Sg300 - 802.1x NPS - mac authentication not working

Similar Messages

• I have an iMac with OS Lion. The Smartart feature for Office for Mac will not work when I am logged on to my personal user account. It works with other user accounts on the same computer, and it works after "safe start". How can I fix the problem?

  The Smartart feature of Office for Mac will not work in my user account. It works for all other user accounts on the same computer, and it works after a "safe start". How can I fix the problem?

  You may also want to search/ask in the forums run by the people who make the product which is causing you problems:
  http://answers.microsoft.com/en-us/mac/forum/macoffice2011

• [svn] 1720: Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints .

  Revision: 1720
  Author: [email protected]
  Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
  Log Message:
  Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
  QA: Yes
  Doc: No
  Details:
  Update to the TomcatLoginCommand to work correctly with NIO endpoints.
  Ticket Links:
  http://bugs.adobe.com/jira/browse/LCDS-304
  Modified Paths:
  blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. java

  Revision: 1720
  Author: [email protected]
  Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
  Log Message:
  Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
  QA: Yes
  Doc: No
  Details:
  Update to the TomcatLoginCommand to work correctly with NIO endpoints.
  Ticket Links:
  http://bugs.adobe.com/jira/browse/LCDS-304
  Modified Paths:
  blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. java

• Accidentally removed from,sharing and permissions the admin user,and now i do not when i find the home icon at my computer i do not have permmission,and the mac does not works properly,lots of question mark at the dock ,please help

  accidentally removed from,sharing and permissions the admin user,and now i do not when i find the home icon at my computer i do not have permmission,and the mac does not works properly,lots of question mark at the dock ,please help

  I'm going to assume that since you deleted your hard drive and all its files, you had a backup, yes? If the backup has an OS (bootable clone), then you can boot into it by holding down the option key when you start up you iMac and choose the backup drive. Then use Carbon Copy Cloner or Super Duper to copy the files back to your iMac.

• My photo booth in mac in not working for many days so please give me any suggestion to solve that problem......

  My photo booth in mac in not working for many days so please give me any suggestion to solve that problem......
  And my Airplort utility does't catch any other wireless devices please provide help....

  fubar

• Serial Number for CS5.5 Production Premium that I received for Mac download not working for Windows

  My ProductionPremium CS5.5 serial number for my Mac is not working when I download and install ProductionPremium CS5.5 on my windows machine. Do I need to deinstall on my mac or get another serial number issued?

  This is expected. Serial numbers are platform specific and platform swaps only apply to current versions. You need to upgrade to CS6 and make the switch.
  Mylenium

• Lion - 2004 MS Office for Mac will not work

  My 2004 version of Microsoft Office for Mac will not work in Lion. I suspect because this is a PowerPC application. My question is this:
  Is there any program out there which will map the PowerPC to an Intel format? Other than trying to seel more products, I am surprised that Apple does not supply a mapping program for products made by Microsoft for the Apple devices.

  Eric, can you tell me where please? It's not mentioned on the Lion compatibility pages at all. (http://www.apple.com/uk/macosx/what-is/compatibility.html) nor on the 'how to upgrade' page (http://www.apple.com/uk/macosx/how-to-buy/)

• TS1381 My "t" button on my MAC is not working.. what should i do?

  My "t" button on my MAC is not working.. what should i do?

  I think you'll have to replace the KB...
  http://www.google.com/search?client=safari&rls=en&q=ifixit+macbook+keyboard&ie=U TF-8&oe=UTF-8

• HT204032 Why find my Mac does not work in powernap?

  FInd my Mac does not work in powernap mode even though I enabled it energy preferences to work while on battery power.
  ANy ideas?

  "I think Find My Mac is not one of the features claimed to work in Power Nap."
  Yes it is.
  Please see the link at top of this page.
  "Find My Mac. Locate a lost Mac notebook even when it’s sleeping."

• Wireless with PEAP Authentication not working using new NPS server

  All,
  We are planning to migrate from our old IAS server to new NPS server. We are testing the new NPS server with our wireless infrastructure using WISM. We are using PEAP with server Cert for authentication. For testing purpose we are doing user authentication but our goal is to do machine authentication. On client side we are using Windows XP, Windows 7 & iPAD’s
  I believe I have configured the NPS & CA server as per the documents I found on Cisco support forum & Microsoft’s site.
  But it is not working for me. I am getting the following error message on the NPS server.
  Error # 1
  =======
  Cryptographic operation.
  Subject:
              Security ID:                 SYSTEM
              Account Name:                       MADXXX
              Account Domain:                    AD
              Logon ID:                    0x3e7
  Cryptographic Parameters:
              Provider Name:          Microsoft Software Key Storage Provider
              Algorithm Name:         RSA
              Key Name:      XXX-Wireless-NPS
              Key Type:       Machine key.
  Cryptographic Operation:
              Operation:       Decrypt.
              Return Code:  0x80090010
  Error # 2
  ======
  An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
  I was wondering if anyone has any insight on what is going on.
  Thanks, Ds

