Proxy authentication failed in MAc OS 10.8.3

I am using firefox 21.0 in Mac os 10.8.3.We are using proxy server for browsing.While browsing internet firefox prompts for proxy username and password,after entering the correct user name and password it shows proxy authentication failed,Another round of authentication required.The same user name and pssword in working fine in safari in the same mac book.
Plz Help

Hi There!
Please check the solution mentioned here:
http://kb.globalscape.com/KnowledgebaseArticle10522.aspx
I remember someone else also suggested setting this option '''network.automatic-ntlm-auth.allow-proxies''' to '''false '''as well.
Hope this helps!
Have a good one!
Dawid

Similar Messages

  • Windows authentication fails from Mac browser when LB is in between

    (1)     A new instance of Windows server 2008 R2 is taken and IIS server is installed.
    On IIS server, ‘Windows Authentication’ is enabled and all the other authentication (anonymous, basic) is disabled.
    (2)     From Safari browser on Mac, a IIS resource (protected by Windows Authentication) is accessed by directly accessing IIS server. The resource access is successful.
    (3)     Now a Load Balancer is configured in front of IIS server.
    (4)     From Safari browser on Mac, a IIS resource (protected by Windows Authentication) is accessed by accessing load balancer. Here IIS server prompts for username and password.
    Seems that authentication negotiation is failing between Mac browser and IIS when LB is in between. Can somebody pls know the reason / resolution for this issue ?
    Thanks

    I was just helping someone with this same issue, and found this post searching for answers. I think it's a problem with your web hosting provider. It looks like whois is saying you both use readyhosting.net, is that right?
    If you go into the developer options and override the User Agent string, you can make the issue start and stop. When the user agent string starts with "Mozilla/5.0 (Windows NT 6.1", then the page with show the error message. If it starts with anything else, then it works fine.
    This, and the fact that you did not make any changes to your site makes it sound like your hosting provider changed something. You probably need to have them fix it somehow.

  • Weblogic 8.1 Webservice Client Proxy Authentication not working

    We have a desktop console based Weblogic webservices client application that uses client stubs to establish the connection and communicate with the server where the WSDL was hosted.
    We are facing a problem in authenticating the Proxy user with valid credentials.
    We are using the following code to set the system properties and Authenticator class to authenticate the proxy user.
    //Code Segment #1
    Code:
    System.setProperty("http.proxyHost", proxyHost);System.setProperty("https.proxyHost", proxyHost);
    System.setProperty("weblogic.webservice.transport.http.proxy.host",proxyHost);
    System.setProperty("weblogic.webservice.transport.https.proxy.host",proxyHost);
    System.setProperty("http.proxyPort", proxyPort);
    System.setProperty("https.proxyPort", proxyPort);
    System.setProperty("weblogic.webservice.transport.http.proxy.port",proxyPort);
    System.setProperty("weblogic.webservice.transport.https.proxy.port",proxyPort);
    //System.setProperty("http.proxyType", "basic");
    //System.setProperty("https.proxyType", "basic");
    //System.setProperty("http.proxy.auth.type" ,"ntlm"); //This is not showing any impact
    System.setProperty("http.proxyUser", "bsil\\ashok.kumar");
    System.setProperty("https.proxyUser", "bsil\\ashok.kumar");
    System.setProperty("http.proxyPassword", " xyzddd");
    System.setProperty("https.proxyPassword", "xyzddd");
    Authenticator.setDefault(new MyAuthenticator());
    //Inner class
    public static class MyAuthenticator extends Authenticator {
    protected PasswordAuthentication getPasswordAuthentication() {
    String username = System.getProperty("http.proxyUser");
         String password = System.getProperty("http.proxyPassword");
         return new PasswordAuthentication(username, password.toCharArray());
    We are using following code initialize the stubs (Which internally opens a connection to the given endpoint base URL)
    //Code Segment #2
    Code:
    SessionService_Impl sessionService = new SessionService_Impl(getEndPointURL(SessionServicePort.class));
    port = sessionService.getSessionServicePort();
    return port;
    Using above code it always throws the following exception:
    Code:
    weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from https://apiclienttest.intralinks.com:443/webservices51/SessionService?WSDL. Please check the URL and make sure that it is a valid XML file [java.io.IOException: Proxy authenticator  failed: java.lang.ClassNotFoundException: ]
    if i replace the above code (Code Segment #2) to as bellow with Code Segment #3 then its working as expected. But we have been told that the Code Segment #2 is required as shwon above for the Weblogic ClientTimeout seconds feature so we cant replace the Code Segment #2 with Code Segment #3 since we don?t want to miss the ClientTimeout seconds feature for the application.
    //Code Segment #3
    Code:
    SessionService_Impl sessionService = new SessionService_Impl();
              SessionServicePort sessionServicePort = sessionService.getSessionServicePort();
              ((SessionServicePort_Stub) sessionServicePort)._setProperty("javax.xml.rpc.service.endpoint.address", endPointBaseURL+"SessionService");
    return sessionServicePort ;
    why the Proxy authentication is failing with the Code Segment #2 and why it is passing in case of Code Segment #3
    The endpoint base URL we are hitting is hosted on Weblogic server 9.0 (which is hosted at client side in US so it is behind our firewall).
    Is some thing more do we need to do in Authenticator class???
    Please help me if any one has worked on proxy server authenticator in java.

