PEAP : Machine authentication doesn't work

Similar Messages

• Time machine still doesn't work with 10.5.2

  After loading 10.5.2 I find that Time Machine still doesn't work with a new Airport Extreme Base Station (AEBS) and USB drive although I was reassured by my local Apple retail store that the fix was in the update. I should have known better. <Edited by Moderator>

  Can you explain what archive and install is please?
  I am having the same problem. Automator as soon as it starts crashes.
  I have tried reinstalling from the OS disk, repairing permissions and none of them work.
  Many Thanks
  Dafydd

• PEAP-GTC on Win 7 and 8 platforms (LDAP authentication doesn't work)

  Hi all!
  Customer is using Open LDAP as directory services.
  We're setting Cisco Wi-Fi network with following authentication scheme:
  Wireless LAN Controller - Cisco ACS 5.3 - Open LDAP
  According to the documents ACS - LDAP supports only EAP-TLS and PEAP-GTC methods.
  We need to perform username/password authentication. It works good on Apple and Android devices. But id doesn't want to authenticate Windows 7 clients.
  We're unchecking "Validate Servers certificate" in WLAN settings of Win 7 client, but it still doesn't work.
  It seems, that Windows doesn't support PEAP-GTC method. Are there any workaround to solve the issue?
  I might assume, that there could be some software plug-ins (supplicants) that can be installed on Windows and give support of PEAP-GTC. But in this case customer will face serious organizational issues of provisioning new devices.
  Please advice!
  Thank you!
  Yuriy

  In order to see PEAP EAP-GTC option on the client, you need to install EAP-GTC supplicant on the client machine.
  Check this:
  http://www.cisco.com/en/US/docs/wireless/technology/peap/technical/reference/PEAP_D.html#wp1007967
  Jatin Katyal
  - Do rate helpful posts -

• 802.1x PEAP Machine Authentication with MS Active Directory

  802.1x PEAP Machine and User Authentication with MS Active Directory:
  I have a simple pilot-text environment, with
  - Microsoft XP Client,
  - Cisco 2960 Switch,
  - ACS Solution Engine (4.1.4)
  - MS Active Directory on Win 2003 Server
  The Remote Agent (at 4.1.4) is on the same server as the MS AD.
  User Authentication works correctly, but Machine Authentication fails.
  Failed machine authenticaton is reported in the "Failed Attempts" log of the ACS SE.
  The Remote Agent shows an error:
  See Attachment.
  Without Port-Security the XP workstation is able to log on to the domain.
  Many thanks for any indication.
  Regards,
  Stephan Imhof

  Is host/TestClientMan.Test.local the name of the machine? What does the AAA tell for you the reason it fails?

• OSX and PEAP machine authentication

  We are starting to get a few OSX users in our environment, and they can't seem to authenticate to our wireless network using machine authentication with PEAP. They can bind to AD and I see the computer name in AD, but PEAP fails. Has anyone gotten this working successfully?
  The error we get in the RADIUS logs is:
  ACS has not been able to confirm previous successful machine authentication for user in Active Directory
  Thanks!

  If you configure PEAP MsChapv2 properly along with the client side, it will work and you will not get any type of error.  I run PEAP or EAP-TLS on customer environments with ACS, ISE, Microsoft Radius and other radius servers with no issues. If you look at the Apple device guide or search for supported 802.1x encryption types, you will see what type of encryption is supported. You just have to setup the radius and the back end to work.
  Scott

• Time Machine Just Doesn't Work Anymore

  I was a happy Time Machine (with Time Capsule) user for months. But it just doesn't work anymore. It takes longer than an hour to do every hourly backup so it is backing up 24 hours a day. It finds hundreds of thousands of files changed every hour and tries to back them up. Finders says only tens of files have been modified all of today. I have tried rebuilding my spotlight indexes, repairing my Time Capsule with Disk Utility and starting over with a brand new backup. But it just backs up hundreds of thousands of files every hour. So I am turning off Time capsule since it is clearly broken. If anyone has any suggestions at all I would welcome them.

