Problems with Anonymous authentication !!
Hi All,
I hope this is the right forum to ask my problem. And also, I would like to say that I dont have any idea in Java.
Our problem is
1. We are using Java SSL as server and OpenSSL as client.
2. For server authentication, the connection is successful.
3. But for Anonymous authentication, the connection fails in read server hello.
I am not sure why this connection is failing. I have referred to client log file but did not get any information to solve the problem.
I dont know how to check log information in the server side if it provides.
Our settings are like this in server.xml for server side :
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="false"
clientAuth="false" sslProtocol="TLS" />
Please let me know whether above settings are OK for Anonymous authentication or not.
If above settings are OK, please let me know how can I debug into the problem.
Server is being run with TomCat.
As I am not familiar with Java, May be I did not provide enough details.
You may think that if I am not familiar, why I am posting ? :) I am supporting some other project team for SSL. So, we have faced this problem. I am familiar with SSL but not Java.
Please let me know if you need any further details.
Thank you very much !
Regards
Satish.
3. But for Anonymous authenticationAnonymous authentication is a contradiction in terms. What you are doing is anonymous SSL, i.e. with no authentication.
the connection fails in read server hello. Fails how? With what exception? stack trace? message? What happens if you run the server with -Djavax.net.debug=ssl,handshake?
Please let me know whether above settings are OK for Anonymous authentication or not.They are not. You would have to enable one or more of the anonymous cipher suites. They are disabled by default.
Next question, why are you doing anonymous SSL? Are you aware that it isn't secure?
Similar Messages
-
Windows 7 Home Premium with 802.1x problems with the Authentication
We have problems with OS Windows 7 Home Premium 802.1x, the message in ACS:
EAP-TLS or PEAP authentication failed during SSL handshake
ACS v4.1
We have OS Windows 7 Professional and doesn´t have problems with the authentication.
I hope that you can help me
RegardsWe were investigated with specialist people of OS Windows and the conclusion was that the Home Premium Version has restrictions about authentication and domain (Active Directory). So we need change the version of OS (Proffessional for example).
If you had another tip, please tell me and I try it for resolve this issue, if not we have to change the OS.
Regards -
I am able to make it to the site for about 2 seconds and then I am quickly logged off and the statement, "There is a problem with your authentication, possibly due to inactivity. For your safety, you have been logged out and must sign in again to continue."
I don't have a clue as to the problem but since this is impacting my participation in these classes and ultimately could have a negative impact on my grade, I am more than a little concerned!Have you allowed this site to set cookies?
-
Issue with Anonymous Authentication and updating or starting new projects
So 2 weeks ago I had a post about Anonymous Authentication found here:
https://social.technet.microsoft.com/Forums/office/en-US/9b0e6eec-190a-4b48-a280-6adef441659a/issue-with-anonymous-authentication-and-people-picker-and-reports?forum=sharepointgeneral&prof=required
That issue has been resolved but has created a new issue. We have Anonymous Authentication disabled but when one of our users tries to make a new project she gets the following:
Unexpected response from server. The status code of response is '0'. The status text of response is ''.
When she tries to edit an existing project, she gets the following:
The server was unable to save the form at this time. Please try again.
If I re-enable the Anonymous Auth. everything works for her again, but then we face the issue from the original post with reports not publishing.
Any ideas on how to make everything get along?#apDiv2 {
position: absolute;
width: 698px;
height: 299px;
z-index: 1;
left:50px;
top: 117px;
overflow: scroll;
Don't forget to fix your code errors. You're still missing a <body> tag in your markup.
Nancy O. -
Problem with forms authentication in OWA
Hi
I have a problem with exchange 2013 standard
When I enable forms authentication on OWA, after logging in I get a 404 file not found error.
Forms authentication works fine on ECP.
I noticed that the login url has a ReturnUrl on the querystring which is double url encoded.i.e. I am getting
https://centaur.patriot.local/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fcentaur.patriot.local%2fowa%2flogin.aspx%3fReturnUrl%3d%252fowa%252f%253fbO%253d1%26bO%3d1
If I unescape the ReturnUrl and put that in the browser,(like the following), it works:
https://centaur.patriot.local/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fcentaur.patriot.local%2fowa%2flogin.aspx%3fReturnUrl=/owa/?bO=1&bO=1
So either IIS is redirecting twice or the redirect url is incorrect.
Any ideas on how to fix this?Hello,
You're right. the issue is related to IIS.
If you do not want IIS to allow doubled-encoded requests to be served, please set allowDoubleEscaping vaule to false to check the result.
-Encoded Requests" section in the following article:
http://www.iis.net/learn/manage/configuring-security/use-request-filtering
If the settings don't work, I recommend you post your issue to iis forum.
http://forums.iis.net/
If you have any feedback on our support, please click
here
Cara Chen
TechNet Community Support -
Problem with SQL Authenticator and SOA EM console.
Hi,
In my project, i have a need to authenticate USERS from data base tables. To acheve this i defined SQL Authenticator, inside the weblogic admin console.But, problem is after this, when i login to EM console of SOA, then, in the home page, it is showing all deployments as DOWN sate, including SOA-INFRA. But, i am able to deploy BPEL project and execute it normally. Why EM console is showing all deployments and soa-infra as down?.
Thanks,
Naga.
Edited by: 984573 on Feb 5, 2013 9:56 PMHi Anuj & Nicolas,
Thanks for your reply.
Really wonder, i found the solution. This is the problem with order of Authentication provider. If i put the "SQL Authenticator" in the top of the order as the first item in the list, then i am facing the above error in EM console. Now, i re-ordered the "SQL Authenticator" and keep it last in the list. Now, SOA EM console is working fine. I really do not understand, what is the significance of the order of Authentication provider.
Thanks for your help.
Regards,
Naga. -
Problems with custom authentication when migrating from 3.2 to 4.1.1
Hi,
we’re about to upgrade our APEX instances to 4.1.1 and to migrate our applications. I encountered some problems with our custom authentication schema.
1. Recognize already authenticated sessions: in 3.2 the sentry function could return false as long as the user was not authenticated. Public pages could still be displayed (including the login page). The result of the function apex_custom_auth.is_session_valid returned false until once the sentry function returned true. How can I recognize non authenticated sessions in 4.1.1? I looked for the test the Condition “User is the public user (user has not authenticated)” computes on a page but didn’t found the right one. It’s not what docu states here (comparison with the public user): http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21674/condition001.htm#HTMDB25943. I replaced the test with p_authentication.username = ‘nobody’. It works. But that doesn’t seem to me to be the right way …
2. Post_logout lacks session context: the Post Logout Procedure does not receive a session_id and username. Neither the V(‘APP_SESSION’) nor p_authentication.session_id are set. This applies to both plugin authentication schemes and non-plugin custom authentication schemes. Is there another way to obtain the logged-out sessions infos or is this a bug?