    We have a desktop console based Weblogic webservices client application that uses client stubs to establish the connection and communicate with the server where the WSDL was hosted.
    We are facing a problem in authenticating the Proxy user with valid credentials.
    We are using the following code to set the system properties and Authenticator class to authenticate the proxy user.
    //Code Segment #1
    Code:
    System.setProperty("http.proxyHost", proxyHost);System.setProperty("https.proxyHost", proxyHost);
    System.setProperty("weblogic.webservice.transport.http.proxy.host",proxyHost);
    System.setProperty("weblogic.webservice.transport.https.proxy.host",proxyHost);
    System.setProperty("http.proxyPort", proxyPort);
    System.setProperty("https.proxyPort", proxyPort);
    System.setProperty("weblogic.webservice.transport.http.proxy.port",proxyPort);
    System.setProperty("weblogic.webservice.transport.https.proxy.port",proxyPort);
    //System.setProperty("http.proxyType", "basic");
    //System.setProperty("https.proxyType", "basic");
    //System.setProperty("http.proxy.auth.type" ,"ntlm"); //This is not showing any impact
    System.setProperty("http.proxyUser", "bsil\\ashok.kumar");
    System.setProperty("https.proxyUser", "bsil\\ashok.kumar");
    System.setProperty("http.proxyPassword", " xyzddd");
    System.setProperty("https.proxyPassword", "xyzddd");
    Authenticator.setDefault(new MyAuthenticator());
    //Inner class
    public static class MyAuthenticator extends Authenticator {
    protected PasswordAuthentication getPasswordAuthentication() {
    String username = System.getProperty("http.proxyUser");
         String password = System.getProperty("http.proxyPassword");
         return new PasswordAuthentication(username, password.toCharArray());
    We are using following code initialize the stubs (Which internally opens a connection to the given endpoint base URL)
    //Code Segment #2
    Code:
    SessionService_Impl sessionService = new SessionService_Impl(getEndPointURL(SessionServicePort.class));
    port = sessionService.getSessionServicePort();
    return port;
    Using above code it always throws the following exception:
    Code:
    weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from https://apiclienttest.intralinks.com:443/webservices51/SessionService?WSDL. Please check the URL and make sure that it is a valid XML file [java.io.IOException: Proxy authenticator  failed: java.lang.ClassNotFoundException: ]
    if i replace the above code (Code Segment #2) to as bellow with Code Segment #3 then its working as expected. But we have been told that the Code Segment #2 is required as shwon above for the Weblogic ClientTimeout seconds feature so we cant replace the Code Segment #2 with Code Segment #3 since we don?t want to miss the ClientTimeout seconds feature for the application.
    //Code Segment #3
    Code:
    SessionService_Impl sessionService = new SessionService_Impl();
              SessionServicePort sessionServicePort = sessionService.getSessionServicePort();
              ((SessionServicePort_Stub) sessionServicePort)._setProperty("javax.xml.rpc.service.endpoint.address", endPointBaseURL+"SessionService");
    return sessionServicePort ;
    why the Proxy authentication is failing with the Code Segment #2 and why it is passing in case of Code Segment #3
    The endpoint base URL we are hitting is hosted on Weblogic server 9.0 (which is hosted at client side in US so it is behind our firewall).
    Is some thing more do we need to do in Authenticator class???
    Please help me if any one has worked on proxy server authenticator in java.

  • DAP and http proxy authentication

    I have a ASA firewall with http proxy authetication and now i configure DAP for Anyconnect with AD .I disable the "Default Dynamic Access Policy"  proxy authentication fail .Someone knows how to configure the DAP for http proxy authentication ?
    best regards

    Still nothing about it. I've also posted to another threads with similar problems:
    http://discussions.apple.com/message.jspa?messageID=8165122#8165122
    http://discussions.apple.com/message.jspa?messageID=8165120#8165120
    http://discussions.apple.com/message.jspa?messageID=8165118#8165118
    http://discussions.apple.com/message.jspa?messageID=8149758#8149758
    As I said before, while I've had OS 1.1.4, everything was normal. It began when I upgraded to 2.0.2 and after to 2.1. I also double checked if the TI here changed the policies, and they assured me they don't.
    Several other users with 2.x are also reporting the same trouble. As far as now, I've came across a post suggesting me to install a local http proxy on the phone, but I don't think it's gonna work.
    Let's keep this thread alive!

  • My app store is not working after installing mavericks. When I open app store it repeatedly asking me to login with apple ID and to provide User name and Password for proxy authentication in a loop.I am a newbie to mac,Please help me.

    My app store is not working after installing mavericks. When I open app store it repeatedly asking me to login with apple ID and to provide User name and Password for proxy authentication in a loop.I am a newbie to mac,Please help me.

    Hmmmm... would appear that you need to be actually logged in to enable the additional menu features.
    Have you tried deletting the plists for MAS?
    This page might help you out...
    http://www.macobserver.com/tmo/answers/how_to_identify_and_fix_problems_with_the _mac_app_store
    Failing that, I will have to throw this back to the forum to see if anyone else can advise further.
    Let me know how you get on?
    Thanks.

  • Mac Adobe Flash Player not supporting Web Proxy Authentication

    Anyone else got an enterprise network where you use web proxies with web authentication and no traffic allowed out except through the proxies?
    You may need to be in the UK for this, but try accessing BBC iPlayer content - http://www.bbc.co.uk/iplayer and you should discover that the content won't play. the error says "This content doesn't seem to be working. Try again later.". The content will never work as the Mac version of Flash (currently 10.1.53.64) is not able to respond to web proxy authentication requests. The BBC use various streaming server which are randomly selected when a user starts a stream and they have no DNS. Just IP addresses. They don't publish a list for security reasons. So it is almost impossible to exempt all their servers from authentication.
    I've logged a bug with Adobe. If you have this issue too, please add a comment and vote so that they can begin to grasp the impact of this problem:
    https://bugs.adobe.com/jira/browse/FP-5161

    I have the same issues in Australia trying to access flash content from the ABC website. The strange thing is the content will play if your leave the browser open for 5min.
    After several packet data captures we identified that it has to do with the amount of time it takes the Mac timeout from the proxy before it plays the video content.
    No solution yet.

  • Authentication failed binding to mac server 2.2.1

    I have setup a new Mac Mini Server running Mountain Lion 10.8.2 and OS X Server 2.2.1.  I am trying to join my Macbook Pro to Open Directory however it continues to fail.  It does prompt with the SSL warning which I select continue on, however when I enter the diradmin username and password I get an Authentication Failed message when binding.  I can access the directory via workgroup manager ok and I have also been able to join my Synology NAS to the Directory Service first time.
    Baffled and scratching my head.  Any ideas?

    Server Version is 2.2.1 and it's installed on a Mac Mini Server running 10.8.2.  Just a single OD server at present.
    Future project:  Can we make a Synology NAS which can also a be a Open Directory Server act as a Domain Replica?