  Marcia,
  Consider the following, it might give you some ideas:
  Time Machine performs backups at the file level. If a single bit in a large file is changed, the WHOLE file is backed up again. This is a problem for programs that save data to monolithic virtual disk files that are modified frequently. These include Parallels, VMware Fusion, Aperture vaults, or the databases that Entourage and Thunderbird create. These should be excluded from backup using the Time Machine Preference Exclusion list. You will, however, need to backup these files manually to another external disk.
  One poster observed regarding Photoshop: “If you find yourself working with large files, you may discover that TM is suddenly backing up your scratch disk's temp files. This is useless, find out how to exclude these (I'm not actually sure here). Alternatively, turn off TM whilst you work in Photoshop.” (http://discussions.apple.com/thread.jspa?threadID=1209412)
  If you do a lot of movie editing, unless these files are excluded, expect Time Machine to treat revised versions of a single movie as entirely new files.
  If you frequently download software or video files that you only expect to keep for a short time, consider excluding the folder these are stored in from Time Machine backups.
  If you have recently created a new disk image or burned a DVD, Time Machine will target these files for backup unless they are deleted or excluded from backup.
  Installing new software, upgrading existing software, or updating Mac OS X system software can created major changes in the structure of your directories. Time Machine will backup every file that has changed since the installation.
  Files or folders that are simply moved or renamed are counted as NEW files or folders. If you rename any file or folder, Time Machine will back up the ENTIRE file or folder again no matter how big or small it is.
  George Schreyer describes this behavior: “If you should want to do some massive rearrangement of your disk, Time Machine will interpret the rearranged files as new files and back them up again in their new locations. Just renaming a folder will cause this to happen. This is OK if you've got lots of room on your backup disk. Eventually, Time Machine will thin those backups and the space consumed will be recovered. However, if you really want recover the space in the backup volume immediately, you can. To do this, bring a Finder window to the front and then click the Time Machine icon on the dock. This will activate the Time Machine user interface. Navigate back in time to where the old stuff exists and select it. Then pull down the "action" menu (the gear thing) and select "delete all backups" and the older stuff vanishes.” (http://www.girr.org/mac_stuff/backups.html)
  *TechTool Pro Directory Protection*
  This disk utility feature creates backup copies of your system directories. Obviously these directories are changing all the time. So, depending on how it is configured, these backup files will be changing as well which is interpreted by Time Machine as new data to backup. Excluding the folder these backups are stored in will eliminate this effect.
  *Backups WAY Too Large*
  If an initial full backup or subsequent incremental backup is tens or hundreds of Gigs larger than expected, check to see that all unwanted external hard disks are still excluded from Time Machine backups.
  This includes the Time Machine backup drive ITSELF. Normally, Time Machine is set to exclude itself by default. But on rare occasions it can forget. When your backup begins, Time Machine mounts the backup on your desktop. (For Time Capsule users it appears as a white drive icon labeled something like “Backup of (your computer)”.) If, while it is mounted, it does not show up in the Time Machine Prefs “Do not back up” list, then Time Machine will attempt to back ITSELF up. If it is not listed while the drive is mounted, then you need to add it to the list.
  *FileVault / Boot Camp / iDisk Syncing*
  Note: Leopard has changed the way it deals with FileVault disk images, so it is not necessary to exclude your Home folder if you have FileVault activated. Additionally, Time Machine ignores Boot Camp partitions as the manner in which they are formatted is incompatible. Finally, if you have your iDisk Synced to your desktop, it is not necessary to exclude the disk image file it creates as that has been changed to a sparsebundle as well in Leopard.
  Let us know if any of this helps.
  Cheers!

• EA4500 guest network re-authentication doesn't work

  I have successfully set up a guest network on my EA4500. Guest laptop associates with guest SSID just fine. Then via IE, it gets prompted for the guest password, which is entered and accepted just fine. At this point guest laptop is on the network. Hooray!
  BUT... at some point the guest laptop will need to reauthenticate (I don't know what the timeout is, but maybe one or two days?). Anyway, it's at this point that IE presents the guest network login page. But now after typing in the password, "enter" or clicking on the button does nothing. It looks like the guest web page doesn't get loaded properly or completely, so the reauthentication can't complete, therefore can't get to the internet. So, while in this state, I've also tried Firefox and Chrome, and same thing, no action when trying to submit the guest password. Tried rebooting guest laptop, and still same problem. Only thing I've found so far that works is to reboot the router. So I'm guessing there's a problem with the guest/web server on the router?? It's a real pain to have to reboot the router every day or two, when I've had other Linksys routers run for months without having to touch them.
  I was running CCC 2.1.38 when I first noticed the problem. Since then I've downgraded to Classic 2.0.37, but it seems I still have the same problem. Again, I can connect & authenticate just fine initially, but when reprompted after some period of time, it doesn't work.
  I've tried contacting Cisco support, but it looks like I'm at 91 days since purchase and thus outside of my 90-day complimentary support, so they happily provided me with the premium support options just to have the honor of talking with them. Guess I shouldn't have spent so much time trying to figure this out myself.
  I've searched the forums here,but so far haven't found any answers (I do see posts where the guest web page isn't presented at all, but in my case the page is presented, just can't do anything). Anyone seen this or have any ideas?