See apex.oracle.com for a demo, workspace WS_MW, gast/gast. Can someone please guide me the way?
MichaelHello again,
there are no replies until now .... I reviewed some posts regarding custom authentication again and did not find any solution for the issues. Found some that worked with APEX 3.2.1 but not with 4.1.1. I can only work around
1.) in an insecure way, because the non documented (?) user "nobody" can change and all new sessions will be considered authenticated
2.) in a way, that ends up in implementing the logout from the non apex environment outside the authentication schema or authentication plugin.
May be I should contact support for at least the second issue because this doesn't work as documented or am I doing something wrong?
Michael -
Issue with Anonymous Authentication and People Picker and reports
Hello,
We are having an issue with sharepoint 2013 where we have reports that get published to sharepoint via visual studio and we use the people picker for different list.
The overall issue is SSRS does not work if Anonymous Authentication is enabled which caused this error when trying to publish a report:
The permissions granted to user 'NT AUTHORITY\ANONYMOUS LOGON' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException:
The permissions granted to user 'NT AUTHORITY\ANONYMOUS LOGON' are insufficient for performing this operation
However, if we disable Anonymous Authentication, the people picker search option does not work and we get there error:
Sorry, we're having trouble reaching the server.
I found this web blog on a solution, https://blog.karstein-consulting.com/2014/02/18/sharepoint-2013-people-picker-error-sorry-were-having-trouble-reaching-the-server/
however this did not work.
Does anyone have ant other suggestions?Hi JCrescenzo,
Please try to get the property of the people picker, perhaps there is a rule that implemented on your environment:
stsadm -o getproperty -propertyname peoplepicker-searchadcustomfilter -url
http://site_collection_url
If yes, clear it by running:
stsadm -o setproperty -propertyname peoplepicker-searchadcustomfilter -propertyvalue " " -url
http://site_collection
There are two similar posts, please check if they are useful for you:
https://social.technet.microsoft.com/Forums/en-US/621d439b-f2eb-4dc2-8797-eb7f2f3996e4/people-picker-returning-search-filter-is-invalid-in-uls-log-when-searching-for-users?forum=sharepointgeneralprevious
https://gavinmckay.wordpress.com/2011/07/15/troubleshooting-sharepoint-2010-claims-based-authentication-with-active-directory-lightweight-directory-services-ad-lds/
Best Regards,
Wendy
Wendy Li
TechNet Community Support -
Sender file Adapter, problem with proxy authentication
HI all,
i'm having some problems with the following scenario, i need to configure a sender file adapter which connects to a FTP server. To connect this FTP server i need to set a proxy (and so a username and a password), and i don't know how to do.
From note 821267 seems that the proxy is not supported for an FTP adapter, but the are some workaround like the ones described in the following link
Re: Proxy server inFTP adapter
http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=57137
They don't work in my case as i need to se two username (the one for proxy and the one for the ftp server) and i cannot force the proxy use for all XI applications.
Can anyone help me?
Thanks a lot
AldoProxy is necessary to exit the customer local intranet. It's not possible to go outside network without going through the proxy server.
I cannot set the proxy server in file adapter as it's not supported like described in SAp note, a possible workarounf is to force the proxy server in the J2ee stack but in this way all PI calls would use that proxy.. -
LDAP PropertySet with Anonymous Authentication
Please,
I would like to know how can I set up ldap property set for WLP 4.0 using MS Exchange
5.5 Ldap Server with anonymous bind. If I put no values at Principal and Password
Principal in LdapPropertyManager EJB, I got several errors as NullPointerExceptions.
There is no admin and the customer does not want using exchange passwords at weblogic
console.
Thanks a lot
Marco RighettiMarco,
Looks like you have a key with no value in the EJB context, did you try
removing the key as well?
Sincerely,
Daniel Selman
"Marco Righetti" <[email protected]> wrote in message
news:[email protected]...
>
Thanks for your reply. This is the stacktrace...
weblogic.utils.AssertionError: ***** ASSERTION FAILED ***** - with nestedexception:
[java.lang.reflect.InvocationTargetException - with target exception:
[java.lang.NullPointerException]]
atweblogic.ejb20.deployer.EnvironmentBuilder.getValue(EnvironmentBuilder.java:
122)
atweblogic.ejb20.deployer.EnvironmentBuilder.addEnvironmentEntries(Environment
Builder.java:144)
atweblogic.ejb20.deployer.Deployer.setupEnvironmentContext(Deployer.java:200)
at weblogic.ejb20.deployer.Deployer.deployDescriptor(Deployer.java:1228)
at weblogic.ejb20.deployer.Deployer.deploy(Deployer.java:947)
at weblogic.j2ee.EJBComponent.deploy(EJBComponent.java:30)
at weblogic.j2ee.Application.deploy(Application.java:247)
at weblogic.j2ee.J2EEService.deployApplication(J2EEService.java:185)
atweblogic.management.mbeans.custom.Application.setLocalDeployed(Application.j
ava:362)
atweblogic.management.mbeans.custom.Application.setDeployed(Application.java:2
96)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.internal.DynamicMBeanImpl.invokeSetter(DynamicMBeanImpl.
java:1388)
atweblogic.management.internal.DynamicMBeanImpl.setAttribute(DynamicMBeanImpl.
java:881)
atweblogic.management.internal.DynamicMBeanImpl.setAttribute(DynamicMBeanImpl.