  • Image Upload fails with Error 407: Proxy Authentication Required

    Hello,
      I am trying to upload Custom Template Image, however it fails with error :(407) Proxy Authentication Required message. i would have to admit that i am trying this behind a Proxy Firewall. So i do really need to know how to make this work and
    what is that i need to request from the Proxy team to make this working.
    Thanks
    TSANA

    Hello TP,
     Your Suggestion really helped and the upload is working. However because of the bandwidth being low, its showing 2 days. Is there any other approach to get around with this? I have also observed that, if we leave the upload over night , then it will
    show that the Image upload failed with exception. I have managed to rerun the script(same script) in same window, and luckily it continues from where it had failed. This is somehow not a good thing that Microsoft did not provide an option of using Azure VM
    as a template. 
    Thanks
    Sundesh

  • Proxy Authentication while Installing Dreamweaver Widget Browser (Mac)

    Hi,
    I have created the Adobe CS6 Web and Design Premium package using AAMEE 3.0. I have chosen to exclude adobe air and help. Exception folders have Adobe AIR Installer , Adobe Dreamweaver Widget browser and Adobe Help. ExceptionInfo.txt provides the list of commands to install the exceptions. While running the commands from the text file, Adobe AIR and Adobe Help works fine but Dreamweaver widget prompts for proxy authentication inspite of -slient parameter.
    I am using the below command from ExceptionInfo.txt to install Widget Browser
    Adobe AIR Installer.app/Contents/MacOS/Adobe AIR Installer -silent -eulaAccepted -programMenu WidgetBrowser.air
    Does this a common issue or do I need to change something in the command line?
    Regards,
    Karthikeyan M

    Hi Karthikeyan
    I haven't had the opportunity to confirm this with CS6 recently, but depending on the callback the air application makes, I have seen examples where using the -revocationCheck never command line flag could potentially make a difference. It would be interesting to see if it does under these specific circumstances with the widgetbrowser.
    See http://blogs.adobe.com/simplicity/2011/08/disabling-air-certificate-revocation-checks-duri ng-silent-install.html and http://helpx.adobe.com/creative-suite/kb/creative-suite-deployment-proxy-log.html for some background.
    Kind regards
    Henk

  • Safari access denied authentication failed behind proxy

    Hi hello
    I have proxy in my company, and my safari don't work, firefox is ok, he ask me my username and password for the proxy
    And Safari don't work, he write me
    " Access denied ( authentification_failed )
    Your credentials could not be authenticated : "credentials are missing". You will not be permitted access until your credentials can be verified.
    This is typically caused by an incorrect username and/or password but could also be caused by network problems. "
    Wait your help
    Thanks

    Safari, Proxy Authentication, and...: Apple Support Communities
    Invalid Certificate on every secured...: Apple Support Communities

  • Proxy authenication problems from Macs.... argh

    I am seeing this regularly in mixed Windows/Macs environments where all machines proxy over 8080 to the TMG box (integrated authentication).
    I can have a firewall rule that allows traffic from Internal to External over HTTP/HTTPS for Domain Users and both clients, Macs and PCs, will be able to browse internet fine so long as they have approrpiate proxy server settings configured on either their
    machine or browser.
    However, some websites that use Flash or Java, for viewing videos result in the Macs NOT working.  Looking in the firewall loggging I can see that access is being denied because the Mac is not passing user credentials and is attempting to go out
    using anonymous credentials (which is not allowed).  This ONLY happens for the Macs, and ONLY happens on certain websites, and ONLY for stuff like Java/Flash, etc. 
    Anyone else running into this?  It's happening so frequently that I am about to just turn OFF all proxying to TMG and have everyone go out as secure NAT clients because everytime this happens, I have to create a specific rule for THAT website to allow
    SecureNAT.
    Thoughts??

    Hi,
    Your analysis is correct. TMG (or any other proxy) will ask user for authentication, if the rule is configured to do so. Its upto the client (browser or software entity trying to access internet) to authenticate to the proxy. If that entity is not designed
    for such proxy authentications, they will fail to access the resource.
    If you see in your logs that the browser/application (Safari/Java) on MAC is unable to authenticate to proxy, thats exactly the reason its failing. If you look above that, you should see 407 messages, where the proxy server is telling the client to
    negotiate and authenticate for proxy.
    Hope this help. If you have any furhter questions, please let me know.
    Related post:
    http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/78b2a5e8-9a80-42d8-bd38-a3c175161b12
    Regards, Amit Saxena. Keep Walking! Please remember to use “Mark as Answer” or "vote as helpful" on the posts that help you.

  • I'm trying to connect through the FTP client Filezilla. When I try to login with the wizard, it gives me a "503 Failure of Data Connection" reply; when I attempt to login myself, it gives me a "530 Login Authentication Failed." HELP!!!

    My current softward is: Mac OS X Lion 10.7.5 (11G63)
    When I attempt to use the Filezilla connection wizard I get the following message:
    Connecting to probe.filezilla-project.org
    Response: 220 FZ router and firewall tester ready
    USER FileZilla
    Response: 331 Give any password.
    PASS 3.7.1.1
    Response: 230 logged on.
    Checking for correct external IP address
    Retrieving external IP address from http://ip.filezilla-project.org/ip.php
    Checking for correct external IP address
    IP 27.0.19.56 ch-a-bj-fg
    Response: 200 OK
    PREP 52470
    Response: 200 Using port 52470, data token 1871898076
    PORT 27,0,19,56,204,246
    Response: 200 PORT command successful
    LIST
    Response: 150 opening data connection
    Response: 503 Failure of data connection.
    Server sent unexpected reply.
    Connection closed
    When I attempt to login Host/Username/Password myself I get the following message:
    Status:          Resolving address of amyhoney.com
    Status:          Connecting to 184.168.54.1:21...
    Status:          Connection established, waiting for welcome message...
    Response:          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response:          220-You are user number 12 of 500 allowed.
    Response:          220-Local time is now 04:05. Server port: 21.
    Response:          220-This is a private system - No anonymous login
    Response:          220 You will be disconnected after 3 minutes of inactivity.
    Command:          USER 5475****
    Response:          331 User 5475**** OK. Password required
    Command:          PASS ********************
    Response:          530 Login authentication failed
    Error:          Critical error
    Error:          Could not connect to server
    Now before anyone points out the obvious: my username and password are correct. I've already gone through changing them so I know they are.
    Additionally, I've pretty much tried EVERYTHING I've read online, from messing with "terminal" (and subsequently the FTP and STFP options) to changing the sharing options and turning on file sharing/remote management as well as just turning off my Firewall completely.
    Now I've used Filezilla before when I first published my site and everything worked fine. My site is published through Wordpress so most of my editing was done through simply logging into my "wp-login." I recently changed the theme and in order to change the header image in that theme I have to do it through my "wp-content" folder, which means I need to use Filezilla. I feel like a complete moron right now considering I've had my site for about a year and can't even doing something this simple.
    I've read that the newer version of Lion/Mountain Lion don't support automatice FTP anymore, which (as I mentioned prior) I attempted to fix through Terminal. However, nothing I do seem to do works.
    Can someone walk me through fixing this? And I do mean 'walk me through'. I'm not a tech-savvy nerd who knows all the lingo, I just know the basics so sorry if my ignorance offends you.
    HELP!!

