PPP CHAP re-authentication timer , detectable ?
I think PPP with CHAP has an interval or periodic timer that triggers a re-authentication.
I cannot find a timer setting to set the interval.
Neither can i find a show command that will show me the timer.
If this is a randomized timer, then it is clear that it is not showing these timers, but..
How would i be able to DETECT when a re-authentication has happened ? How long should i monitor a CPE to check if a CHAP re-authentication has happened ?
I am using these debugs:
PPP authentication debugging
PPP protocol negotiation debugging
PPPoE protocol events debugging
but has not seen a CHAP event yet.
The setup is a 1006 as BRAS with SB-radius, 867VAE and other Cisco DSL clients using PPPoE.
So my Q's;
- is CHAP re-authentication detectable ? how ? what average timers ?
- Is the interval settable ? how
Include on the ppp authentication ms-chap, and enable the same on the radius server.
Similar Messages
-
Hello,
I am trying to understand the purpose of the "ppp chap password "command in dialer and ISDN interface configurations, i.e., what is the reason and usage of this. Unfortunately, looking into IOS command guides and references did not help me much.
My understanding is, if a router receive a challange, and that hostname/password is not defined locally, chap will use 'ppp chap password ' to generate a hash. Please correct if i'm wrong.
Therefore in this case, if i tried putting this cmd in both routers without username/password defined, ppp should pass the authentication. But its not.
Anyone can reply.Hi Friend,
CHAP authentication, on the other hand, periodically verifies the identity of the remote node using a three-way handshake.
After the PPP link is established, the host sends a "challenge" message to the remote node.
Remember the remote node responds with a value calculated using a one-way hash function.
The host checks the response against its own calculation of the expected hash value.
If the values match, the authentication is acknowledged; otherwise, the connection is terminated.
So if you do not have hostname and passwword defined at the remote end it will perform a hash function and that value will not at all match with the sending host generated value so the connection will be terminated.
And that is the reason for CHAP authentication to have a secure authentication for establishing a conenction.
HTH, if yes please rate the post.
Ankur -
Time detection is broken in Mac OS 10.9.1.
Time detection is broken in Mac OS 10.9.1. I'm living in Minsk (GMT +3). Time zone detects correctly, updating time from servers is turned on. But time is always leads +3 hours. How to fix it? Maybe time settings conflics with Windows 7?
Set" TimeZone Support" to OFF.
-
Authentication time-outs and delays
hello
we have got a scenario which our enterprise environment discovered as authentication time-outs and delays , the all authentication is NTLM only , we also using many devices such as smartphone and other moiled components ,any option or way to get fix
that kind of issue
thanks in advanced
ivan bikmbauerOn Mon, 25 Aug 2014 11:37:47 +0000, Shuki Noy wrote:
ask me security question
but ask something very complicated
This has nothing to do with your technical knowledge, the issue here is
that you're artificially attempting to increase your forum points by
creating fake profiles, posting "questions", posting responses using your
own profile and then using the fake profiles to mark your own responses as
"answers".
I am not going to continue this discussion in the forum as it is off-topic
and wastes everyone's time.
I notice that you didn't answer my questions about your TechNet Gallery
contributions.
If you want to continue this discussion then you can do so over email. My
email address is pkadare @ gmail.com
Paul Adare - FIM CM MVP
"Quoted-Printable: a standard for mangling Internet messages
Quoted-Unreadable: the result of applying said standard
Unquoted-Unprintable: the comments from the recipients of the above" -- bf8 -
Slow authentication time for new BM 3.7 Radius server
Hi,
We are runnign BM 3.7 Radius, authentication only and it works fine on the
original box. I have to decomssion that box and have configured a new server
to replace it. The problem is on the new server the authentication time goes
from 1 sec (from request accepted to logging start on the radius screen) to
20 secs. this is dropping some of our remote clients off. Any idea what is
the problem?
Servers are NW 6 Sp3, BM3.7 Sp2.
I have been searching all day and can't find anything on it.
many thanks,
Gawain :)Replica placement?
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com *** -
iTunes U has just started rejecting our authentication credentials, debug shows that the credentials are valid but originated too far in the past. We understand there is a 90 second time window. We seem to be within a few seconds of Apple's time server.