  jaymay -- I agree there's no harm in a reset; just the time to reconfigure, reenter DHCP reservations, etc. I'll keep this as an option as I troubleshoot, but see next...
  TEXXSHARKK -- good news/bad news ... I ended up not yet resetting. Instead, since I had this problem first with CCC firmware 2.1.38 (Build 138828 - the automatically pushed update), I reverted back to Classic 2.0.37. Still same problem with guest re-authentication. Only workaround was to reboot the router. That's when I first posted.
  So, since I had the problem with both CCC and Classic firmware, I ended up going back to CCC. To do that, I needed to manually update, which is 2.1.38 (Build 138880 for web manual download only). SInce (re)updating the firmware, I haven't had a repeat of the original problem. It's been about a week now, and the guest laptop has gone through a number of re-authentications, all without problem. For continued troubleshooting, I've been periodically connecting my iPad, BlackBerry, etc, to the guest network, and they get through the authentication page just fine as well. So that's the good news in that the problem "seems" to have gone away.
  The bad news is that it's still unexplained:
  - There's what I assume is a just a minor build difference between the two CCC firmwares, so it seems unlikely that would make a difference?
  - Could be just the fact of reburning the firmware corrected whatever the problem was -- a la doing a reset, even though I didn't reconfigure, just firmware (re)update
  - Could be the problem is still there biding its time, waiting for me to think it's forever gone, only to pounce again
  If the problem does reappear, I'll update here.

• Certification authentication doesn't work on linux version of Firefox

  I have web page on IIS6 which need windows authentication. I enabled certificate mapping on certain user so when I install the proper certificate on firefox installed on Windows-based PC (I login with local user) and set network.automatic-ntlm-auth.trusted-uris variable, I can access this site without typing username and password. I tried to configure in same way firefox on my linux station, but it doesn't work - the web site access attempt finishes with authentication request windows

  I didn't

• Apex Workspace Login Works on few machines and doesn't work on others

  Hi,
  I am working on APEX 4.2, Oracle 11g R2 Database.
  select * from v$version;
  BANNER
  Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
  PL/SQL Release 11.2.0.3.0 - Production
  CORE 11.2.0.3.0 Production
  TNS for Linux: Version 11.2.0.3.0 - Production
  NLSRTL Version 11.2.0.3.0 - Production
  I created an Apex workspace ABC_XYZ/ADMIN/abcxyz
  The issue is, the login credentails work on a few machines and don't work on a few.
  Has anybody comes across this issue?
  What may be the blunder I might be doing here?
  Can someone please suggest?

  Yes, i can suggest.
  Please explain how "it doesn't work" looks like. Is there an error message? What happens when they press submit? Do they get a new session-id?
  The more Info we have, the better we can help.
  brgds,
  Peter
  get Syntax Highlighting for the Application Builder: http://apex.oracle.com/pls/apex/f?p=APEX_DEVELOPER_ADDON:ABOUT:0:::::
  Blog: http://www.oracle-and-apex.com
  ApexLib: http://apexlib.oracleapex.info
  BuilderPlugin: http://builderplugin.oracleapex.info
  Work: http://www.click-click.at and http://www.wirsindapex.at
  Fantastic Plugins for APEX: http://www.tryfoexnow.com

• ACS 4.2.1 - PEAP Machine Authentication - Hostname different from PC account name in AD

  Hello!
  I don't really know, whether this issue has been asked before.
  I have to configure PEAP Authentication with ACS 4.2.1 for Windows against Active Directory.
  ACS ist Member of AD Domain xyz.domainname. The PC account is located in an OU of xyz.domainname.
  Hosts get via DHCP a hostname as dhcp.domainname. This also is the name the machine uses for AAA request.
  User authentication works fine, because the user account also is hosted in xyz.domainname.
  The host authentication fails, because dhcp.domainname is a DNS domain only but no Windows AD subdomain.
  Does anybody knows a solution for this special constellation?
  Is it possible to strip or rewrite the domain suffix in any way during the authentication process?