    First be sure login and password are OK. Sometimes the address starts wit "http://..." and sometime starts with "ftp://...". Try both normal FTP access and Scure FTP access (SFTP). At the end, contact the site's provider.

  • 802.1x authentication fail

    i have a juniper device linux operating system on that we have radius server configured and i am trying to integrate my WLC with that radius
    i have added WLC as a host there in radius
    on wlc i have configured authentication like radius ip shared secret key and done
    its working i can ping radius server
    also in wlc i configured on Wlan aaa allow override check box and also hited the WPA2 802.1x layer2 security and radius server option brought on top.
    i also configured my windows wireless adaptor as PEAP MSCHAP v2
    i am trying to connect this ssid and its asking for my AD accounts but when i enter that its not authenticating users and giving this logs.
    (WiSM-slot24-1) >debug aaa events enable
    (WiSM-slot24-1) >
    (WiSM-slot24-1) >
    (WiSM-slot24-1) >*apfMsConnTask_0: Dec 31 15:12:03.043: 00:13:e8:3e:26:bf Processing RSN IE type 48, length 22 for mobile 00:13:e8:3e:26:bf
    *apfMsConnTask_0: Dec 31 15:12:03.043: 00:13:e8:3e:26:bf Received RSN IE with 0 PMKIDs from mobile 00:13:e8:3e:26:bf
    *apfMsConnTask_0: Dec 31 15:12:03.043: 00:13:e8:3e:26:bf apfMsAssoStateInc
    *dot1xMsgTask: Dec 31 15:12:03.044: 00:13:e8:3e:26:bf Station 00:13:e8:3e:26:bf setting dot1x reauth timeout = 1800
    *dot1xMsgTask: Dec 31 15:12:03.044: 00:13:e8:3e:26:bf Sending EAP-Request/Identity to mobile 00:13:e8:3e:26:bf (EAP Id 1)
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:03.097: 00:13:e8:3e:26:bf Received EAPOL START from mobile 00:13:e8:3e:26:bf
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:03.097: 00:13:e8:3e:26:bf Sending EAP-Request/Identity to mobile 00:13:e8:3e:26:bf (EAP Id 2)
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.596: 00:13:e8:3e:26:bf Received EAPOL EAPPKT from mobile 00:13:e8:3e:26:bf
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.596: 00:13:e8:3e:26:bf Received Identity Response (count=2) from mobile 00:13:e8:3e:26:bf
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.596: 00:13:e8:3e:26:bf Audit Session ID added to the mscb: 0a8740e10000002e4efefc1c
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.596: Creating audit session ID (dot1x_aaa_eapresp_supp) and Radius Request
    *aaaQueueReader: Dec 31 15:12:12.597: apfVapRadiusInfoGet: WLAN(1) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
    *aaaQueueReader: Dec 31 15:12:12.597: 00:13:e8:3e:26:bf Successful transmission of Authentication Packet (id 202) to 10.34.11.2:1812, proxy state 00:13:e8:3e:26:bf-00:00
    *radiusTransportThread: Dec 31 15:12:12.598: ****Enter processIncomingMessages: response code=11
    *radiusTransportThread: Dec 31 15:12:12.598: ****Enter processRadiusResponse: response code=11
    *radiusTransportThread: Dec 31 15:12:12.598: 00:13:e8:3e:26:bf Access-Challenge received from RADIUS server 10.34.11.2 for mobile 00:13:e8:3e:26:bf receiveId = 3
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.598: 00:13:e8:3e:26:bf Processing Access-Challenge for mobile 00:13:e8:3e:26:bf
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.598: 00:13:e8:3e:26:bf Sending EAP Request from AAA to mobile 00:13:e8:3e:26:bf (EAP Id 3)
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.600: 00:13:e8:3e:26:bf Received EAPOL EAPPKT from mobile 00:13:e8:3e:26:bf
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.600: 00:13:e8:3e:26:bf Received EAP Response from mobile 00:13:e8:3e:26:bf (EAP Id 3, EAP Type 3)
    *aaaQueueReader: Dec 31 15:12:12.600: apfVapRadiusInfoGet: WLAN(1) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
    *aaaQueueReader: Dec 31 15:12:12.600: 00:13:e8:3e:26:bf Successful transmission of Authentication Packet (id 203) to 10.34.11.2:1812, proxy state 00:13:e8:3e:26:bf-00:00
    *radiusTransportThread: Dec 31 15:12:12.601: ****Enter processIncomingMessages: response code=3
    *radiusTransportThread: Dec 31 15:12:12.601: ****Enter processRadiusResponse: response code=3
    *radiusTransportThread: Dec 31 15:12:12.601: 00:13:e8:3e:26:bf Access-Reject received from RADIUS server 10.34.11.2 for mobile 00:13:e8:3e:26:bf receiveId = 3
    *radiusTransportThread: Dec 31 15:12:12.601: 00:13:e8:3e:26:bf [Error] Client requested no retries for mobile 00:13:E8:3E:26:BF
    *radiusTransportThread: Dec 31 15:12:12.601: 00:13:e8:3e:26:bf Returning AAA Error 'Authentication Failed' (-4) for mobile 00:13:e8:3e:26:bf
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.601: 00:13:e8:3e:26:bf Processing Access-Reject for mobile 00:13:e8:3e:26:bf
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.602: 00:13:e8:3e:26:bf Removing PMK cache due to EAP-Failure for mobile 00:13:e8:3e:26:bf (EAP Id 3)
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.602: 00:13:e8:3e:26:bf Sending EAP-Failure to mobile 00:13:e8:3e:26:bf (EAP Id 3)
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:12.602: 00:13:e8:3e:26:bf Setting quiet timer for 5 seconds for mobile 00:13:e8:3e:26:bf
    *apfMsConnTask_0: Dec 31 15:12:15.319: 00:13:e8:3e:26:bf Processing RSN IE type 48, length 22 for mobile 00:13:e8:3e:26:bf
    *apfMsConnTask_0: Dec 31 15:12:15.319: 00:13:e8:3e:26:bf Received RSN IE with 0 PMKIDs from mobile 00:13:e8:3e:26:bf
    *dot1xMsgTask: Dec 31 15:12:15.320: 00:13:e8:3e:26:bf Sending EAP-Request/Identity to mobile 00:13:e8:3e:26:bf (EAP Id 1)
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:15.389: 00:13:e8:3e:26:bf Received EAPOL START from mobile 00:13:e8:3e:26:bf
    *Dot1x_NW_MsgTask_0: Dec 31 15:12:15.389: 00:13:e8:3e:26:bf Sending EAP-Request/Identity to mobile 00:13:e8:3e:26:bf (EAP Id 2)
    any idea to solve this problem?
    or any one knows that how to configur a radius server on juniper linux operating system?
    many thanks in advance