Bumping the time ahead by one minute on our server allows the scripts to start working... but then fail again (like the next day)
Is it possible that the server that generates our tokens on Apple's side might be out of phase?
Any help would be appreciated.
thanks
dbI don't want to rule out the possibility that Apple's clocks are out-of-phase ... but if what you're describing were happening at our site, I would so totally think it a problem with our clocks. The reason is that such a wide variety of computers hook up with Apple ... we probably all sink or swim together on this.
But hey, lessay there is some kind of problem with Apple's iTunes U clock. A sneaky, sneaky way of fixing it would be to tell your server to use Apple's NTP server as it's NTP server. That way, if Apple's clock is wrong, yours will be wrong by the same amount.
NTP to time.apple.com -
Prince Of Persia Sands Of Time Detection
I Have an MSI GForce4 MX440 with AGP 8x 64MB. i just bought Prince of persia sands of time, and the game is not detecting my graphics card. ive tried installing the latest drivers from MSI. but there is no difference. the game requires a GForce 3 equivalent card as minimum. so i dont understand why it isent detecting the gfx card. My system specs are given below. Could someone please please please help me out here.
Source
Your computer
must meet or exceed these minimum requirements:
Operating System: Windows 98 SE/ 2000/ ME/ XP (ONLY)
Processor: 800 MHz Pentium III or AMD Athlon
Memory: 256 MB of RAM
Video Card: 64 MB GeForce 3 or higher, or ATI Radeon 8500 or higher,
Matrox Parhelia. (GeForce4 MX not supported)
Sound Card: DirectX 9.0 or higher compatible sound card
DirectX: Versions 9.0 or higher (included on game disc)
Hard Drive Space: 1.5 GB minimum hard drive space
CD-ROM: 16X or better (not recommended for use with CD-RWs)
Additional Supported Peripherals: ThrustMaster FIRESTORM Dual Analog
3
Controls: Windows-compatible keyboard and
mouse -
Password window for authentication times out...
Hey all, I tried to get some responses on this last year, with no success so I am trying again.
I have not been able to install software updates for many months. When I select "Install updates", my authentication [password] window pops up. I can not get a blinking icon in the password window, nor will it let me type. I just get the pinwheel and after about 8 seconds, the window closes.
I have tried rebooting, booting with startup disc, ctrl + apple + R + P reboot 3 times, etc.
Was told to install Snow Leopard and so I bought it today. BUT, to install it, yep, I need to enter my password which it will not allow me to do.
Any help is greatly appreciated!Sorry to hear you got no responses, let's see what we can do here now!
Could be many things, but it's best to start with these two steps, which may fix it also...
"Try Disk Utility
1. Insert the Tiger Mac OS X Install disc , then restart the computer while holding the C key.
2. When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu. (In Mac OS X 10.4 or later, *you must select your language first.)*
*Important: Do not click Continue in the first screen of the Installer. If you do, you must restart from the disc again to access Disk Utility.*
3. Click the First Aid tab.
4. Click the disclosure triangle to the left of the hard drive icon to display the names of your hard disk volumes and partitions.
5. Select your Mac OS X volume.
6. Click Repair. Disk Utility checks and repairs the disk."
Then Safe Boot , (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, reboot when it finishes.
Safe Boot... holding Shift key down at bootup. Safe Boot is a special way to start Mac OS X 10.2 or later when troubleshooting.
How do I reset a Mac OS X Keychain Password?...
http://www.tech-faq.com/reset-mac-os-x-keychain-password.shtml
http://support.apple.com/kb/HT1631
Open Keychain Access in Utilities, use Keychain First Aid under the Menu item.
Resetting your keychain in Mac OS X...
If Keychain First Aid finds an issue that it cannot repair, or if you do not know your keychain password, you may need to reset your keychain.
http://support.apple.com/kb/TS1544
Drag this file to the desktop and reboot...
