253Dn%2525253A 148%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Apublished%25255Ewidth% 25253Dn%2525253A25%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Amodifie d%25255Ewidth%25253Dn%2525253A86%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2 525253Ascene7Status%25255Ewidth%25253Dn%2525253A86%25255Ehidden%25253Db%2525253A1%25255Eso rtable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Astatus%25255Ewidth%25253Dn%2525253 A76%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Aimpressions%25255Ewidt h%25253Dn%2525253A86%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Atempl ate%25255Ewidth%25253Dn%2525253A86%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds %2525253Aworkflow%25255Ewidth%25253Dn%2525253A86%25255Ehidden%25253Db%2525253A1%25255Esort able%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Alocked%25255Ewidth%25253Dn%2525253A8 6%25255Ehidden%25253Db%2525253A1%25255Esortable%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2 525253AliveCopyStatus%25255Ewidth%25253Dn%2525253A86%25255Ehidden%25253Db%2525253A1%25255E sortable%25253Db%2525253A1%5Esort%3Do%253Afield%253Ds%25253Atitle%255Edirection%253Ds%2525 3AASC; ys-cq-siteadmin-tree=o%3Awidth%3Dn%253A306%5EselectedPath%3Ds%253A/content/homesite/en-US /insights/video_unum-group-accelerates-workflows-with-solutions-; ys-cq-cf-clipboard=o%3Acollapsed%3Db%253A1; ys-cq-cf-tabpanel=o%3AactiveTab%3Ds%253AcfTab-Images-QueryBox; JSESSIONID=ad311ac3-7c24-4e62-ae8a-0ebacd8e8188; SessionPersistence-author-lx_qa_author1=CLIENTCONTEXT%3A%3DvisitorId%3Danonymous%2Cvisito rId_xss%3Danonymous%7CPROFILEDATA%3A%3DauthorizableId%3Danonymous%2CformattedName%3DAnonym ous%20Surfer%2Cpath%3D%2Fhome%2Fusers%2Fa%2Fanonymous%2Cavatar%3D%2Fetc%2Fdesigns%2Fdefaul t%2Fimages%2Fcollab%2Favatar.png%2Cage%3D%2Cage_xss%3D%7CGEOLOCATION%3A%3D%7CTAGCLOUD%3A%3 Dindustry%3Aconnect_distributed_workforce%3D1%2Cindustry%3Abusiness_challenges%3D1%2Cindus try%3Acontent_management%3D1%2Cindustry%3Ahealthcare%3D1%2Ctopic%3Afinance%3D1%2Ctopic%3Ap rocurement_processing%3D1%2Cindustry%3Afinancial_services%3D2%2Cindustry%3Ainsurance%3D2%2 Cindustry%3Aindustry_solutions%3D2%2Ctopic%3Aagency_capture%3D2%7C; s_cc=true; s_sq=lxmtest%3D%2526pid%253Dinsights%25253Avideo_unum-group-accelerates-workflows-with-so luti

  Hi EbodaWill,
  File daycare for fp 2324 where in you can configure & allow you to increase the request header size and avoid the bad request error OR for a package that improves client side persistence & does not use cookies.
  Thanks,
  Sham