java:847)
atweblogic.management.internal.ConfigurationMBeanImpl.setAttribute(Configurati
onMBeanImpl.java:295)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:135
6)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:133
1)
atweblogic.management.internal.ConfigurationMBeanImpl.updateConfigMBeans(Confi
gurationMBeanImpl.java:392)
atweblogic.management.internal.ConfigurationMBeanImpl.setAttribute(Configurati
onMBeanImpl.java:298)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:135
6)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:133
1)
atweblogic.management.internal.MBeanProxy.setAttribute(MBeanProxy.java:322)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:204)
at $Proxy19.setDeployed(Unknown Source)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.console.info.MBeanAttribute.doSet(MBeanAttribute.java:84
atweblogic.management.console.info.CompositeAttribute.doSet(CompositeAttribute
.java:100)
atweblogic.management.console.actions.mbean.DoEditMBeanAction.perform(DoEditMB
eanAction.java:135)
atweblogic.management.console.actions.internal.ActionServlet.doAction(ActionSe
rvlet.java:171)
atweblogic.management.console.actions.internal.ActionServlet.doPost(ActionServ
let.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:265)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:200)
atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:2495)
atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
>
####<May 16, 2002 4:29:17 PM BRT> <Error> <Management> <dctm><portalServer> <ExecuteThread:
'1' for queue: '__weblogic_admin_html_queue'> <system> <> <140002><InvocationTargetException
setting attribute Deployed on MBeanavitekDomainOracle:Location=portalServer,Name=avitek,Type=ApplicationConfig
to value true. Method: public voidweblogic.management.mbeans.custom.Application.setDeployed(boolean)
throwsweblogic.management.DeploymentException,weblogic.management.UndeploymentExce
ption>
>
>
>
Unable to deploy EJB: LdapPropertyManager from ldapprofile.jar:
java.lang.reflect.InvocationTargetException:java.lang.NullPointerException
at java.lang.String.<init>(String.java:193)
at java.lang.reflect.Constructor.newInstance(Native Method)
atweblogic.ejb20.deployer.EnvironmentBuilder.getValue(EnvironmentBuilder.java:
119)
atweblogic.ejb20.deployer.EnvironmentBuilder.addEnvironmentEntries(Environment
Builder.java:144)
atweblogic.ejb20.deployer.Deployer.setupEnvironmentContext(Deployer.java:200)
at weblogic.ejb20.deployer.Deployer.deployDescriptor(Deployer.java:1228)
at weblogic.ejb20.deployer.Deployer.deploy(Deployer.java:947)
at weblogic.j2ee.EJBComponent.deploy(EJBComponent.java:30)
at weblogic.j2ee.Application.deploy(Application.java:247)
at weblogic.j2ee.J2EEService.deployApplication(J2EEService.java:185)
atweblogic.management.mbeans.custom.Application.setLocalDeployed(Application.j
ava:362)
atweblogic.management.mbeans.custom.Application.setDeployed(Application.java:2
96)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.internal.DynamicMBeanImpl.invokeSetter(DynamicMBeanImpl.
java:1388)
atweblogic.management.internal.DynamicMBeanImpl.setAttribute(DynamicMBeanImpl.
java:881)
atweblogic.management.internal.DynamicMBeanImpl.setAttribute(DynamicMBeanImpl.
java:847)
atweblogic.management.internal.ConfigurationMBeanImpl.setAttribute(Configurati
onMBeanImpl.java:295)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:135
6)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:133
1)
atweblogic.management.internal.ConfigurationMBeanImpl.updateConfigMBeans(Confi
gurationMBeanImpl.java:392)
atweblogic.management.internal.ConfigurationMBeanImpl.setAttribute(Configurati
onMBeanImpl.java:298)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:135
6)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:133
1)
atweblogic.management.internal.MBeanProxy.setAttribute(MBeanProxy.java:322)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:204)
at $Proxy19.setDeployed(Unknown Source)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.console.info.MBeanAttribute.doSet(MBeanAttribute.java:84
atweblogic.management.console.info.CompositeAttribute.doSet(CompositeAttribute
.java:100)
atweblogic.management.console.actions.mbean.DoEditMBeanAction.perform(DoEditMB
eanAction.java:135)
atweblogic.management.console.actions.internal.ActionServlet.doAction(ActionSe
rvlet.java:171)
atweblogic.management.console.actions.internal.ActionServlet.doPost(ActionServ
let.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:265)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:200)
atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:2495)
atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
--------------- nested within: ------------------
weblogic.utils.AssertionError: ***** ASSERTION FAILED ***** - with nestedexception:
[java.lang.reflect.InvocationTargetException - with target exception:
[java.lang.NullPointerException]]
atweblogic.ejb20.deployer.EnvironmentBuilder.getValue(EnvironmentBuilder.java:
122)
atweblogic.ejb20.deployer.EnvironmentBuilder.addEnvironmentEntries(Environment
Builder.java:144)
atweblogic.ejb20.deployer.Deployer.setupEnvironmentContext(Deployer.java:200)
at weblogic.ejb20.deployer.Deployer.deployDescriptor(Deployer.java:1228)
at weblogic.ejb20.deployer.Deployer.deploy(Deployer.java:947)
at weblogic.j2ee.EJBComponent.deploy(EJBComponent.java:30)
at weblogic.j2ee.Application.deploy(Application.java:247)
at weblogic.j2ee.J2EEService.deployApplication(J2EEService.java:185)
atweblogic.management.mbeans.custom.Application.setLocalDeployed(Application.j
ava:362)
atweblogic.management.mbeans.custom.Application.setDeployed(Application.java:2
96)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.internal.DynamicMBeanImpl.invokeSetter(DynamicMBeanImpl.
java:1388)
atweblogic.management.internal.DynamicMBeanImpl.setAttribute(DynamicMBeanImpl.
java:881)
atweblogic.management.internal.DynamicMBeanImpl.setAttribute(DynamicMBeanImpl.
java:847)
atweblogic.management.internal.ConfigurationMBeanImpl.setAttribute(Configurati
onMBeanImpl.java:295)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:135
6)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:133
1)
atweblogic.management.internal.ConfigurationMBeanImpl.updateConfigMBeans(Confi
gurationMBeanImpl.java:392)
atweblogic.management.internal.ConfigurationMBeanImpl.setAttribute(Configurati
onMBeanImpl.java:298)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:135
6)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:133
1)
atweblogic.management.internal.MBeanProxy.setAttribute(MBeanProxy.java:322)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:204)
at $Proxy19.setDeployed(Unknown Source)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.console.info.MBeanAttribute.doSet(MBeanAttribute.java:84
atweblogic.management.console.info.CompositeAttribute.doSet(CompositeAttribute
.java:100)
atweblogic.management.console.actions.mbean.DoEditMBeanAction.perform(DoEditMB
eanAction.java:135)
atweblogic.management.console.actions.internal.ActionServlet.doAction(ActionSe
rvlet.java:171)
atweblogic.management.console.actions.internal.ActionServlet.doPost(ActionServ
let.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:265)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:200)
atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:2495)
atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
at weblogic.ejb20.deployer.Deployer.deploy(Deployer.java:1029)
at weblogic.j2ee.EJBComponent.deploy(EJBComponent.java:30)
at weblogic.j2ee.Application.deploy(Application.java:247)
at weblogic.j2ee.J2EEService.deployApplication(J2EEService.java:185)
atweblogic.management.mbeans.custom.Application.setLocalDeployed(Application.j
ava:362)
atweblogic.management.mbeans.custom.Application.setDeployed(Application.java:2
96)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.internal.DynamicMBeanImpl.invokeSetter(DynamicMBeanImpl.
java:1388)
atweblogic.management.internal.DynamicMBeanImpl.setAttribute(DynamicMBeanImpl.
java:881)
atweblogic.management.internal.DynamicMBeanImpl.setAttribute(DynamicMBeanImpl.
