Switch AAA login authntication issue

Similar Messages

• Login "Loop" issue after upgrading to Leopard from Tiger-iBook G4

  Hi Guys,
  I've the same login "loop" issue as described in *Apple KB article #306965* only on an iBook G4, unfortunately the solution offered in the KB article does not help.
  There is one slight variant being that the user desktop appears for a second or two after the blue screen following login before it returns (loops) to the login window. It happens on all (2) user accounts.
  The interesting thing is it doesn't occur on either account when booting in 'safe mode'.
  Apart from deleting these accounts and saving/transferring the data are there any other ideas, suggestions or solutions?
  Regards,
  BB

  Did a clean install, cloned the HD with SuperDuper and then used Mig. Asst. to restore data back to the original HD. All now OK.
  A & I was done in the initial upgrade from Tiger.
  Cheers,
  BB

• TS1702 PinUploader App installation stalls on iPad2 so I can't open it or delete it.  Error message is "fixed login (forbidden) issue! iPhone 5 support!

  How do I delete an App that is stalled in installing mode?  I can't open it or delete it.  Message reads, "fixed login (forbidden) issue!  iPhone 5 support!  Please advise.

  Try a reset: Simultaneously hold down the Home and On buttons until the device shuts down. Ignore the off slider if it appears. Once shut down is complete, if it doesn't restart on it own, turn the device back on using the On button. In some cases it also helps to double click the Home button and close all apps from the tray before doing the reset.

• AAA login authentication methods

  Hello guys,
  I've noticed a strange behaviour with AAA authentication login.
  My AAA configuration for login authentication is: aaa authentication login default group tacacs+ local
  No tacacs server exists, but username and password in local database does. Indeed everything works fine when I log in: aaa authentication login default group tacacs+ local line none
  The problem comes up when I add to the method list line and none authentication methods.
  In this case, when I log into the switch (via console for example), and I'm asked for username, there is no validation of the username, I mean to say, I can put whatever username and been granted access.
  Conclusion: According to my aaa authentication list, method line or none should not be used unless tacacs and local are not available. In this case, local method is available and should fail so login should be rejected, but it jumps to the next method, finally giving access.
  Is this a bug in AAA? or am I misunderstanding something.
  Thanks a lot.

  Only exec-timeout command, so it applies the default list defined by aaa.
  When I remove the none, authentication fails. I've debugged AAA authentication and shows:
  User Access Verification
  Username:
  Jul  5 18:16:48.329 METDST: AAA/BIND(00000035): Bind i/f 
  Jul  5 18:16:49.493 METDST: AAA/AUTHEN/LOGIN (00000035): Pick method list 'default' adsf
  Jul  5 18:16:56.382 METDST: AAA/AUTHEN/LINE(00000035): FAIL - Line password not found
  % Authentication failed
  Username:
  Local authentication method is being bypassed.
  If I configure a password under line con 0, I've access regardless of the username, so no local authentication is being enforced as well.
  Thanks.

• A bit of a Login password issue

  When running OSX from my HD in optical bay, all is OK
  When running OSX from my internal SSD, the same password I used to login, is not accepted when:
  the system asks for password, example when installing a program or changing preferences, or when switching users (quick user switch window or other areas when password is asked for.
  I have OSX 10.8.4 on HD & SSD (user files point back to home folder on HD)
  A previous similar set up I had to this (HD+SSD on express port) did not have any issues.
  For a better explaination of issue with pictures, please pdf go Here > cheers.
  Any ideas, appreaciated. Im a creative type not a hacker type.

  When the computer isn't accepting the password, especially the password you know to be correct its hard to say exactly why that would be happening. I've had password problems alot in my meanderings, and its always very frustrating. I just want all of my products to work, and to accept the passwords that I have created. I can't really remember my first password, or even what it was for; probably a school computer I would imagine. I took a few computer classes in the 7th grade, it was there that I learned computer aided drafting. It was also there that I learned that I didn't like computer aided drafting. I guess I'm just not that kind of a person. I've been through a few different jobs in my life time, some good some bad; all of them an adventure in themselves.

• AAA accounting strange issue

  hi guys , i m facing this strange problem kindly check the config below
  aaa new-model
  aaa authentication login default group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa accounting update periodic 1
  aaa accounting exec default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+
  aaa session-id common
  tacacs-server host x.x.x.x key abcdse
  ip tacacs source-interface fas 0/0
  now everything was working fine but a strange issue has been arrised, when i check the tacacs administration report it just shows me log upto 4 rows and no more !!! like see if i have done this configuration on router
  config t
  int lo 0
  ip add 20.0.0.1 255.0.0.0
  int lo 1
  ip add 30.0.0.1 255.0.0.0
  now when i check the accouting report ( administration report ) it just shows me the first 4 commands
  config t
  int lo 0
  ip add 20.0.0.1 255.0.0.0
  int lo 1
  thats it !!! why is this so ?? any 1 has any idea why is this happening
  thanks