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Hello Jean,
  I am guessing that you are using 802.1x wireless.
  This is a expected behaving because the AD force the computer to change his password every month and if the computer is not on the domain at that moment the computer won't take that change.
  This is a Microsoft issue and unfortunately Cisco does not have any workaround for that.
  Please see links below that explain this situation.
  http://support.microsoft.com/kb/216393/en-us
  http://support.microsoft.com/kb/904943
  Hope this helps
  Erdelgad
  Cisco CSE

• Loaded Yosemite onto mid 2011 MacBook Air. IMAP account goes offline - message - Mail cannot send your password securely to the server.  Allow insecure authentication doesn't work. Repeated reloads. No joy. Help!

  Mail cannot send your password securely to the server. You can remove this restriction in the Accounts preferences by setting “Allow insecure authentication”, which could put your password at risk.

  I have the same problem.
  Late 2012 imac 27", intel i7 core
  When I upgraded to Yosemite, suddenly my email account (netvigator POP) gives an error:
  Mail cannot send your password securely to the server. You can remove this restriction in the Accounts preferences by setting “Allow insecure authentication”, which could put your password at risk.
  I have shut down & restarted mail, but no success. If I select Allow insecure authentication, it works, but that's not a long term fix.
  I also have a hotmail POP account enabled, and that is working fine.
  What's happening Apple??
  (Long term apple family - iMac, iBooks, TimeCapsule, iPhones, iPads, AirportExpress etc etc)

• Time machine simply doesn't work...

  What's my system?
  Hardware Overview:
    Model Name:          iMac
    Model Identifier:          iMac11,1
    Processor Name:          Intel Core i5
    Processor Speed:          2.66 GHz
    Number Of Processors:          1
    Total Number Of Cores:          4
    L2 Cache (per core):          256 KB
    L3 Cache:          8 MB
    Memory:          12 GB
    Processor Interconnect Speed:          4.8 GT/s
    Boot ROM Version:          IM111.0034.B02
    SMC Version (system):          1.54f36
  External Drive:  
    Disk Description : Samsung STORY Station Media       Total Capacity : 2 TB (2,000,398,934,016 Bytes)
    Connection Bus : USB                                                         Write Status : Read/Write
    Connection Type : External                                               S.M.A.R.T. Status : Not Supported
    USB Serial Number : 00000011E0931050017E            Partition Map Scheme : GUID Partition Table
  OS version:
    OSX 10.6.8
  What errors do I see?
  Time machine always hangs after backing up ~40GB from an expected ~300GB
  Glancing at /var/log/system.log highlights things stating to go wrong with messages like this:
  Nov  6 18:01:04 iMac-GL kernel[0]:
  Nov  6 18:01:10: --- last message repeated 3 times ---
  Nov  6 18:01:10 iMac-GL com.apple.backupd[300]: Error writing to backup log.  NSFileHandleOperationException:*** -[NSConcreteFileHandle writeData:]: Input/output error
  Nov  6 18:01:10 iMac-GL com.apple.backupd[300]: Error: (-36) SrcErr:NO Copying /Users/Alex/Music/Alex/FLAC/CD Albums/Delerium - Karma (CD 1)/06-Delerium - Lamentation.flac to /Volumes/TARDIS/Backups.backupdb/iMac-GL/2011-11-06-171903.inProgress/1D3EBFC0- 1CF8-487E-A6C6-40F893C093B1/Macintosh HD/Users/Alex/Music/Alex/FLAC/CD Albums/Delerium - Karma (CD 1)
  Nov  6 18:01:10 iMac-GL com.apple.backupd[300]: Stopping backup.
  It's not repeatable in as much as the operation never fails at the same file, but the first failure message is always the same, followed by lots of I/O errors and a large number of:
  Nov6 18:22:55 iMac-GL com.apple.backupd[300]: Error: (-36) Creating directory iMac-GL <x>
  What have I tried...?
  At every stage before trying any workaround I have reformatted the external HD, Yes it's HFS+, Yes it's journalled, Yes, it has the appropriate GUID set.
  I've removed the external drive itself from being backed up in the time machine preferences.
  I've removed system files and applications from the backup.
  I've disabled spotlight from monitoring/searching the external drive.
  I've verified, repaired, and repaired permissions on all drives - trust me, exhaustiively - including the main HD by booting from the OSX installation disc.
  I've tried different external hard drives....
  Can anyone offer any advice, or should I stop wasting my time with time machine and just schedule my own rsync????