java:847)
atweblogic.management.internal.ConfigurationMBeanImpl.setAttribute(Configurati
onMBeanImpl.java:295)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:135
6)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:133
1)
atweblogic.management.internal.ConfigurationMBeanImpl.updateConfigMBeans(Confi
gurationMBeanImpl.java:392)
atweblogic.management.internal.ConfigurationMBeanImpl.setAttribute(Configurati
onMBeanImpl.java:298)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:135
6)
atcom.sun.management.jmx.MBeanServerImpl.setAttribute(MBeanServerImpl.java:133
1)
atweblogic.management.internal.MBeanProxy.setAttribute(MBeanProxy.java:322)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:204)
at $Proxy19.setDeployed(Unknown Source)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.console.info.MBeanAttribute.doSet(MBeanAttribute.java:84
atweblogic.management.console.info.CompositeAttribute.doSet(CompositeAttribute
.java:100)
atweblogic.management.console.actions.mbean.DoEditMBeanAction.perform(DoEditMB
eanAction.java:135)
atweblogic.management.console.actions.internal.ActionServlet.doAction(ActionSe
rvlet.java:171)
atweblogic.management.console.actions.internal.ActionServlet.doPost(ActionServ
let.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:265)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:200)
atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:2495)
atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
Regards,
Marco -
Problem with certificate authentication at wlc 4402
Hi,
we have a problem to get a connection from the client to the WLC.
we are using Cisco Aironet 1130 AG and a Cisco 4402 WLC in our network. The certificate service is installed on a Windows 2008 R2 server. We use a standalone Root CA with a Enterprise Sub CA hierarchy. Issueing certificates to clients works fine. The vendor and ca certificates are installed on the WLC and the user have his user certificate. During implementation we used following document: "http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml#wlc". Instead of Anonymous Bind, we use a service user to read in AD (works fine, too).
We use the Intel/PRO wireless utility on our Testclient and configured it for EAP-FAST and TLS. We can select the installed certificate in the utility, but when we try to connect, the utility throw the message: "Authentication failed due to an invalid certificate".
We´ve logged the WLC and thats a part of the logfile (i´ve greyed out all enterprise data):
*EAP Framework: Jan 18 12:08:21.921: EAP-AUTH-EVENT: Waiting for asynchronous reply from LL
*LDAP DB Task 1: Jan 18 12:08:21.921: ldapTask [1] received msg 'REQUEST' (2) in state 'IDLE' (1)
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP server 1 changed state to INIT
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP_OPT_REFERRALS = -1*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP_CLIENT: UID Search (...)))
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: ldap_search_ext_s returns 0 85
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned 2 msgs including 0 references
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned msg 1 type 0x64
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Received 1 attributes in search entry msg
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Returned msg 2 type 0x65
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : No matched DN
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : Check result error 0 rc 1013
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Received no referrals in search result msg
*LDAP DB Task 1: Jan 18 12:08:21.927: ldapAuthRequest [1] called lcapi_query base="..." (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP ATTR> dn = CN=... (size 76)
*LDAP DB Task 1: Jan 18 12:08:21.927: Handling LDAP response Success
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc [Response] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc Returning AAA Success for mobile 18:3d:a2:0a:ec:bc
*LDAP DB Task 1: Jan 18 12:08:21.927: AuthorizationResponse: 0x33a5affc*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: Found context matching MAC address - 319
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: (EAP:319) User credential callback invoked
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find password in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find wlan in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: Authenticated bind : Closing the binded session*LDAP DB Task 1: Jan 18 12:08:21.928: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.929: LDAP server 1 changed state to IDLE
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Received event 'EAP_LL_REPLY' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Using credential profile name: ...(0x78000041)
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Maximum EAP packet size: 1000
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Sending method new context directive for EAP context 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Sending method directive 'New Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: eap_fast.c-EVENT: New context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: id_manager.c-AUTH-SM: Got new ID f700000e - id_get
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-EVENT: Allocated new EAP-FAST context (handle = 0xF700000E)
*EAP Framework: Jan 18 12:08:21.931: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:21.931: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Received Identity
*EAP Framework: Jan 18 12:08:21.931: eap_fast_tlv.c-AUTH-EVENT: Adding PAC A-ID TLV (436973636f0000000000000000000000)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Sending Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-SM: Changing state: Reset -> Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:138: Version: 1 Flags:S Length:0x0014
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1422: Payload: 00040010436973636F00000000000000 ...
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1484: Code:REQUEST ID:0x 2 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:21.932: AuthorizationResponse: 0x13c713fc*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 1a
*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 2) to EAP subsys
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Start
*EAP
Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending lower layer event
'EAP_GET_CREDENTIAL_PROFILE_FROM_PROFILE_NAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: Found matching context for id - 319
*EAP
Framework: Jan 18 12:08:22.292: LOCAL_AUTH: (EAP:319) Returning profile
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - New session 0x335ee108 started (TP = 'vendor')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - Trustpoint identity (cert) set to 'Vendor'
*EAP
Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Subject : ...
*EAP Framework: Jan 18
12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Issuer : ...
*EAP Framework: Jan 18
12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Valid from '2012 Jan 12th,
17:06:50 GMT' to '2016 Jan 11th, 17:06:50 GMT'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Is not a CA cert
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: Added cert (type 1) to chain (1 present on chain)
*EAP
Framework: Jan 18 12:08:22.300: IOS_PKI_SHIM: [CA-CERT] Subject :
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Issuer : CN=...
*EAP
Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Valid from
'2012 Jan 12th, 16:54:49 GMT' to '2020 Jan 12th, 17:04:49 GMT'
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Is a CA cert
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: Added cert (type 2) to chain (2 present on chain)
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [StartSession] - Getting older style priv key
*EAP Framework: Jan 18 12:08:22.338: IOS_PKI_SHIM: Session 0x335ee108 init'd OK
*EAP Framework: Jan 18 12:08:22.338: eap_fast_auth.c-AUTH-EVENT: Local certificate found
*EAP Framework: Jan 18 12:08:22.339: eap_fast_auth.c-AUTH-EVENT: Reading Client Hello handshake
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0033
*EAP Framework: Jan 18 12:08:22.339: eap_core.c:1422: Payload: 0100002F03014F16A8262631FC9DC042 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast.c:202: Handshake type:Client Hello Length:0x002F
*EAP Framework: Jan 18 12:08:22.340: eap_core.c:1422: Payload: 03014F16A8262631FC9DC042253D3E24 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_AES_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_RC4_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: Proposed ciphersuite(s):
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_RC4_128_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: Selected ciphersuite:
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast_auth.c-AUTH-EVENT: Building Provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:255: Content:Handshake Version:0301 Length:0x002A
*EAP Framework: Jan 18 12:08:22.344: eap_core.c:1422: Payload: 0200002603015F3325EADF12E6296F91 ...
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:202: Handshake type:Server Hello Length:0x0026
*EAP Framework: Jan 18 12:08:22.345: eap_core.c:1422: Payload: 03015F3325EADF12E6296F91530FE67F ...