  I would use the following:
  aaa accounting exec default start-stop group tacacs+
  aaa accounting commands 0 default start-stop group tacacs+
  aaa accounting commands 1 default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+
  aaa accounting network default start-stop group tacacs+
  aaa accounting connection default start-stop group tacacs+
  aaa accounting system default start-stop group tacacs+
  aaa accounting resource default start-stop group tacacs+
  aaa accounting resource default start-stop group tacacs+
  CCIE Security

• Switching to Arch: Outstanding issue w/ printing

  I've spent the last six months or so switching to Arch and intel (from OS X/Debian and ppc). I did think I was getting there but I've got stuck on some issues which seem small in some ways but are really problematic given the kind of work I need to do. Part of the problem is that I don't know where to start trying to diagnose or solve them.
  I currently have three such issues. One has to do with getting my internal mic to work in usable fashion. The second is to do with the use of external monitors (e.g. for LCD projection). The third is the one which is really, really problematic. When it really matters, I can use one of the university's windows boxes for the mic. And the external monitor is manageable because it works and only causes issues on disconnect. But the third I have no work around for and I'm getting kind of desperate.
  Generally speaking, printing works fine. My machine is set up to use a number of different printers: a Dell networked printer on my home LAN, an HP in my office via USB and another HP via USB in another office I work in. Printing is generally fast and good quality.
  There are two problems. First, printing periodically gets "stuck" and the only way to get it unstuck is to kill all jobs in the queue, disconnect the printer, switch the printer off and then restart, reconnect and reprint everything. Even this is not impossible. I can get everything printed - it is just a question of figuring out what hasn't printed and remembering to recheck everything each time the printer stalls.
  Second, certain documents print so slowly that it is, in practice, impossible to actually print them. I'm not sure what is special about these documents. Usually this happens with PDF files but it is certainly not all PDF files. It affects any which contain graphics but it also affects a lot which do not. Other PDFs print extremely fast.
  For example, I am currently trying to print a PDF version of a paper. The job was sent at 18:42:37 BST. It is now 19:16 BST and it has so far managed to print 6 sides (3 pages). I'm printing it from acroread because it refused to print at all from Okular or the command line. This particular PDF is an older JSTOR file and these often seem to be affected. Recent stuff from JSTOR prints fine but older archives do not.
  pdfinfo for the file gives:
  Producer: iText 2.0.1 (by lowagie.com)
  CreationDate: Tue Dec 4 07:13:41 2007
  ModDate: Tue Dec 4 07:13:41 2007
  Tagged: yes
  Pages: 16
  Encrypted: no
  Page size: 595 x 842 pts (A4)
  File size: 339426 bytes
  Optimized: no
  PDF version: 1.4
  pdffonts:
  name type emb sub uni object ID
  Helvetica Type 1 no no no 134 0
  DRRZGT+Code2000 CID TrueType yes yes yes 135 0
  Times-Roman Type 1 no no no 140 0
  Times-Italic Type 1 no no no 141 0
  Times-Bold Type 1 no no no 6 0
  acroread's properties for the document suggests that the non-embedded fonts are being substituted. For example, Arial MT is being used in place of Helvetica and Times New Roman PS MT is being substituted for Times.
  Here's the command being run from ps:
  hp-LaserJet-1320-series 410 <username> A9ROojFUrV 1 Duplex=DuplexNoTumble finishings=3 noHPBookletBackCover noHPBookletFilter HPBookletPageOrder=Normal HPBookletPageSize=A4 HPBookletScaling=Proportional HPEconoMode=PrinterDefault HPOption_PaperPolicy=PromptUser HPOption_Tray2 noHPOption_Tray3 noHPStraightPaperPath InputSlot=Auto InstalledMemory=16_31MB noManualFeed media=A4 MediaType=Unspecified number-up=1 PageRegion=A4 PageSize=A4 Resolution=1200dpi sides=two-sided-long-edge Smoothing=PrinterDefault job-uuid=urn:uuid:18b2396b-4dca-38bc-561d-a85b5fc4d85d job-originating-host-name=localhost time-at-creation=1336758157 time-at-processing=1336758157 /var/spool/cups/d00410-001
  Any sort of insight or suggestion will be gratefully received and I am more than happy to post further information if somebody tells me what is relevant. I've enabled debugging info in CUPS but I'm not sure what might be of interest and there is a lot of output.
  I'm looking for, ideally, a solution which will allow me to just print (preferably solving both problems but at least the second). A second best outcome would be some sort of work around which would allow me to convert these files or something and then print them. (But convert to what?) Failing either of those, I am definitely interested in knowing what I might read, inspect or experiment with.
  Given that printing other files works just fine, there must be something about how CUPS is handling files with some particular characteristics, mustn't there? I just have no idea which characteristics of the files are relevant or what it is doing. "I didn't manage to read the/your paper because Linux doesn't like older PDFs" just doesn't sound like a good excuse...
  Last edited by cfr (2012-05-11 18:34:07)