  Hi Pondini,
  Many thanks for taking the time to reply.  The link you posted is a useful one too - sadly I've tried every step listed there - methodically too.
  I've tried (and seen failures with) another Samsung Story 2TB drive, a Toshiba 1TB drive and a Maxtor 500GB drive.  All drives have had no other data on them - with a single HFS+ partition dedicated to Time Machine.
  I'll try giving it a go with pointing Time Machine to my QNAP NAS (it claims dedicated support for TM) and let you know how that goes - but I really wanted TM to work with a stand-alone external drive.
  My suspicions mirrored your own - and I was inclined to blame the external drive.  So I tried a few things to try to eliminate it as a culprit:
       - this is one of three 2TB Story drives I have, I soak-tested all of these with my own rsync tasks and had no errors.
       - I've tried different cables, (all that worked faithfully with my rsync jobs), and have ensured that the drive is the only USB peripheral connected (directly) to the machine.
       - Configured a daemon to touch a file on the external drive every 5 minutes (I did this when I suspected that the drive may be 'sleeping' - it wasn't and the daemon made no difference - I disabled it after this experiment).
       - ran the drive off a bench PSU for all of these tests.
  After all of this I now suspect the TM software/OSX...

• Urgent help: why smtp authenticator doesn't work ?

  Please help me :
  My smtp server authenticates me whether a valid user when I send email. I have had setup an authenticator as following :
  //Setup authenticator
  Authenticator auth = new SMTPAuthenticator();
  // Get session
  Session session = Session.getDefaultInstance(props, auth);
  class SMTPAuthenticator extends Authenticator
  public PasswordAuthentication getPasswordAuthentication()
  String username="userid";
  String password="passwd";
  return new PasswordAuthentication(username, password);
  But It still prompted error with noting me:" login fail, this smtp server authentication required ".What's the problem?
  I'm a valid user in this smtp server. and the userid and passwd has no error, for it worked well when I used them to setup win2000 outlook express.
  I also tried to used authenticated javax.mail.Service's connect .
  Transport transport = session.getTransport("smtp");
  transport.connect(smtphost, username, password);
  transport.sendMessage(message, message.getAllRecipients());
  transport.close();
  but it didn't work yet ! If I use Authenticator ,is it still necessary to use connect(smtphost, username, password) ?
  Urgently, Please help me, any source code practising well with authenticating smtp server , please send it to [email protected]
  Thanks

  Just use " props.put("mail.smtp.auth", "true");"