    You should post on the Juniper forums regarding your policy configuration.  You should stick with using a radius than just doing ldap through the wlc.  Here is a link for webauth using ldap, but should get you close.  Again... you should look at getting your juniper radius configuration fixed first.
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

  • 802.1x port authentication failing after getting a access-accept packet

    Hi all,
    Im not 100% sure what the hell is going on here.
    Any idea's or help will be appreciated.
    Heres the topology.
    1 x windows 2012 NPS
    1x 3750X
    1x Windows 7 x64
    data flow
    <laptop> - - [gi 1/0/13]<3750X>[gi 1/0/48]- -[gi 5/39]<6513>[po 1] - - [po 4]<6509><5/1> - - <VMWARE>[NPS Server]
    The switch that is doing the authentication is the 3750X. Here is the IOS version.
    Switch Ports Model              SW Version            SW Image
    *    1 54    WS-C3750X-48       15.2(1)E              C3750E-UNIVERSALK9-M
    A wireshark trace on the NPS server shows that the packets are arriving and being sent back
    Wireshark on a mirror of the trunk port connecting the 6513. It also shows packets being sent and arriving. access-accept packets are being recieved.
    As you can see in the debug output, the switch is getting a access-accept, then it is stating a AAA failure.
    here is a debug output as you plug in the laptop.
    Oct 24 10:53:44.653: dot1x-ev:[Gi1/0/13] Interface state changed to DOWN
    Oct 24 10:53:44.653: dot1x-ev:[Gi1/0/13] No DOT1X subblock found for port down
    Oct 24 10:53:45.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to down
    Oct 24 10:53:46.641: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to down
    Oct 24 10:53:47.538: dot1x-ev:[Gi1/0/13] Interface state changed to UP
    Oct 24 10:53:47.564: dot1x-packet:[6431.500e.9b00, Gi1/0/13] queuing an EAPOL pkt on Auth Q
    Oct 24 10:53:47.572: dot1x-ev:DOT1X Supplicant not enabled on GigabitEthernet1/0/13
    Oct 24 10:53:47.572: dot1x-packet:EAPOL pak rx - Ver: 0x1  type: 0x1
    Oct 24 10:53:47.572: dot1x-packet: length: 0x0000
    Oct 24 10:53:47.572: dot1x-ev:[Gi1/0/13] Dequeued pkt: Int Gi1/0/13 CODE= 0,TYPE= 0,LEN= 0
    Oct 24 10:53:47.572: dot1x-ev:[Gi1/0/13] Received pkt saddr =6431.500e.9b00 , daddr = 0180.c200.0003, pae-ether-type = 888e.0101.0000
    Oct 24 10:53:47.572: dot1x-ev:[Gi1/0/13] Couldn't find the supplicant in the list
    Oct 24 10:53:47.572: dot1x-ev:[6431.500e.9b00, Gi1/0/13] New client detected, sending session start event for 6431.500e.9b00
    Oct 24 10:53:47.572: AAA/BIND(00000047): Bind i/f
    Oct 24 10:53:47.580: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Sending create new context event to EAP for 0x15000045 (6431.500e.9b00)
    Oct 24 10:53:47.580: EAP-EVENT: Received context create from LL (Dot1x-Authenticator) (0x15000045)
    Oct 24 10:53:47.580: EAP-AUTH-EVENT: Received AAA ID 0x00000047 from LL
    Oct 24 10:53:47.580: EAP-AUTH-AAA-EVENT: Assigning AAA ID 0x00000047
    Oct 24 10:53:47.580: EAP-AUTH-AAA-EVENT: CTS not enabled on interface Gi1/0/13
    Oct 24 10:53:47.580: EAP-AUTH-EVENT: Received Session ID "C0A846660000004700DF6030" from LL
    Oct 24 10:53:47.580: EAP-AUTH-EVENT: Setting authentication mode: Passthrough
    Oct 24 10:53:47.580:     eap_authen : initial state eap_auth_initialize has enter
    Oct 24 10:53:47.580: EAP-EVENT: Allocated new EAP context (handle = 0xE8000047)
    Oct 24 10:53:47.580: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Created a client entry (0x15000045)
    Oct 24 10:53:47.580: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Dot1x authentication started for 0x15000045 (6431.500e.9b00)
    Oct 24 10:53:47.580: %AUTHMGR-5-START: Starting 'dot1x' for client (6431.500e.9b00) on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
    Oct 24 10:53:47.580: EAP-EVENT: Received EAP event 'EAP_AUTHENTICATOR_START' on handle 0xE8000047
    Oct 24 10:53:47.580:     eap_authen : during state eap_auth_initialize, got event 25(eapStartTmo)
    Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_initialize -> eap_auth_select_action
    Oct 24 10:53:47.580:     eap_authen : during state eap_auth_select_action, got event 20(eapDecisionPropose)
    Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_select_action -> eap_auth_propose_method
    Oct 24 10:53:47.580:     eap_authen : idle during state eap_auth_propose_method
    Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_propose_method -> eap_auth_method_request
    Oct 24 10:53:47.580:     eap_authen : idle during state eap_auth_method_request
    Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_method_request -> eap_auth_tx_packet
    Oct 24 10:53:47.580: EAP-AUTH-EVENT: Current method = Identity
    Oct 24 10:53:47.580: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_CUSTOMIZE_ID_REQUEST' on handle 0xE8000047
    Oct 24 10:53:47.580:     eap_authen : idle during state eap_auth_tx_packet
    Oct 24 10:53:47.580: @@@ eap_authen : eap_auth_tx_packet -> eap_auth_idle
    Oct 24 10:53:47.589: EAP-AUTH-TX-PAK: Code:REQUEST  ID:0x1   Length:0x0005  Type:IDENTITY
    Oct 24 10:53:47.589: EAP-EVENT: Started 'Authenticator ReqId Retransmit' timer (30s) for EAP sesion handle 0xE8000047
    Oct 24 10:53:47.589: EAP-EVENT: Started EAP tick timer
    Oct 24 10:53:47.589: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_TX_PACKET' on handle 0xE8000047
    Oct 24 10:53:47.597: dot1x-ev:[Gi1/0/13] Sending EAPOL packet to group PAE address
    Oct 24 10:53:47.597: dot1x-ev:[Gi1/0/13] Sending out EAPOL packet
    Oct 24 10:53:47.597: dot1x-packet:EAPOL pak Tx - Ver: 0x3  type: 0x0
    Oct 24 10:53:47.597: dot1x-packet: length: 0x0005
    Oct 24 10:53:47.597: dot1x-packet:EAP code: 0x1  id: 0x1  length: 0x0005
    Oct 24 10:53:47.597: dot1x-packet: type: 0x1
    Oct 24 10:53:47.597: dot1x-packet:[6431.500e.9b00, Gi1/0/13] EAPOL packet sent to client 0x15000045
    Oct 24 10:53:47.606: dot1x-packet:[6431.500e.9b00, Gi1/0/13] Queuing an EAPOL pkt on Authenticator Q
    Oct 24 10:53:47.606: dot1x-packet:EAPOL pak rx - Ver: 0x1  type: 0x0
    Oct 24 10:53:47.606: dot1x-packet: length: 0x001F
    Oct 24 10:53:47.606: dot1x-ev:[Gi1/0/13] Dequeued pkt: Int Gi1/0/13 CODE= 2,TYPE= 1,LEN= 31
    Oct 24 10:53:47.606: dot1x-ev:[Gi1/0/13] Received pkt saddr =6431.500e.9b00 , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.001f
    Oct 24 10:53:47.606: dot1x-packet:EAPOL pak rx - Ver: 0x1  type: 0x0
    Oct 24 10:53:47.606: dot1x-packet: length: 0x001F
    Oct 24 10:53:47.606: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Response sent to the server from 0x15000045
    Oct 24 10:53:47.606: EAP-EVENT: Received LL (Dot1x-Authenticator) event 'EAP_RX_PACKET' on handle 0xE8000047
    Oct 24 10:53:47.606: EAP-AUTH-RX-PAK: Code:RESPONSE  ID:0x1   Length:0x001F  Type:IDENTITY
    Oct 24 10:53:47.606:     Payload:  47454E4552414C5C72616E64792E636F ...
    Oct 24 10:53:47.606:     eap_authen : during state eap_auth_idle, got event 1(eapRxPacket)
    Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_idle -> eap_auth_received
    Oct 24 10:53:47.606: EAP-AUTH-EVENT: EAP Response received by context 0xE8000047
    Oct 24 10:53:47.606: EAP-AUTH-EVENT: EAP Response type = Identity
    Oct 24 10:53:47.606: EAP-EVENT: Stopping 'Authenticator ReqId Retransmit' timer for EAP sesion handle 0xE8000047
    Oct 24 10:53:47.606:     eap_authen : during state eap_auth_received, got event 10(eapMethodData)
    Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_received -> eap_auth_method_response
    Oct 24 10:53:47.606: EAP-AUTH-EVENT: Received peer identity: GENERAL\randy.coburn.admin
    Oct 24 10:53:47.606: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_IDENTITY' on handle 0xE8000047
    Oct 24 10:53:47.606:     eap_authen : during state eap_auth_method_response, got event 13(eapMethodEnd)
    Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_method_response -> eap_auth_select_action
    Oct 24 10:53:47.606:     eap_authen : during state eap_auth_select_action, got event 19(eapDecisionPass)