  Scott,
  I have disabled MS-CHAP v1 & only MS-CHAP v2 is enabled on Network Policies > Constraints.
  I  disabled validate Certificate on Windows 7 and tried to authenticate, it is still failing. Here is the output from the event viewer:
  Cryptographic operation.
  Subject:
  Security ID: SYSTEM
  Account Name: MADHFSVNPSPI01$
  Account Domain: AD
  Logon ID: 0x3e7
  Cryptographic Parameters:
  Provider Name: Microsoft Software Key Storage Provider
  Algorithm Name: RSA
  Key Name: DOT-Wireless-NPS
  Key Type: Machine key.
  Cryptographic Operation:
  Operation: Decrypt.
  Return Code: 0x80090010
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
  Security ID: AD\mscdzs
  Account Name: AD\mscdzs
  Account Domain: AD
  Fully Qualified Account Name: AD\mscdzs
  Client Machine:
  Security ID: NULL SID
  Account Name: -
  Fully Qualified Account Name: -
  OS-Version: -
  Called Station Identifier: 64-ae-0c-00-de-f0:DOT
  Calling Station Identifier: a0-88-b4-e2-79-cc
  NAS:
  NAS IPv4 Address: 130.47.128.7
  NAS IPv6 Address: -
  NAS Identifier: WISM2B
  NAS Port-Type: Wireless - IEEE 802.11
  NAS Port: 29
  RADIUS Client:
  Client Friendly Name: WISM2B
  Client IP Address: 130.47.128.7
  Authentication Details:
  Connection Request Policy Name: Secure Wireless Connections
  Network Policy Name: Secure Wireless Connections
  Authentication Provider: Windows
  Authentication Server: MADHFSVNPSPI01.AD.DOT.STATE.WI.US
  Authentication Type: PEAP
  EAP Type: -
  Account Session Identifier: -
  Logging Results: Accounting information was written to the local log file.
  Reason Code: 23
  Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
  Attached are EAP logs & debug logs from the controller.
  Thanks for all the help. I really appreciate.

• 802.1x port authentication not working

  I am having some troubles figuring out what is going on here. I am trying to setup 802.1x port based authentication to assign clients to VLANs. I inherited this mess and its been a long time since I have used this. I ran a wireshark on my Radius server and I see no packets even coming from my switch IP address when I plug into a port (I verified communication because pings come up in my trace)
  Switch info:
  sw-ConfB>sho ver
  Cisco IOS Software, C2960C Software (C2960c405-UNIVERSALK9-M), Version 12.2(55)EX3, RELEASE SOFTWARE (fc2)
  Port config:
  interface FastEthernet0/11
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  Radius Server Info:
  radius-server host 10.0.1.52 auth-port 1645 acct-port 1646 key 802.1x!
  Kinda lost why not Radius packet even comes from the switch. Any tips?

  sw-ConfB#sho ru
  Building configuration...
  Current configuration : 6301 bytes
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname sw-ConfB
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$3QAC$puzutRpCI5zR3Xv55xBVH0
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa session-id common
  system mtu routing 1500
  crypto pki trustpoint TP-self-signed-706182400
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-706182400
   revocation-check none
   rsakeypair TP-self-signed-706182400
  crypto pki certificate chain TP-self-signed-706182400
   certificate self-signed 01
    3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 37303631 38323430 30301E17 0D393330 33303130 30303430
    365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3730 36313832
    34303030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    C72AE421 F5BF8C62 7C9E14C1 E73686FB 67DD760A 0C6C790D 935143A0 8DD96CC8
    D14A11C1 D16F9583 AE3B591E 68581049 1C837110 1B1C0398 BDE81C86 3F80CD45
    E55EBE76 73B9F7AB 5F14CBD5 2BD38330 E1B4FA92 32490A66 CE0BE135 9B695D97
    BF7C04FB 2999CF98 2336E82C 559A89C1 7F4E2948 1D73EBD4 236E4DD9 4D8675AB
    02030100 01A36930 67300F06 03551D13 0101FF04 05300301 01FF3014 0603551D
    11040D30 0B820973 772D436F 6E66422E 301F0603 551D2304 18301680 14C35330
    A1D32EA5 C2A07CC9 B1B3CCDB EB93CAA7 02301D06 03551D0E 04160414 C35330A1
    D32EA5C2 A07CC9B1 B3CCDBEB 93CAA702 300D0609 2A864886 F70D0101 04050003
    8181002E FC217BF1 F9E6FBE1 B07270A6 79A57AA5 691A949D C61C00C2 09C1C3CA
    CA14EE07 60BA058E CFDCD8E7 19D83B68 5F06B92C 8612B396 B18BA823 C0E83021
    2EFD391E 06113246 5609E287 7883422A 0513AF6D 5BF03CDE 92786B1D 3E01284C
    1EE23296 12999C71 BE8A5BEA 4B768F7E 6EB63E05 B71AF375 7FB72B98 7665BF45 D14622
    quit
  dot1x system-auth-control
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  interface FastEthernet0/1
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/2
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/3
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/4
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/5
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/6
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/7
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/8
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/9
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/10
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/11
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface FastEthernet0/12
   switchport access vlan 900
   switchport mode access
   authentication event fail action authorize vlan 900
   authentication event no-response action authorize vlan 900
   authentication port-control auto
   dot1x pae authenticator
   dot1x timeout tx-period 5
  interface GigabitEthernet0/1
   switchport trunk native vlan 200
   switchport trunk allowed vlan 100,200,900
   switchport mode trunk
  interface GigabitEthernet0/2
   switchport access vlan 100
   switchport mode access
  interface Vlan1
   no ip address
  interface Vlan100
   ip address 10.0.1.3 255.255.255.0
  interface Vlan200
   ip address 10.0.2.4 255.255.255.0
  interface Vlan900
   ip address 10.0.9.4 255.255.255.0
  ip default-gateway 10.0.1.1
  ip http server
  ip http secure-server
  ip sla enable reaction-alerts
  radius-server host 10.0.1.52 auth-port 1645 acct-port 1646 key 802.1x!
  radius-server retransmit 5
  radius-server key secret
  radius-server vsa send authentication