/Users/YourUserName/Library/Preferences/com.apple.keychainaccess.plist
Mac OS X 10.4: Keychain Access asks for keychain "login" after changing login password...
http://support.apple.com/kb/HT1631
Re: Keychain is no longer able to update itself when I upgrade an application...
http://unsanity.org/archives/2007_01.php
Posted: Apr 15, 2009 3:18 PM in response to: Andrew Nellis
I found a solution to my problem via Google: <http://unsanity.org/archives/2007_01.php>. The problem the author describes sounds more or less exactly like the problem I was having. I followed his solution of deleting my var/db/CodeEquivalenceDatabase file, and everything seems to be going smoothly. -
Performance hit implementing last authentication time (pwdKeppLastAuthTime)
I have a DSEE 6.1 installation running on solaris 10.
There are about 100 users in the directory, but soon to have another 3000 added as it is properly productionized.
I notice there is a warning that pwdKeepLastAuthTime feature is not activated by default as it adds an update for each successful bind operation.
I wanted to enable this so set:
dsconf set-server-prop pwd-keep-last-auth-time-enabled:on
This has resulted in the db size <instance>/db increasing 100 fold from ~10mb to ~1gb.
The memory size is now at ~800mb.
Is this expected behaviour?/opt/ds/db" > ls -l
total 137126
-rw------- 1 nobody nobody 24576 Oct 31 09:21 __db.001
-rw------- 1 nobody nobody 10264576 Nov 13 00:53 __db.002
-rw------- 1 nobody nobody 41951232 Nov 13 00:53 __db.003
-rw------- 1 nobody nobody 1572864 Nov 13 00:53 __db.004
-rw------- 1 nobody nobody 11313152 Nov 13 00:53 __db.005
-rw------- 1 nobody nobody 65536 Nov 13 00:53 __db.006
-rw------- 1 nobody nobody 38 May 31 16:16 DBVERSION
-rw------- 1 nobody nobody 10485760 Nov 13 09:02 log.0000001204
drwx------ 2 nobody nobody 1536 Sep 6 12:07 zeus
"/opt/ds/db" > du -sk *
24 __db.001
10032 __db.002
41000 __db.003
1544 __db.004
11056 __db.005
64 __db.006
1 DBVERSION
4904 log.0000001204
1339315 zeus
opt/ds/db/zeus" > ls -l
total 2678626
-rw------- 1 nobody nobody 1369350144 Nov 13 09:03 cl5dc_zeus_dc_ghsewn_dc_com463ff1cb000000010000.db3
-rw------- 1 nobody nobody 38 Jun 1 11:55 DBVERSION
-rw------- 1 nobody nobody 16384 Jun 21 12:47 zeus_aci.db3
-rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_ancestorid.db3
-rw------- 1 nobody nobody 81920 Oct 31 09:37 zeus_cn.db3
-rw------- 1 nobody nobody 32768 Oct 31 09:37 zeus_entrydn.db3
-rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_gidnumber.db3
-rw------- 1 nobody nobody 909312 Nov 13 09:03 zeus_id2entry.db3
-rw------- 1 nobody nobody 16384 Aug 10 14:52 zeus_nisnetgrouptriple.db3
-rw------- 1 nobody nobody 16384 Nov 7 09:38 zeus_nscpEntryDN.db3
-rw------- 1 nobody nobody 16384 Jun 1 11:57 zeus_nsds5ReplConflict.db3
-rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_nsRoleDN.db3
-rw------- 1 nobody nobody 40960 Nov 7 09:38 zeus_nsuniqueid.db3
-rw------- 1 nobody nobody 16384 Jun 13 11:26 zeus_numsubordinates.db3
-rw------- 1 nobody nobody 24576 Nov 7 09:38 zeus_objectclass.db3
-rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_parentid.db3
-rw------- 1 nobody nobody 16384 Nov 11 16:18 zeus_pwdaccountlockedtime.db3
-rw------- 1 nobody nobody 16384 Nov 12 15:00 zeus_pwdfailuretime.db3
-rw------- 1 nobody nobody 16384 Nov 9 11:46 zeus_pwdgraceusetime.db3
-rw------- 1 nobody nobody 16384 Jun 20 16:07 zeus_sn.db3