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0B54
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 0B000B50000B4D00059F3082059B3082 ...
*EAP Framework: Jan 18 12:08:22.346: eap_fast.c:202: Handshake type:Certificate Length:0x0B50
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 000B4D00059F3082059B30820483A003 ...
*EAP Framework: Jan 18 12:08:22.347: eap_fast_crypto.c-EVENT: Starting Diffie Hellman phase 1 ...
*EAP Framework: Jan 18 12:08:22.661: eap_fast_crypto.c-EVENT: Diffie Hellman phase 1 complete
*EAP Framework: Jan 18 12:08:22.677: IOS_PKI_SHIM: PKI_SignMessage PostHashEncrypt ret SUCCESS.. op_len 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast_auth.c-AUTH-EVENT: DH signature length = 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:255: Content:Handshake Version:0301 Length:0x028D
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0C0002890100FFFFFFFFFFFFFFFFC90F ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:202: Handshake type:Server Key Exchange Length:0x0289
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0100FFFFFFFFFFFFFFFFC90FDAA22168 ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:255: Content:Handshake Version:0301 Length:0x000B
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 0D00000704030401020000
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:202: Handshake type:Certificate Request Length:0x0007
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 04030401020000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0004
*EAP Framework: Jan 18 12:08:22.681: eap_core.c:1422: Payload: 0E000000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:202: Handshake type:Server Done Length:0x0000
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-EVENT: Sending Provisioning Serving Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-SM: Changing state: Start -> Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast.c-EVENT: Tx packet fragmentation required
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:138: Version: 1 Flags:LM Length:0x03DE
*EAP Framework: Jan 18 12:08:22.683: eap_core.c:1422: Payload: 160301002A0200002603015F3325EADF ...
*EAP Framework: Jan 18 12:08:22.684: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.684: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.685: eap_core.c:1484: Code:REQUEST ID:0x 3 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.686: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.687: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.687: AuthorizationResponse: 0x13c713fc*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 297
*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 6) to EAP subsys
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP
Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Received
TLS record type: Handshake in state: Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Reading Client Certificate handshake
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0007
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 0B000003000000
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:202: Handshake type:Certificate Length:0x0003
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 000000
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:255: Content:Alert Version:0301 Length:0x0002
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 0228
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-SM: Changing state: Sent provisioning Server Hello -> Alert
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:138: Version: 1 Flags:L Length:0x0007
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 15030100020228
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.833: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1484: Code:REQUEST ID:0x 7 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.834: AuthorizationResponse: 0x13c713fc
We think that the reason why it didn´t work, is the part:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
But we aren´t sure.
Maybe anyone can help us. Many thanks in advance.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.01.18 12:08:18 =~=~=~=~=~=~=~=~=~=~=~=
debug aaa all disable debug aaa all enable(Cisco Controller) >*Dot1x_NW_MsgTask_0: Jan 18 12:08:21.917: 18:3d:a2:0a:ec:bc Audit Session ID added to the mscb: 0a63081e000000994f16a825
*Dot1x_NW_MsgTask_0: Jan 18 12:08:21.917: Creating audit session ID (dot1x_aaa_eapresp_supp) and Radius Request
*aaaQueueReader: Jan 18 12:08:21.917: AuthenticationRequest: 0x30b52e90
*aaaQueueReader: Jan 18 12:08:21.917: Callback.....................................0x10b7803c*aaaQueueReader: Jan 18 12:08:21.917: protocolType.................................0x00140001*aaaQueueReader: Jan 18 12:08:21.917: proxyState...................................18:3D:A2:0A:EC:BC-02:00*aaaQueueReader: Jan 18 12:08:21.917: Packet contains 16 AVPs (not shown)*aaaQueueReader: Jan 18 12:08:21.917: 18:3d:a2:0a:ec:bc [Error] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*aaaQueueReader: Jan 18 12:08:21.918: 18:3d:a2:0a:ec:bc Returning AAA Error 'No Server' (-7) for mobile 18:3d:a2:0a:ec:bc
*aaaQueueReader: Jan 18 12:08:21.918: AuthorizationResponse: 0x3e04bd08
*aaaQueueReader: Jan 18 12:08:21.918: structureSize................................32*aaaQueueReader: Jan 18 12:08:21.918: resultCode...................................-7*aaaQueueReader: Jan 18 12:08:21.918: protocolUsed.................................0xffffffff*aaaQueueReader: Jan 18 12:08:21.918: proxyState...................................18:3D:A2:0A:EC:BC-02:00*aaaQueueReader: Jan 18 12:08:21.918: Packet contains 0 AVPs:*aaaQueueReader: Jan 18 12:08:21.918: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:21.918: LOCAL_AUTH: Creating new context
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Received context create from lower layer (0x0000013F)
*aaaQueueReader: Jan 18 12:08:21.918: id_manager.c-AUTH-SM: Got new ID 78000041 - id_get
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Received credential profile name: "(null)" from LL
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Allocated new EAP context (handle = 0x78000041)
*aaaQueueReader: Jan 18 12:08:21.919: LOCAL_AUTH: Created new context eap session handle 78000041
*aaaQueueReader: Jan 18 12:08:21.919: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 1) to EAP subsys
*EAP Framework: Jan 18 12:08:21.919: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:21.920: eap_core.c:1484: Code:RESPONSE ID:0x 1 Length:0x002b Type:IDENTITY
*EAP Framework: Jan 18 12:08:21.920: eap_core.c:1422: Payload: 416E6472652E54736368656E74736368 ...