• Proxy authentication doesn't work with JSSE

  Hello,
  Seems like there is no common way to authenticate with proxy for HTTP and HTTPS.
  Connecting to http://... - works fine, but https://... returns error message:
  Unable to tunnel through 111.111.111.111:8080. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"
  (IP address is intentionally changed in the message above)
  I'm using JSSE with VAJ JDK 1.2 and here is a Java code snippet that works well with HTTP connections:
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.setProperty("java.protocol.handler.pkgs",
  "com.sun.net.ssl.internal.www.protocol");
  System.setProperty("https.proxyHost", proxyHost);
  System.setProperty("https.proxyPort", proxyPort);
  System.setProperty("http.proxyHost", proxyHost);
  System.setProperty("http.proxyPort", proxyPort);
  try {
  URL url = new URL("https://www.sun.com");
  URLConnection connection = url.openConnection();
  String authString = proxyUserID + ":" + proxyPasswd;
  String encodedAuthString =
  "Basic " + new sun.misc.BASE64Encoder().encode(authString.getBytes());
  connection.setUseCaches(false);
  connection.setRequestProperty("Proxy-authorization", encodedAuthString);
  Listening to the network traffic helped me to understand that there is a difference between the way HTTP and HTTPS is handled. For some reason HTTPS ignores all the headers that I specify using setRequestProperty().
  Here is example of request and responses sent by HTTPS handler:
  Request:
  CONNECT 198.175.98.32:443 HTTP/1.0
  User-Agent: JSSE
  Proxy response:
  HTTP/1.0 407 Proxy Authentication Required
  Date: Wed, 07 Nov 2001 22:04:11 GMT
  Content-Length: 233
  Content-Type: text/html
  Server: NetCache (NetApp/5.1R2D4)
  Proxy-Authenticate: basic realm="NETCACHE2"
  Please note that there is no Proxy-authorization header in the request above.
  Compare it with HTTPS request sent by Netscape browser:
  Request to proxy:
  CONNECT www.sun.com:443 HTTP/1.0
  Proxy-authorization: Basic am0vbDphrGxHa22lLg==
  User-Agent: Mozilla/4.76 [en] (Windows NT 5.0; U)
  Response:
  HTTP/1.0 200 Connection established
  Proxy-Agent: NetCache NetApp/5.1R2D4
  So, the question is:
  What is the best way to pass "Proxy-authorization" header to proxy server??
  Thanks in advance for your time.

  Hi Guys,
  Just like, i assume, all of you, i've had my battles with javas' handling of https comms from behind a firewall. I'm actually amazed at how something that is a simple combination of protocol and security should become so messy.
  Luckily , i managed to get all my requirements met, but the sad thing is after all that hard work, i'm not much closer to understanding why the standard java sdk (im using 1.4) forces us to endure such painful tasks.
  Really, Java is quite a mature language now, and one of its touted benefits is its applicability to web and internet technologies... so why the messy proxy code when dealing with ssl?
  Anyway, i didn't really come here to b**tch, but rather to point you all to a handy library from apache - httpClient - http://jakarta.apache.org/commons/httpclient.
  After implementing ssl proxy tunnelling and all the fun that goes with it, i found this tool, and subsequently deleted all that ugly code, and let http client deal with all that for me.
  Its seriously simple, heres a snippet:
  httpClient = new HttpClient();
  httpClient.setTimeout(responseTimeoutMillies);
  Protocol myHttps = new Protocol("https", new SSLContextBasedSocketFactory(sslContext), targetServerPort);
  httpClient.getHostConfiguration().setHost(targetServerHost, targetServerPort, myHttps);
  if (useProxy)
       httpClient.getHostConfiguration().setProxy(proxyHost, proxyPort);
          httpClient.getState().setProxyCredentials("my-proxy-realm", proxyHost, new UsernamePasswordCredentials(proxyUser, proxyPassword));
  }This initialises the client, and after this, making http requests is simple:
  String response = null;
  PostMethod postMethod = new PostMethod("/secure/blah.jsp"); // A HTTP Post
  postMethod.setRequestBody("Hello there"); // this is the data in the http post body
  int responseCode = httpClient.executeMethod(postMethod);
  if(responseCode == 200)
      response = postMethod.getResponseBody();...
  As you can see, its alot less painful. It certainly makes me feel better, knowing i don't have to support/maintain the ugly proxy tunnelling code. Give it a shot on your next project.
  Hope it helps.
  Regards
  Marcus Eaton

• Client Certificate authentication doesn't work

  Hi there,
  I want to use client authentication to log on to a SAP WebAS ABAP. I did everything as described in Gregor Wolfs Blog: Setup Authentication with Client Certificates for the Sneak Preview SAP NetWeaver 04 ABAP Edition on Windows
  (my system is not a sneak preview and it is based on Linux).
  When I call a BSP application, I can choose the client certificate in the browser, and everything seems to work. But at the end, the basic authentication dialog appears.
  In the dev_icm trace, I can see, that there is a user extracted from the DN of the certificate. In the HTTP access log, the user is logged on.
  All certificates are valid, no problem found.
  Exept the view VUSREXTID didnt work, the user in the HTTP access log was always the one from the DN, not the mapped one. But both are valid.
  Any idea?
  Thank you,
  Erik

  Did you map the certificate and user in the transaction 'extid_dn' ?
  Because the 'normal' pop-up for username and password is opened when the system cannot find a user mapped to the certificate...
  Felix