-rw------- 1 nobody nobody 16384 Jun 20 09:50 zeus_sudoUser.db3
-rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_uid.db3
-rw------- 1 nobody nobody 16384 Oct 31 09:37 zeus_uidNumber.db3
-rw------- 1 nobody nobody 16384 Oct 24 13:03 zeus_vlv#zeusghsewncomgetgrent.db3
-rw------- 1 nobody nobody 16384 Aug 10 14:52 zeus_vlv#zeusghsewncomgetngrpent.db3
-rw------- 1 nobody nobody 16384 Nov 13 08:57 zeus_vlv#zeusghsewncomgetpwent.db3
-rw------- 1 nobody nobody 16384 Nov 13 08:57 zeus_vlv#zeusghsewncomgetspent.db3
"/opt/ds/db/zeus" > du -sk *
1337920 cl5dc_zeus_dc_ghsewn_dc_com463ff1cb000000010000.db3
1 DBVERSION
16 zeus_aci.db3
16 zeus_ancestorid.db3
80 zeus_cn.db3
32 zeus_entrydn.db3
16 zeus_gidnumber.db3
896 zeus_id2entry.db3
16 zeus_nisnetgrouptriple.db3
16 zeus_nscpEntryDN.db3
16 zeus_nsds5ReplConflict.db3
16 zeus_nsRoleDN.db3
40 zeus_nsuniqueid.db3
16 zeus_numsubordinates.db3
24 zeus_objectclass.db3
16 zeus_parentid.db3
16 zeus_pwdaccountlockedtime.db3
16 zeus_pwdfailuretime.db3
16 zeus_pwdgraceusetime.db3
16 zeus_sn.db3
16 zeus_sudoUser.db3
16 zeus_uid.db3
16 zeus_uidNumber.db3
16 zeus_vlv#zeusghsewncomgetgrent.db3
16 zeus_vlv#zeusghsewncomgetngrpent.db3
16 zeus_vlv#zeusghsewncomgetpwent.db3
16 zeus_vlv#zeusghsewncomgetspent.db3 -
Why can't I use remote router's name for CHAP authentication - ISDN
Hello there,
I've got a problem: we have sent ISDN router to client, but now it looks like we can't connect to it, it says :
18w3d: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 0555555555
*Jul 7 07:55:13.735: BR0:1 PPP: Treating connection as a callout
*Jul 7 07:55:13.735: ISDN BR0: Event: Connected to 0555555555 on B1 at 64 Kb/s
*Jul 7 07:55:13.739: ISDN BR0: TX -> CONNECT_ACK pd = 8 callref = 0x52
*Jul 7 07:55:13.810: BR0:1 PPP: Phase is AUTHENTICATING, by the peer
*Jul 7 07:55:14.012: BR0:1 CHAP: I CHALLENGE id 134 len 32 from "router1"
*Jul 7 07:55:14.016: BR0:1 CHAP: Ignoring Challenge with local name
18w3d: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 0555555555
*Jul 7 07:55:23.845: BR0:1 CHAP: I CHALLENGE id 135 len 32 from "router1"
*Jul 7 07:55:23.849: BR0:1 CHAP: Ignoring Challenge with local name
*Jul 7 07:55:33.860: BR0:1 CHAP: I CHALLENGE id 136 len 32 from "router1"
*Jul 7 07:55:33.864: BR0:1 CHAP: Ignoring Challenge with local name
*Jul 7 07:55:43.876: BR0:1 CHAP: I CHALLENGE id 137 len 32 from "router1"
*Jul 7 07:55:43.880: BR0:1 CHAP: Ignoring Challenge with local name
*Jul 7 07:55:53.895: BR0:1 CHAP: I CHALLENGE id 138 len 32 from "router1"
why does it not allow connection with hostname as router's one ? What else can I do to connect to it remotely ?
Thanks,
AlexOK, I understand the problem, and I think I can propose a procedure that will yield a solution. But first I need to know:
1. Which of the routers do you have access to locally, and do you know all the configured passwords?
2. On the remote router (the one you do not have physical access to), is it configured in such a way that once you do get the call up and running, you can configure it via telnet?
3. Do you know the ISDN dialer string to dial from your normally-called to your normally-calling?
Kevin Dorrell
Luxembourg -
L2TP / CHAP Authentication Faliure OS X Server Yosemite 10.10.1
Hello everyone, I saw this problem come up in older versions of server and solutions revolved around group manager but its not available for Yosesmite.