    Oct 24 10:53:47.606: @@@ eap_authen : eap_auth_select_action -> eap_auth_passthru_init
    Oct 24 10:53:47.606:     eap_authen : during state eap_auth_passthru_init, got event 22(eapPthruIdentity)
    Oct 24 10:53:47.614: @@@ eap_authen : eap_auth_passthru_init -> eap_auth_aaa_req
    Oct 24 10:53:47.614: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_GET_PEER_MAC_ADDRESS' on handle 0xE8000047
    Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Adding Audit-Session-ID "C0A846660000004700DF6030" to RADIUS Req
    Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Added Audit-Session-ID
    Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Adding IDB "0x070B90F8" to RADIUS Req
    Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Added IDB
    Oct 24 10:53:47.614: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_CUSTOMIZE_AAA_REQUEST' on handle 0xE8000047
    Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: eap_auth_aaa_authen_request_shim aaa_service 19, eap aaa_list handle 0, mlist handle 0
    Oct 24 10:53:47.614: AAA/AUTHEN/8021X (00000000): Pick method list 'default'
    Oct 24 10:53:47.614: EAP-AUTH-AAA-EVENT: Request sent successfully
    Oct 24 10:53:47.614:     eap_authen : during state eap_auth_aaa_req, got event 24(eapAAAReqOk)
    Oct 24 10:53:47.614: @@@ eap_authen : eap_auth_aaa_req -> eap_auth_aaa_idle
    Oct 24 10:53:47.614: RADIUS/ENCODE(00000000):Orig. component type = Invalid
    Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute hwidb
    Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute aaa-authen-type
    Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute aaa-authen-service
    Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute clid-mac-addr
    Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute target-scope
    Oct 24 10:53:47.614: RADIUS/ENCODE(00000000): Unsupported AAA attribute aaa-unique-id
    Oct 24 10:53:47.614: RADIUS(00000000): Config NAS IP: 0.0.0.0
    Oct 24 10:53:47.614: RADIUS(00000000): sending
    Oct 24 10:53:47.614: RADIUS/ENCODE: Best Local IP-Address 192.168.70.102 for Radius-Server 192.168.19.121
    Oct 24 10:53:47.614: RADIUS(00000000): Send Access-Request to 192.168.19.121:1645 id 1645/21, len 288
    Oct 24 10:53:47.614: RADIUS:  authenticator F1 BA E5 31 71 54 BF 1A - A2 B1 5E 1A 63 72 1E 72
    Oct 24 10:53:47.614: RADIUS:  User-Name           [1]   28  "GENERAL\randy.coburn.admin"
    Oct 24 10:53:47.614: RADIUS:  Service-Type        [6]   6   Framed                    [2]
    Oct 24 10:53:47.614: RADIUS:  Vendor, Cisco       [26]  27
    Oct 24 10:53:47.614: RADIUS:   Cisco AVpair       [1]   21  "service-type=Framed"
    Oct 24 10:53:47.614: RADIUS:  Framed-MTU          [12]  6   1500
    Oct 24 10:53:47.614: RADIUS:  Called-Station-Id   [30]  19  "AC-F2-C5-75-7D-0D"
    Oct 24 10:53:47.614: RADIUS:  Calling-Station-Id  [31]  19  "64-31-50-0E-9B-00"
    Oct 24 10:53:47.614: RADIUS:  EAP-Message         [79]  33
    Oct 24 10:53:47.614: RADIUS:   02 01 00 1F 01 47 45 4E 45 52 41 4C 5C 72 61 6E 64 79 2E 63 6F  [GENERAL\randy.co]
    Oct 24 10:53:47.622: RADIUS:   62 75 72 6E 2E 61 64 6D 69 6E        [ burn.admin]
    Oct 24 10:53:47.622: RADIUS:  Message-Authenticato[80]  18
    Oct 24 10:53:47.622: RADIUS:   EE 52 4D ED B9 06 F3 CE 63 AC 9D 73 24 1B A7 ED             [ RMcs$]
    Oct 24 10:53:47.622: RADIUS:  EAP-Key-Name        [102] 2   *
    Oct 24 10:53:47.622: RADIUS:  Vendor, Cisco       [26]  49
    Oct 24 10:53:47.622: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A846660000004700DF6030"
    Oct 24 10:53:47.622: RADIUS:  Vendor, Cisco       [26]  20
    Oct 24 10:53:47.622: RADIUS:   Cisco AVpair       [1]   14  "method=dot1x"
    Oct 24 10:53:47.622: RADIUS:  NAS-IP-Address      [4]   6   192.168.70.102
    Oct 24 10:53:47.622: RADIUS:  NAS-Port            [5]   6   60000
    Oct 24 10:53:47.622: RADIUS:  NAS-Port-Id         [87]  23  "GigabitEthernet1/0/13"
    Oct 24 10:53:47.622: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
    Oct 24 10:53:47.622: RADIUS(00000000): Sending a IPv4 Radius Packet
    Oct 24 10:53:47.622: RADIUS(00000000): Started 10 sec timeout
    Oct 24 10:53:47.622: RADIUS: Received from id 1645/21 192.168.19.121:1645, Access-Accept, len 66
    Oct 24 10:53:47.622: RADIUS:  authenticator 92 F6 07 AF C1 AB 0B 4C - 1D 9E A0 D1 01 36 27 26
    Oct 24 10:53:47.622: RADIUS:  Class               [25]  46
    Oct 24 10:53:47.622: RADIUS:   76 E3 06 66 00 00 01 37 00 01 02 00 C0 A8 13 79 00 00 00 00 00 00 00 00 00 00 00 00 01 CE CF F8 1F 7B 75 41 00 00 00 00 00 00 00 50          [ vf7y{uAP]
    Oct 24 10:53:47.622: RADIUS(00000000): Received from id 1645/21
    Oct 24 10:53:47.622: EAP-EVENT: eap_aaa_reply
    Oct 24 10:53:47.622: EAP-AUTH-AAA-EVENT: Reply received session_label 72000033
    Oct 24 10:53:47.622: EAP-EVENT: Received AAA event 'EAP_AAA_FAIL' on handle 0xE8000047
    Oct 24 10:53:47.622:     eap_authen : during state eap_auth_aaa_idle, got event 8(eapAAAFail)
    Oct 24 10:53:47.622: @@@ eap_authen : eap_auth_aaa_idle -> eap_auth_failure
    Oct 24 10:53:47.631: EAP-EVENT: Received get canned status from lower layer (0xE8000047)
    Oct 24 10:53:47.631: EAP-AUTH-TX-PAK: Code:FAILURE  ID:0x1   Length:0x0004
    Oct 24 10:53:47.631: EAP-AUTH-EVENT: FAIL for EAP method ID: 1, name: , on handle 0xE8000047
    Oct 24 10:53:47.631: EAP-EVENT: Sending LL (Dot1x-Authenticator) event 'EAP_FAIL' on handle 0xE8000047
    Oct 24 10:53:47.631: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Received an EAP Fail
    Oct 24 10:53:47.639: %DOT1X-5-FAIL: Authentication failed for client (6431.500e.9b00) on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
    Oct 24 10:53:47.639: dot1x-packet:[6431.500e.9b00, Gi1/0/13] Added username in dot1x
    Oct 24 10:53:47.639: dot1x-packet:[6431.500e.9b00, Gi1/0/13] Dot1x did not receive any key data
    Oct 24 10:53:47.639: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Processing client delete for hdl 0x15000045 sent by Auth Mgr
    Oct 24 10:53:47.639: dot1x-ev:[6431.500e.9b00, Gi1/0/13] 6431.500e.9b00: sending canned failure due to method termination
    Oct 24 10:53:47.639: EAP-EVENT: Received get canned status from lower layer (0xE8000047)
    Oct 24 10:53:47.639: dot1x-ev:[Gi1/0/13] Sending EAPOL packet to group PAE address
    Oct 24 10:53:47.639: dot1x-ev:[Gi1/0/13] Sending out EAPOL packet
    Oct 24 10:53:47.639: dot1x-packet:EAPOL pak Tx - Ver: 0x3  type: 0x0
    Oct 24 10:53:47.639: dot1x-packet: length: 0x0004
    Oct 24 10:53:47.639: dot1x-packet:EAP code: 0x4  id: 0x1  length: 0x0004
    Oct 24 10:53:47.639: dot1x-packet:[6431.500e.9b00, Gi1/0/13] EAPOL canned status packet sent to client 0x15000045
    Oct 24 10:53:47.639: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Deleting client 0x15000045 (6431.500e.9b00)
    Oct 24 10:53:47.639: %AUTHMGR-7-STOPPING: Stopping 'dot1x' for client 6431.500e.9b00 on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
    Oct 24 10:53:47.639: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (6431.500e.9b00) on Interface Gi1/0/13 AuditSessionID C0A846660000004700DF6030
    Oct 24 10:53:47.648: dot1x-ev:[6431.500e.9b00, Gi1/0/13] Delete auth client (0x15000045) message
    Oct 24 10:53:47.648: EAP-EVENT: Received free context (0xE8000047) from LL (Dot1x-Authenticator)
    Oct 24 10:53:47.648: dot1x-ev:Auth client ctx destroyed
    Oct 24 10:53:47.648: EAP-EVENT: Received LL (Dot1x-Authenticator) event 'EAP_DELETE' on handle 0xE8000047
    Oct 24 10:53:47.648: EAP-AUTH-EVENT: Freed EAP auth context
    Oct 24 10:53:47.648: EAP-EVENT: Freed EAP context
    Oct 24 10:53:48.621: EAP-EVENT: Stopped EAP tick timer
    Oct 24 10:53:49.485: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to up
    Oct 24 10:53:50.491: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to up
    Oct 24 10:53:53.528: dot1x-ev:[Gi1/0/13] Interface state changed to DOWN
    Oct 24 10:53:53.528: dot1x-ev:[Gi1/0/13] No DOT1X subblock found for port down
    Oct 24 10:53:54.518: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to down
    Oct 24 10:53:55.524: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to down