• "Allow insecure authentication" not working on mac mail after upgrade to Yosimite

  I recently upgraded to the new Yosemite OS.  Since then, I have not been able to access my ISP's IMAP server. After spending time troubleshooting with the service provider, it seems that the "allow insecure authentication" feature is not working.  The password appears to be sent as a series of "*" which the server can not recognize and I fail the login. It is of note that I am still able to access this email account through my iPhone 4S with all the same settings and had no issues before the Yosimite upgrade. Is there anyway around this issue?

  I had the same problem. Rebooting the computer fixed the issue for me.

• Enabling 802.1x and MAC Authentication Bypass on ACS 4.2

  Hi experts,
  I have a few questions regarding 802.1x & MAC Authentication Bypass configured on ACS 4.2.
  i. Is it possible to configure MAC authentication + 802.1x on ACS 4.2 at the same time? Here is the scenario;
  Our company would like to enforce 'double authentication' on each staff machine (include those personal laptop/notebook). Each time the staff plugged into company's network, they will need to supply username & password in order to get access. After that, the ACS server will also check whether the user's MAC address is valid by checking against its own database. This MAC address is tied to the staff's user profile in ACS. If the login information supplied by the staff is valid but the MAC address of their machine is not match in ACS database, then the staff will not be able to gain access unless after notifying the administrator about it.
  ii. If it is possible, any reference that I can check on how to configure this?
  The reason why I need MAC authentication + 802.1x to be configured at ACS as most of our switches are not cisco based and only capable to support 802.1x.
  Hope anyone here could help me on this.
  Thanks very much,
  Daniel

  With ACS, you can setup NARs (or Network Access Restrictions) to permit/deny access based on IP/non-IP based filters (like MAC Addresses).
  Specific info is here:
  <http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008018494f.html#313>
  Hope this helps,

• Kerberos Authentication Not Working on OS X 10.6

  Using FF version 20.0, on OS X 10.6.8, I can not get it to use Kerberos authentication to allow SSO to a SharePoint web site.
  On OS X 10.8, with the same configuration in the about:config, everything works fine - the user is not prompted for credentials.
  I have put the necessary entires in network.negotiate-auth.delegation-uris and network.automatic-ntlm-auth.trusted-uris, network.negotiate-auth.gsslib is set to true.
  When I have setup to log the errors from the authentication module, I find in the log file "Fail to load gssapi library".
  Interestingly on 10.8, when I start Firefox from the command line the Kerberos authentication does not work. When I start it via the icon, it does. What is the difference? Are the preferences not being loaded when launching via the command line?
  Thanks for any help,
  Richard

  Found the solution:
  Was a combination of kinit being run on login (apparently a known 10.6 bug). Our Mac team were able to alter the appropriate plist file so that this does happen on login.
  We also had to add an extra SPN for the actual server, as well as the DNS name of the SharePoint site we were trying to access with Kerberos authentication - although this may have something to do with using host-named site collections at the SharePoint end.
  Main problem was the kinit thing though.

• Upgrade to IOS and ACS authentication not working

  Hi. I have just upgraded my 1200AP to IOS Version 12.2(11)JA1. I am using LEAP with MAC address auth in the ACS (version 3.0). I cannot get onto LAN though. Error on ACS failed auth report says 'User Access Filtered' even though the MAC of the card is in there. I can still authenticate with AP's that are still at old version though. A debug on IOS AP shows that the ACS is replying with a FAIL auth after LEAP negotiation and the ACS interestingly gives the failed MAC address as AAAA.BBBB.CCCC (note dots between) making me think that the AP is sending it in that format instead of AAAABBBBCCCC. I cannot add the MAC to the ACS in the dotted format as it is a 12 character string. Is this a format issue with the RADIUS passthru? Has anyone any idea why this is happening? Thanks for any help in advance.

  Just thought I would let you know that I have got the cause of this. This happens if MAC authentication is enabled in the ACS. Once I turned that off it worked again. I think it is due to a format error in the data sent from ap to acs.