Here is the log I get
Fri Jan 23 02:05:24 2015 : L2TP incoming call in progress from '192.168.0.13'...
Fri Jan 23 02:05:24 2015 : L2TP received SCCRQ
Fri Jan 23 02:05:24 2015 : L2TP sent SCCRP
Fri Jan 23 02:05:24 2015 : L2TP received SCCCN
Fri Jan 23 02:05:24 2015 : L2TP received ICRQ
Fri Jan 23 02:05:24 2015 : L2TP sent ICRP
Fri Jan 23 02:05:24 2015 : L2TP received ICCN
Fri Jan 23 02:05:24 2015 : L2TP connection established.
Fri Jan 23 02:05:24 2015 : using link 0
Fri Jan 23 02:05:24 2015 : Using interface ppp0
Fri Jan 23 02:05:24 2015 : Connect: ppp0 <--> socket[34:18]
Fri Jan 23 02:05:24 2015 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x359a7585> <pcomp> <accomp>]
Fri Jan 23 02:05:24 2015 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xd74787e> <pcomp> <accomp>]
Fri Jan 23 02:05:24 2015 : lcp_reqci: returning CONFACK.
Fri Jan 23 02:05:24 2015 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xd74787e> <pcomp> <accomp>]
Fri Jan 23 02:05:27 2015 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x359a7585> <pcomp> <accomp>]
Fri Jan 23 02:05:27 2015 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x359a7585> <pcomp> <accomp>]
Fri Jan 23 02:05:27 2015 : sent [LCP EchoReq id=0x0 magic=0x359a7585]
Fri Jan 23 02:05:27 2015 : sent [CHAP Challenge id=0x66 <0e68752c580b611f2a31274224020b62>, name = "Balazs-Toths-MacBook-Pro.local"]
Fri Jan 23 02:05:27 2015 : rcvd [LCP EchoReq id=0x0 magic=0xd74787e]
Fri Jan 23 02:05:27 2015 : sent [LCP EchoRep id=0x0 magic=0x359a7585]
Fri Jan 23 02:05:27 2015 : rcvd [LCP EchoRep id=0x0 magic=0xd74787e]
Fri Jan 23 02:05:27 2015 : rcvd [CHAP Response id=0x66 <fd352d7f198c134b3a976260b88a9dd70000000000000000eaaf1a981aea56bf7c083a9a2f8935 ce580d3b2c532da72700>, name = "testuser"]
Fri Jan 23 02:05:27 2015 : sent [CHAP Failure id=0x66 ""]
Fri Jan 23 02:05:27 2015 : CHAP peer authentication failed for testuser
Fri Jan 23 02:05:27 2015 : sent [LCP TermReq id=0x2 "Authentication failed"]
Fri Jan 23 02:05:27 2015 : Connection terminated.
Fri Jan 23 02:05:27 2015 : L2TP disconnecting...
Fri Jan 23 02:05:27 2015 : L2TP sent CDN
Fri Jan 23 02:05:27 2015 : L2TP sent StopCCN
Fri Jan 23 02:05:27 2015 : L2TP disconnected
2015-01-23 02:05:27 CET --> Client with address = 192.168.1.1 has hungup
I get the same error when trying to log in with the admin.
All help is appreciated!
Thank youWhen using klist, do you get an entry where the principal starts with imap?
In Server.app, what authentication option(s) do you have selected for Mail?
Tim
p.s., I see I was wrong and you actually had commented on another thread. Please start a new thread for your situation. -
Forcing successful chap authentication for old tacacs users
We have a NT4.0 tacacs+ ACS server that we want to turn off, permitting connections with blank usernames and passwords (or fictious). Our clients actually connect to us via PPP/ISDN with a username/password pair, in chap. Is it possible to disable ppp chap processing from our IOS 12.2 3600, forcing an always-true auth? The command "aaa authentication ppp default none" permits Windows RAS users to authenticate with every username/password, but Cisco users cannot complete the PPP LCP phase.