    Hi Jatin,
    See below the data that you have requested.
    show run bits.
    aaa new-model
    aaa authentication dot1x default group radius
    aaa session-id common
    clock timezone BST 0 0
    clock summer-time UTC recurring last Sun Mar 1:00 last Sun Oct 2:00
    dot1x system-auth-control
    interface GigabitEthernet1/0/13
    switchport access vlan 80
    switchport mode access
    authentication port-control auto
    dot1x pae authenticator
    spanning-tree portfast
    interface GigabitEthernet1/0/48
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 70
    switchport mode trunk
    radius server NPS1
    address ipv4 192.168.19.121 auth-port 1645 acct-port 1646
    timeout 10
    key thesecret
    ip default-gateway 192.168.70.1
    SW1-randy#show auth sessions interface gig 1/0/13
    Interface    MAC Address    Method       Domain          Status    Fg Session ID
    Gi1/0/13     803f.5d09.189e N/A          UNKNOWN      Unauth         C0A846660000002F00251DBC
    SW1-randy#Show mac address-table Interface GigabitEthernet1/0/13
              Mac Address Table
    Vlan    Mac Address       Type        Ports
      80    803f.5d09.189e    DYNAMIC     Drop
    SW1-randy#ping 192.168.19.121
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.19.121, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
    Here is a wireshark of the accept packet.
    Message was edited by: randy coburn
    Added wireshark trace