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: EAP Response type = Identity
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: Received peer identity: [email protected]
*EAP Framework: Jan 18 12:08:21.920: EAP-EVENT: Sending lower layer event 'EAP_GET_CREDENTIAL_PROFILE_FROM_USERNAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.920: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.921: LOCAL_AUTH: (EAP) Sending user credential request username '[email protected]' to LDAP
*aaaQueueReader: Jan 18 12:08:21.921: AuthenticationRequest: 0x33a6ae18
*aaaQueueReader: Jan 18 12:08:21.921: Callback.....................................0x10765234*aaaQueueReader: Jan 18 12:08:21.921: protocolType.................................0x00100002*aaaQueueReader: Jan 18 12:08:21.921: proxyState...................................18:3D:A2:0A:EC:BC-00:00*aaaQueueReader: Jan 18 12:08:21.921: Packet contains 2 AVPs (not shown)*EAP Framework: Jan 18 12:08:21.921: EAP-AUTH-EVENT: Waiting for asynchronous reply from LL
*LDAP DB Task 1: Jan 18 12:08:21.921: ldapTask [1] received msg 'REQUEST' (2) in state 'IDLE' (1)
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP server 1 changed state to INIT
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP_OPT_REFERRALS = -1*LDAP DB Task 1: Jan 18 12:08:21.922: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.925: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP server 1 changed state to CONNECTED
*LDAP DB Task 1: Jan 18 12:08:21.925: disabled LDAP_OPT_REFERRALS*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP_CLIENT: UID Search (base=DC=group,DC=jenoptik,DC=corp, pattern=(&(objectclass=Person)([email protected])))
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: ldap_search_ext_s returns 0 85
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned 2 msgs including 0 references
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned msg 1 type 0x64
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Received 1 attributes in search entry msg
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Returned msg 2 type 0x65
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : No matched DN
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : Check result error 0 rc 1013
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Received no referrals in search result msg
*LDAP DB Task 1: Jan 18 12:08:21.927: ldapAuthRequest [1] called lcapi_query base="DC=group,DC=jenoptik,DC=corp" type="Person" attr="userPrincipalName" user="[email protected]" (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP ATTR> dn = CN=Tschentscher\, Andre,OU=Users,OU=SSC,OU=JOAG,DC=group,DC=jenoptik,DC=corp (size 76)
*LDAP DB Task 1: Jan 18 12:08:21.927: Handling LDAP response Success
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc [Response] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc Returning AAA Success for mobile 18:3d:a2:0a:ec:bc
*LDAP DB Task 1: Jan 18 12:08:21.927: AuthorizationResponse: 0x33a5affc
*LDAP DB Task 1: Jan 18 12:08:21.927: structureSize................................180*LDAP DB Task 1: Jan 18 12:08:21.927: resultCode...................................0*LDAP DB Task 1: Jan 18 12:08:21.927: protocolUsed.................................0x00000002*LDAP DB Task 1: Jan 18 12:08:21.927: proxyState...................................18:3D:A2:0A:EC:BC-00:00*LDAP DB Task 1: Jan 18 12:08:21.928: Packet contains 2 AVPs:*LDAP DB Task 1: Jan 18 12:08:21.928: AVP[01] Unknown Attribute 0......................CN=Tschentscher\, Andre,OU=Users,OU=SSC,OU=JOAG,DC=group,DC=jenoptik,DC=corp (76 bytes)*LDAP DB Task 1: Jan 18 12:08:21.928: AVP[02] User-Name................................Andre.Tschentscher@group.jenoptik.corp (38 bytes)*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: Found context matching MAC address - 319
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: (EAP:319) User credential callback invoked
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find password in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find wlan in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: Authenticated bind : Closing the binded session*LDAP DB Task 1: Jan 18 12:08:21.928: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.929: LDAP server 1 changed state to IDLE
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Received event 'EAP_LL_REPLY' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Using credential profile name: [email protected] (0x78000041)
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Maximum EAP packet size: 1000
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Sending method new context directive for EAP context 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Sending method directive 'New Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: eap_fast.c-EVENT: New context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: id_manager.c-AUTH-SM: Got new ID f700000e - id_get
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-EVENT: Allocated new EAP-FAST context (handle = 0xF700000E)
*EAP Framework: Jan 18 12:08:21.931: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:21.931: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Received Identity
*EAP Framework: Jan 18 12:08:21.931: eap_fast_tlv.c-AUTH-EVENT: Adding PAC A-ID TLV (436973636f0000000000000000000000)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Sending Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-SM: Changing state: Reset -> Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:138: Version: 1 Flags:S Length:0x0014
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1422: Payload: 00040010436973636F00000000000000 ...
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1484: Code:REQUEST ID:0x 2 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:21.932: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:21.933: structureSize................................74*EAP Framework: Jan 18 12:08:21.933: resultCode...................................255*EAP Framework: Jan 18 12:08:21.933: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:21.933: proxyState...................................18:3D:A2:0A:EC:BC-02:00*EAP Framework: Jan 18 12:08:21.934: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 1a
*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 2) to EAP subsys
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Start
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending lower layer event 'EAP_GET_CREDENTIAL_PROFILE_FROM_PROFILE_NAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: (EAP:319) Returning profile '[email protected]' (username '[email protected]')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - New session 0x335ee108 started (TP = 'vendor')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - Trustpoint identity (cert) set to 'Vendor'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Subject : C=DE, ST=Thuringia, L=Jena, O=Jenoptik AG, OU=Jenoptik SSC GmbH, CN=Cisco WLC 1st, [email protected]
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Issuer : DC=corp, DC=jenoptik, CN=Jenoptik WLAN Certificate Authority
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Valid from '2012 Jan 12th, 17:06:50 GMT' to '2016 Jan 11th, 17:06:50 GMT'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Is not a CA cert
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: Added cert (type 1) to chain (1 present on chain)
*EAP Framework: Jan 18 12:08:22.300: IOS_PKI_SHIM: [CA-CERT] Subject : DC=corp, DC=jenoptik, CN=Jenoptik WLAN Certificate Authority
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Issuer : CN=Jenoptik Certificate Authority
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Valid from '2012 Jan 12th, 16:54:49 GMT' to '2020 Jan 12th, 17:04:49 GMT'
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Is a CA cert
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: Added cert (type 2) to chain (2 present on chain)
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [StartSession] - Getting older style priv key
*EAP Framework: Jan 18 12:08:22.338: IOS_PKI_SHIM: Session 0x335ee108 init'd OK
*EAP Framework: Jan 18 12:08:22.338: eap_fast_auth.c-AUTH-EVENT: Local certificate found
*EAP Framework: Jan 18 12:08:22.339: eap_fast_auth.c-AUTH-EVENT: Reading Client Hello handshake
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0033
*EAP Framework: Jan 18 12:08:22.339: eap_core.c:1422: Payload: 0100002F03014F16A8262631FC9DC042 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast.c:202: Handshake type:Client Hello Length:0x002F
*EAP Framework: Jan 18 12:08:22.340: eap_core.c:1422: Payload: 03014F16A8262631FC9DC042253D3E24 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_AES_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_RC4_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: Proposed ciphersuite(s):
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_RC4_128_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: Selected ciphersuite:
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast_auth.c-AUTH-EVENT: Building Provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:255: Content:Handshake Version:0301 Length:0x002A
*EAP Framework: Jan 18 12:08:22.344: eap_core.c:1422: Payload: 0200002603015F3325EADF12E6296F91 ...
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:202: Handshake type:Server Hello Length:0x0026
*EAP Framework: Jan 18 12:08:22.345: eap_core.c:1422: Payload: 03015F3325EADF12E6296F91530FE67F ...
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0B54
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 0B000B50000B4D00059F3082059B3082 ...
*EAP Framework: Jan 18 12:08:22.346: eap_fast.c:202: Handshake type:Certificate Length:0x0B50
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 000B4D00059F3082059B30820483A003 ...
*EAP Framework: Jan 18 12:08:22.347: eap_fast_crypto.c-EVENT: Starting Diffie Hellman phase 1 ...