Pierluigi
I am not understanding well your problem. If you do not want to authenticate then it seems that aaa authentication ppp default none should achieve that, unless you have configured some different authentication method for your PPP. Perhaps if you post the configuration of the router we might be better able to identify the issue.
It might also be helpful to have the output of debug ppp negotiation and debug ppp authenticat.
HTH
Rick -
ISE 1.2 Authentication Failures at First time Connection
Hi,
I have a trouble with ISE 1.2 when trying to authenticate for first time an end-device, this device might be either a Workstation or IP Phone or Printer,etc. it fails or staying in running mode. The result is the same it can not access the network. hopefully I'm still in open mode :)
As i described in the beginning everything has status Running or Authz Failed. and after a time of period usually one day finally succeeds.
This happens mostly for workstations and printers, but in case of phones does not have the same behavior. I unplug plug the phones or I shut/ no shut the ports in order to trigger it to succeed. For some phones worked but other obstinately declined.
The phones which are not Cisco phones authenticated with MD5 (a simple username and pass ) i think the problem should not related with the auth protocol.
Below are some logs from one phone. For me coming to a short conclusion this must be related with the switches which are 3750e (15.02 SE 4 IOS)
or with the same the ISE, why because i have almost the same behavior for all end-devices.
I kindly remain your comments...
2169669: Apr 16 18:02:20.573 EEST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/35, changed state to up
2169670: Apr 16 18:02:20.783 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3ddf) on Interface Gi1/0/34 AuditSessionID 0A114D0D0000D5E8855C01DE
2169671: Apr 16 18:02:20.791 EEST: %AUTHMGR-7-RESULT: Authentication result 'timeout' from 'dot1x' for client (0080.9f7d.3ddf) on Interface Gi1/0/34 AuditSessionID 0A114D0D0000D5E8855C01DE
S301#
2169672: Apr 16 18:02:20.992 EEST: %AUTHMGR-5-START: Starting 'dot1x' for client (0080.9f7d.3ddf) on Interface Gi1/0/34 AuditSessionID 0A114D0D0000D5F0855DE0EF
2169673: Apr 16 18:02:21.580 EEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to up
S301#
2169674: Apr 16 18:02:24.289 EEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to down
S301#
2169675: Apr 16 18:02:25.288 EEST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/35, changed state to down
2169676: Apr 16 18:02:26.269 EEST: %AUTHMGR-5-START: Starting 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169677: Apr 16 18:02:26.294 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169678: Apr 16 18:02:26.294 EEST: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169679: Apr 16 18:02:26.303 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169680: Apr 16 18:02:26.303 EEST: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169681: Apr 16 18:02:26.319 EEST: %DOT1X-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169682: Apr 16 18:02:26.319 EEST: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169683: Apr 16 18:02:26.319 EEST: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169684: Apr 16 18:02:26.319 EEST: %AUTHMGR-5-START: Starting 'mab' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169685: Apr 16 18:02:26.328 EEST: %MAB-5-FAIL: Authentication failed for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169686: Apr 16 18:02:26.328 EEST: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169687: Apr 16 18:02:26.328 EEST: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
2169688: Apr 16 18:02:26.328 EEST: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
S301#
2169689: Apr 16 18:02:26.336 EEST: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (0080.9f7d.3e6f) on Interface Gi1/0/35 AuditSessionID 0A114D0D0000D5F1855DF3BE
S301#
2169690: Apr 16 18:02:27.737 EEST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/35, changed state to up
2169691: Apr 16 18:02:28.744 EEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to up
Regards
T.CI'm not using authentication method with certificates for none end-devices
Workstations with the windows default authentication protocol EAP/MSCHAPv2
In front of them there are non Cisco IP-phones with auth. method EAP/MD5
Finally I also have some printers again with option EAP/MD5
For all of these devices I received the same behavior, after many hours finally the authenticated with ISE. But is this the expected behavior?
What I understand is that if the devices finally authenticated then it means that there isn’t anything wrong with the method.
The misunderstanding points are 3
Why there is so much delay for all devices to authenticate?
Why some devices, mostly IP phones (not all) continuing to fail to the authentication method. All my devices are identical with the same software / patch, same model etc.