  • Acrobat Standard Proxy Authentication

    Hi,
    When we sign our PDF's we want to use an external timestamping server
    So we have configured both a Verisign and Globalsign timestamping server and made one of them as default
    Most of the time we got a response from Acrobat saying
    "Timestamp signature property generation error:
    Transport authorization failure"
    When it fails the doc is signed, but using the computers clock and we want to avoid that
    But sometime it did work which confused us but I think we have identified the problem with the Proxy authentication
    Our proxy requires full authetication against our Active Directory
    So when it worked was just because we just before signing had been surfing on the internet and the proxy had cached the credential approvals
    So when Adobe tried to get out to the timestamp server the ID was already authorized in the proxy
    But without a previous "IE-surfing" it fails, the proxy has nothing in its cache
    A network trace confirms this,  we see a "Authentication required" request from the proxy that Acrobat never responds to
    The proxy does not accept annonymous requests
    IE is configured to use a configration script for its proxy settings
    I cant find any relevant Acrobat settings that handles this and googling indicates that Acrobat has problems in this area
    But I haven't found anything for our version/release
    Now for the question, is Adobe Acrobat Standard 9.3.0 supposed to handle proxys that requires AD authentication?
    To bypass the proxy is not an option
    Setting a proxy exception for these servers is maybe an option
    Prefered is that Acrobat handles this

    To update my own question since it might help others
    I received assistance through the Adobe support channels
    Not what I was hoping for but it clarifies the problem
    The reason I asked the question is that we don’t support Shared Review with an Authenticating Proxy server. So this customer workflow isn’t too far off the mark with having a proxy server authentication expectation in the standalone client and wanting a timestamp server time.   The only workaround to this behavior is to do exactly what they have found.  Launch an instance of Internet Explorer, authenticate against the proxy server and then sign the PDF file.

Maybe you are looking for