*EAP Framework: Jan 18 12:08:22.661: eap_fast_crypto.c-EVENT: Diffie Hellman phase 1 complete
*EAP Framework: Jan 18 12:08:22.677: IOS_PKI_SHIM: PKI_SignMessage PostHashEncrypt ret SUCCESS.. op_len 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast_auth.c-AUTH-EVENT: DH signature length = 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:255: Content:Handshake Version:0301 Length:0x028D
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0C0002890100FFFFFFFFFFFFFFFFC90F ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:202: Handshake type:Server Key Exchange Length:0x0289
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0100FFFFFFFFFFFFFFFFC90FDAA22168 ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:255: Content:Handshake Version:0301 Length:0x000B
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 0D00000704030401020000
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:202: Handshake type:Certificate Request Length:0x0007
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 04030401020000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0004
*EAP Framework: Jan 18 12:08:22.681: eap_core.c:1422: Payload: 0E000000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:202: Handshake type:Server Done Length:0x0000
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-EVENT: Sending Provisioning Serving Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-SM: Changing state: Start -> Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast.c-EVENT: Tx packet fragmentation required
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:138: Version: 1 Flags:LM Length:0x03DE
*EAP Framework: Jan 18 12:08:22.683: eap_core.c:1422: Payload: 160301002A0200002603015F3325EADF ...
*EAP Framework: Jan 18 12:08:22.684: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.684: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.685: eap_core.c:1484: Code:REQUEST ID:0x 3 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.686: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.687: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.687: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.687: structureSize................................1048*EAP Framework: Jan 18 12:08:22.687: resultCode...................................255*EAP Framework: Jan 18 12:08:22.687: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.688: proxyState...................................18:3D:A2:0A:EC:BC-02:01*EAP Framework: Jan 18 12:08:22.688: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.688: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.688: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.700: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.701: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.701: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 3) to EAP subsys
*EAP Framework: Jan 18 12:08:22.701: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.701: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.702: eap_core.c:1484: Code:RESPONSE ID:0x 3 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.702: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.702: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.704: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c:138: Version: 1 Flags:M Length:0x03E2
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1422: Payload: 3A2F2F2F434E3D4A656E6F7074696B25 ...
*EAP Framework: Jan 18 12:08:22.705: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1422: Payload: 413A2F2F2F434E3D4A656E6F7074696B ...
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.707: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.707: eap_core.c:1484: Code:REQUEST ID:0x 4 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.707: eap_core.c:1422: Payload: 413A2F2F2F434E3D4A656E6F7074696B ...
*EAP Framework: Jan 18 12:08:22.707: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.708: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.708: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.708: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.708: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.709: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.709: structureSize................................1048*EAP Framework: Jan 18 12:08:22.709: resultCode...................................255*EAP Framework: Jan 18 12:08:22.709: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.710: proxyState...................................18:3D:A2:0A:EC:BC-02:02*EAP Framework: Jan 18 12:08:22.710: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.710: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.711: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.723: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.723: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.724: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 4) to EAP subsys
*EAP Framework: Jan 18 12:08:22.724: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.725: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.725: eap_core.c:1484: Code:RESPONSE ID:0x 4 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.725: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.725: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c:138: Version: 1 Flags:M Length:0x03E2
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1422: Payload: BD84CC4BF49A766267DA94429BEBE087 ...
*EAP Framework: Jan 18 12:08:22.728: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1422: Payload: 41BD84CC4BF49A766267DA94429BEBE0 ...
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.730: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.730: eap_core.c:1484: Code:REQUEST ID:0x 5 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.730: eap_core.c:1422: Payload: 41BD84CC4BF49A766267DA94429BEBE0 ...
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.731: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.732: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.732: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.732: structureSize................................1048*EAP Framework: Jan 18 12:08:22.732: resultCode...................................255*EAP Framework: Jan 18 12:08:22.733: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.733: proxyState...................................18:3D:A2:0A:EC:BC-02:03*EAP Framework: Jan 18 12:08:22.733: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.734: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.734: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.746: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.747: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.747: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 5) to EAP subsys
*EAP Framework: Jan 18 12:08:22.747: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.747: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.748: eap_core.c:1484: Code:RESPONSE ID:0x 5 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.748: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.748: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.750: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c:138: Version: 1 Flags: Length:0x0291
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1422: Payload: 34C4C6628B80DC1CD129024E088A67CC ...
*EAP Framework: Jan 18 12:08:22.751: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x0297 Type:FAST
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1422: Payload: 0134C4C6628B80DC1CD129024E088A67 ...
*EAP Framework: Jan 18 12:08:22.751: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.751: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.752: eap_core.c:1484: Code:REQUEST ID:0x 6 Length:0x0297 Type:FAST
*EAP Framework: Jan 18 12:08:22.752: eap_core.c:1422: Payload: 0134C4C6628B80DC1CD129024E088A67 ...
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.753: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.753: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.754: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.754: structureSize................................711*EAP Framework: Jan 18 12:08:22.754: resultCode...................................255*EAP Framework: Jan 18 12:08:22.754: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.754: proxyState...................................18:3D:A2:0A:EC:BC-02:04*EAP Framework: Jan 18 12:08:22.754: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 297
*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 6) to EAP subsys
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Reading Client Certificate handshake
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0007
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 0B000003000000
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:202: Handshake type:Certificate Length:0x0003
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 000000
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:255: Content:Alert Version:0301 Length:0x0002
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 0228
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-SM: Changing state: Sent provisioning Server Hello -> Alert
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:138: Version: 1 Flags:L Length:0x0007
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 15030100020228
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.833: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1484: Code:REQUEST ID:0x 7 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.834: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.834: structureSize................................65*EAP Framework: Jan 18 12:08:22.834: resultCode...................................255*EAP Framework: Jan 18 12:08:22.835: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.835: proxyState...................................18:3D:A2:0A:EC:BC-02:05*EAP Framework: Jan 18 12:08:22.835: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.835: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 11
*EAP Framework: Jan 18 12:08:22.835: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 7) to EAP subsys
*EAP Framework: Jan 18 12:08:22.838: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.839: eap_core.c:1484: Code:RESPONSE ID:0x 7 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.839: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.839: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.840: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.840: eap_core.c:1484: Code:RESPONSE ID:0x 7 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.840: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-AUTH-EVENT: Received ACK from peer
*EAP Framework: Jan 18 12:08:22.840: EAP-AUTH-EVENT: EAP method state: Done
*EAP Framework: Jan 18 12:08:22.840: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.840: EAP-EVENT: Received get canned status from lower layer (0x78000041)
*EAP Framework: Jan 18 12:08:22.840: EAP-EVENT: Sending method directive 'Free Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.840: eap_fast.c-EVENT: Free context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.840: id_manager.c-AUTH-SM: Entry deleted fine id f700000e - id_delete
*EAP Framework: Jan 18 12:08:22.840: IOS_PKI_SHIM: Session 0x335ee108 deleted
*EAP Framework: Jan 18 12:08:2Now we found the reason.