I have noticed randomly some devices one moment to succeed and the next moment to failed
So for my understanding there is an abnormal behavior and i cannot find the way /pattern to correct it or to understand the reason :)
Port config
switchport access vlan xxx
switchport mode access
switchport voice vlan yyy
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan xxx
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
no cdp enable
spanning-tree portfast
result template
Switch#sh auth sess int g1/0/46
Interface: GigabitEthernet1/0/46
MAC Address: xxxx.xxxx.xxxx
IP Address: xx.xxx.xx.xxx
User-Name: xxxxxxxxxxxx
Status: Authz Failed
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A114D0A00001972016208E1
Acct Session ID: 0x00001BB7
Handle: 0x6D0009B6
Runnable methods list:
Method State
dot1x Failed over
mab Failed over -
Hello,
To make real time detection more effective,
how to find the Cisco device alert pattern for real time detection of attack?
For example, SQL slammer worm, Cisco IDS will fire its related/specific signature. For any Trojan activity IDS will fire specific signature.
But how to find a signature patter, or packet pattern for session hijack, ip spoofing and other IP based attacks? (not related to applications)
Is there any knowledge source, which can show traffic/packet pattern generated by IP based attacks/protocol behavior in attack? What kind of alerts for what kind of attack, sequence of alerts, etc.
I am using netForensics for real time threat detection; I want to make some rules which will match the IP behavior/IDS signature generation pattern in progressing attack.
I am looking for such kind of knowledge base, if any one have experience in this please help me out.
Regards
Kapishhi, that was a cool link.
But it didnt show any information on attack progress, stages of attack and alert pattern that normal Cisco IDS will generate for the same.
I am looking for deep analytical information, which will show me how to correlate alerts manually. I am using netForensics, I want to make rules in it for IDS and PIX using my understanding to find attack at its point of progress.
regards
Kapish -
VPN - CHAP authentication failed
I am currently running a Mac mini server with 10.8.2 installed. I can connect to my VPN when connected to the internal network with the same credentials I'm trying when connecting externally, however I am not able to connect externally. The VPN server log says...
Wed Jan 9 19:05:45 2013 : PPTP incoming call in progress from 'XXX.XXX.XXX.XXX'...Wed Jan 9 19:05:45 2013 : PPTP connection established.
Wed Jan 9 19:05:45 2013 : using link 0
Wed Jan 9 19:05:45 2013 : Using interface ppp0
Wed Jan 9 19:05:45 2013 : Connect: ppp0 <--> socket[34:17]
Wed Jan 9 19:05:45 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
Wed Jan 9 19:05:45 2013 : rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x76af3698> <pcomp> <accomp>]
Wed Jan 9 19:05:45 2013 : lcp_reqci: returning CONFACK.
Wed Jan 9 19:05:45 2013 : sent [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x76af3698> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : sent [LCP EchoReq id=0x0 magic=0x41729571]
Wed Jan 9 19:05:48 2013 : sent [CHAP Challenge id=0xcc <1b0470764c2477634532244f7056405b>, name = "server.robertsteeter.private"]
Wed Jan 9 19:05:48 2013 : rcvd [LCP ConfReq id=0x2 <mru 1400> <asyncmap 0x0> <magic 0x5fbceae0> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : sent [LCP ConfReq id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x772dcec9> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : lcp_reqci: returning CONFACK.
Wed Jan 9 19:05:48 2013 : sent [LCP ConfAck id=0x2 <mru 1400> <asyncmap 0x0> <magic 0x5fbceae0> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x41729571> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x772dcec9> <pcomp> <accomp>]
Wed Jan 9 19:05:48 2013 : sent [LCP EchoReq id=0x0 magic=0x772dcec9]
Wed Jan 9 19:05:48 2013 : sent [CHAP Challenge id=0x6a <65334e292e400860457a3e710278142e>, name = "server.robertsteeter.private"]
Wed Jan 9 19:05:48 2013 : rcvd [LCP EchoRep id=0x0 magic=0x5fbceae0]
Wed Jan 9 19:05:48 2013 : rcvd [CHAP Response id=0x6a <3c2c0bb90568f62f5ada84294038e828000000000000000032bf450620bf278e54e8d70b5ed48a 4a5567f528df9194bd00>, name = "matt"]
Wed Jan 9 19:05:48 2013 : DSAuth plugin: unsupported authen authority: recved ShadowHash;HASHLIST:<SMB-NT,CRAM-MD5,RECOVERABLE,SALTED-SHA512-PBKDF2>, want ApplePasswordServer
Wed Jan 9 19:05:48 2013 : DSAuth plugin: MPPE key required, but its retrieval failed.