The WLC doesn´t work with the Sub CA respectively with chain certificates for device authentication.
"Support for Chained Certificate
In controller versions earlier than 5.1.151.0, web authentication certificates can be only device certificates and should not contain the CA roots chained to the device certificate (no chained certificates).
With controller version 5.1.151.0 and later, the controller allows for the device certificate to be downloaded as a chained certificate for web authentication.
Certificate Levels
Level 0—Use of only a server certificate on WLC.
Level 1—Use of server certificate on WLC and a CA root certificate.
Level 2—Use of server certificate on WLC, one single CA intermediate certificate, and a CA root certificate.
Level 3—Use of server certificate on WLC, two CA intermediate certificates, and a CA root certificate.
WLC does not support chained certificates more than 10KB size on the WLC.
Note: Chained certificates are supported for web authentication only; they are not supported for the management certificate."
So the WLC can´t decode the peer certificate. -
Problem with JAAS authentication using jboss client
I'm trying to make a little compiled application works. It has two parts: a little client(one class) and a server part which runs on a jboss server, and comunicates between them using JAAS + SSL. It works perfectly alone if I run it in a java project, without the messing sap JAAS implementation.
I followed all the steps in:
https://websmp101.sap-ag.de/~sapidb/011000358700003517632004E.PDF
and managed to apply the configuration into the security service of WAS, using <b>jboss-client.jar</b> as the library with the login module, and <b>org.jboss.security.ClientLoginModule</b> as the login module.
I included the client class into a web service developed for my WAS, packing the class and its library plus jboss-client.jar into my EAR.
But when it tries to do the authentication, sometimes it uses:
<b>org.jboss.security.ClientLoginModule</b> (that's the correct class) but throws a "<b>User is locked</b>" exception.
Have I need to create the user who I use to connect to jboss in my WAS UME ? This has no much sense. Anyway doesn't work either, and the user is not locked.
Other times (withouth changing anything) it uses:
<b>com.sap.engine.system.SystemLoginModule</b> and throws this exception:
<b>com.sap.engine.services.security.exceptions.BaseLoginException</b>: Call logout before login
I have nightmares trying to integrate things which works in every application server but WAS. Why couldn't they simply follow the standard!?
I'm thinking in installing a tomcat with the client, and use axis to wrap it with a web service I can consume from my WAS. Not very elegant solution.
I think it maybe has something to do with specific callback classes from sap implementation.
Any idea? I can't go forward.Did you resolve this problem? Please let me know. I have the same issue now and don;t know what I should be doing next
-
Hi everyone, im having problems in a wireless network, the SSID has security layer 2 WPA, layer 3 web authentication (internal default page), and external RADIUS.
When a client makes a roaming from one AP to another one or when he has a idle time, he needs to re authenticate in the web login page. Somebody knows a solution to avoid this behavior?. Or somebody has a troubleshooting way to determine why the clients have this problems??A few things I can share that might help .. Your actually feet on the ground will be importnat to see this issue for yourself.
I know when a client or if the AP sends a DEAUTH frame the client will need to reestablish its connection and it will 100% of the time require a new web auth. If a client loses connection while roaming and a DEAUTH is sent on either side you will get the page. If youre client isnt romaing cleanly this can be a problem.
Another problem is your using EAP. Are you using CCK or a device that supports OKC. What does your radius server say when a client roams ?
You could also simply your config and then reapply your security and see where it breaks. By this I mean. For testing, create a SSID turn off security and leave layer 3 web auth on. Roam and see what happens. If it works, then start to apply the security and see where it breaks.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection." -
DSM terminator problem with anonymous user
Hi friends,
When I am in the portal as an anonymous user and close the browser, the DSM terminator window is opened showing the logon screen.
Somebody knows how to solve this problem?
Thank's in advance!Hi Michel,
Go to system Administration -->system configuration --> service configuration -->Applications
>com.sap.portal.appintegrator>services
>common_configuration> set Alertsession Management Mismatch to false.
Regards
Arun -
Problems with basic authentication example
I am trying to run the basic authentication example from the Professional JSP book (Chapter 16) although for some reason I continue to get "AUTHENTICATION MECHANISM NULL" instead of "AUTHENTICATION MECHANISM BASIC". I do not even get the pop-up window with the prompt for Username and Password. I am running Tomcat 4.0-dev and have tried to access the login window by pointing the browser to the appropriate file:
//localhost:8080/ch16-basic/index.jsp
Still not login window???
I have added the extra user and password to the tomcat-users.xml file (username="projsp" password="projsp" roles="superuser")
Still no luck????
Could someone please let me know what could possibly be going wrong.
Thank you!!!!The index.jsp is:
<html>
<head>
<title>Protected Area Page</title>
</head>
<body>
<%
out.println("<H2>Authentication Mechanism "+ request.getAuthType() +" </H2>" );
%>
</body>
</html>
The tomcat-users.xml is:
<!--
NOTE: By default, no user is included in the "manager" role required
to operate the "/manager" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
<user name="projsp" password="projsp" roles="superuser" />
</tomcat-users>
And the web.xml is:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_3.dtd">
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ProJSP Authentication Example</realm-name>
</login-config>
</web-app>
WHY ISN"T THIS WORKING!!!!
Maybe you are looking for
-
Can a spool file be sent as an attachment in the decision step?
Hi, I have z program that runs in background and produces a spool file. Normally, I can use tcode SP01 to display this file. At the end of this z program, I call SWW_WI_START_SIMPLE to send a workflow into SAP inbox. I want to know if I somhow can se
-
Spaces getting trimmed in file content conversion
Hi all, I am converting a flat file to an XML file by XI. The problem which i am facing in file content conversion is that the spaces in flat file data are getting trimmed to one space in the XML in SXMB_MONI. The data in flat file is like SOUTHSEA a
-
My iphone 5 has been hacked by someone i know, they have this software on their iphone 5 and can watch everything i do from their device. I would like to know if this kind of software is available or if this is made up and this person is accessing my
-
Variant configuration class types
Hi Friends, I have some questions on variant configuration class types What is the difference among following class types? 1. 001 --- Material class 2. 023 - Batch 3. 200-----Material (Configurable objects) 4. 300-----Variants In which b
-
Can't import from Sony DCR-SR200 camcorder
Just upgraded to iMovie 08 as I was told my Sony DCR-SR200 was supported at the Apple Store. Also see it listed as a supported camcorder on Apple's support site. Perhaps I'm doing something wrong? The HDD of the camera comes up on the desktop as a di