Wed Jan 9 19:05:48 2013 : sent [CHAP Failure id=0x6a "S=D43D9FBA673744184953601DBB181A5E9B2FF9C9 M=Access granted"]
Wed Jan 9 19:05:48 2013 : CHAP peer authentication failed for matt
Wed Jan 9 19:05:48 2013 : sent [LCP TermReq id=0x3 "Authentication failed"]
Wed Jan 9 19:05:48 2013 : Connection terminated.
Wed Jan 9 19:05:48 2013 : PPTP disconnecting...
Wed Jan 9 19:05:48 2013 : PPTP disconnected
2013-01-09 19:05:48 EST --> Client with address = 192.168.100.241 has hungup
Not sure what the issue is, however I'm sure I have the username/password and shared secret all correct since I can connect internally. Any suggestions?I have a similar problem:
OS X Server 10.3.9 running on a G3; clients running OS X 10.4.8.
I used Server Admin to set up the server with L2TP and set the shared secret[1]; I used Internet Connect to try to get a client to connect to the server. The result is always the same: The client says "Authentication Failed" and the server's logs record the conversation (Here's the relevant part):
...Tue Jan 16 15:55:08 2007 : sent [CHAP Challenge id=0x1 <c9af9d6375c13e5657d49c44c6ab8259>, name = "inside"]
Tue Jan 16 15:55:08 2007 : rcvd [LCP EchoReq id=0x0 magic=0x9101c22f]
Tue Jan 16 15:55:08 2007 : sent [LCP EchoRep id=0x0 magic=0xf01aa2]
Tue Jan 16 15:55:08 2007 : rcvd [LCP EchoRep id=0x0 magic=0x9101c22f]
Tue Jan 16 15:55:08 2007 : rcvd [CHAP Response id=0x1 <f27c5a611e1e9cf68c17d04d37448b6d00000000000000000f035bba35b5a714589e7292c1fba0 78d57fb3640b62a08e00>, name = "timberwoof"]
Tue Jan 16 15:55:08 2007 : sent [CHAP Failure id=0x1 "E=691 R=1 C=C9AF9D6375C13E5657D49C44C6AB8259 V=0 M=Access denied."]
Tue Jan 16 15:55:08 2007 : CHAP peer authentication failed for remote host timberwoof
Tue Jan 16 15:55:08 2007 : sent [LCP TermReq id=0x2 "Authentication failed"]
Tue Jan 16 15:55:08 2007 : rcvd [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
The user 'timberwoof' exists on the server. I tried changing password type to Advanced, but there's a catch-22 situtation: no user is set up with Advanced password, and it can only be changed to that by a user using Advanced password.
[1] Has anyone else noticed that the dialog box for setting this in Server Admin 10.4.7 is broken? It always forgets the shared secret and then complains that none has been entered.
Maybe you are looking for
-
how to upgrade my mac os 10.5 to 10.8?, how to upgrade my mac
-
The "i" button in the audio track header.
What is the function of the "i" button in the audio track header?
-
Writing Custom Process with JHeadstart
can anybody help me in writing custom process in jheadstart-bc4j. i want to manipulate the data from the database using my custom process in jheadstart eg if i want to search for a specific data or save or update data through jsp in a web service in
-
HI, I am working on oracle 10g multimaster replication. When i try to drop object from master site it gives me error like SQL> BEGIN 2 DBMS_REPCAT.DROP_MASTER_REPOBJECT( 3 oname => '"AC_CHECK"', 4 type => 'TABLE', 5 sna
-
I have a mac book pro and am trying to load microsoft suite it says I need mac ox 10.6 or higher but my computer says there are no updates My computer is currenly at 10.5.8 what do i do