  ewaller wrote:@cfr:  Which interface are you using?
  Do you mean am I using cups or something else or do you mean to configure the printers or something else?
  I usually use the web interface to configure the printers for cups. I'm using the "recommended" HP drivers for the HP printers (and I think I'm using a proprietary ppd for the Dell printer from Dell but I use that printer much less than the others and not for printing these sorts of files).
  I see the same problem with an HP LaserJet 1320 and a P3010 series (I think it is a 3015).
  I discovered that if I switch to a gutenprint driver things are better for at least some JSTOR files on the 1320 but I still have issues. For some reason, it doesn't then want to print the last page (no matter how many pages there are) and this driver can only print at 600dpi and has fewer options. The printer is waiting for more data but cups thinks everything has been sent successfully. If I resend the last page to the printer, I then get two copies but one prints much later than the other. I assume this is another way in which something to do with the spooling or the way that cups sends data to the printer is going wrong and maybe connected with why printers get "stuck". Aside from the slowness issue there is definitely something not quite right about the communication between computer and printer. It is as though cups has two speeds: super quick (spools so fast the printer can't keep up); and super slow.
  I've tried printing problematic PDFs from at least Okular, acroread and using lp on the command line.
  I don't understand how the suggestion concerning converting them to png is supposed to work. Do you convert each page to a separate png file? I guess you could script it but it still seems like a convoluted process. (And I assume it rules out double-sided printing.)

• Satellite A300D-15B - Switched off and charging issue

  Hi
  I have a Satellite A300D-15B, running Windows 7 32bit, which bought quite recently used. I have encountered a couple of problems which I hope someone can help me with!
  Firstly, the day I got the machine, it switched suddenly, but turned back on immediately and seemed to be ok. Afterwards, 3 weeks later (saturday 2nd July) I was installing some software when I got a virus warning from AGV, within a few moments the machine again turned off suddenly. Unfortuanetly this time it would not turn back on and the charge/AC supply lights would not come on. After doing some research I found that disconnecting the BIOS battery and dissipating the power enabled me to turn the machine on. Is there any known issues which could be causing this?
  Secondly, once I had got the laptop to turn on after the sudden shutdown on staurday, I have found the charger still wont register as being plugged in unless i use the folling procedure.
  1) diconnect the mains fuse cable from the transformer block
  2) remove the battery
  3) plug in the DC jack
  4) reconnect the mains cable to the transformer which causes the mains light on the laptop to turn on.
  5) reconnect the battery
  The laptop then charges normally, I am using it to write this post.
  I have to use this process everytime the machine is unplugged from the the mains or charger, which is irritating and also a worry that there could be big problems on the horizon.
  Any help would be hugely appreciated.
  cheers
  John

  Hi
  I upgraded it to 7, the first time it shut down was the first time it was switched on after the recovery disc had been used. Could that be an out of date driver on original settings? Then upgrading to 7 giving similar problems?
  I upgraded to 7 not a fresh install, which I never usually do.
  The charger is a genuine unit not a 3rd party, I won't use them as I've had issues in the past. I'm just concerned it's a mainboard problem given the shutdown and subsequent strange charging behaviour. Do these have EEPROM's in the chargers and maybe clearing the CMOS has caused a recognition problem?
  Cheers
  J

• SSL VPN Login failure issue

  Hello,
  I am having an issue with some users trying to login to our SSL VPN (Anyconnect) via ASA5505 8.2(1).  Authentication is done via AD.  From the same computer, the client finds the DNS name and unlocks the login username and password.  When I enter a username and password and click connect, it is instantly rejected with login failure with the following event log:
  Function: ConnectMgr::setPromptAttributes
  File: .\ConnectMgr.cpp
  Line: 2657
  Invoked Function: setPromptAttributes
  Return Code: -33554423 (0xFE000009)
  Description: GLOBAL_ERROR_UNEXPECTED
  Error text:
  Login failed.
  If I change the user account to another user (from the same PC), login works perfectly fine - this is only happening with 3 or 4 users - I have compared the user accounts of a failing account and a successful account and they are identical in AD. 
  This has been driving me crazy - as a work around for the failing users, I just created a temporary account which works perfectly fine.  The request doesn't even seem to hit the ASA (there is nothing in the logs that show a failed attempt).  Still troubleshooting and looking at certificate's at this point.  Any help/suggestions would be greatly appreciated!!  Thanks.
  Regards.
  After a little more testing, seems somehow related to users being in to many groups in AD.      
  Message was edited by: Rich Viola

  Hello,
  If the website is unavailable or in this case, the website is missing several characters(charts, canvas, etc or some other objects), usually could be an issue with the rewrite engine.
  Solution (workaround):
  You may use smart tunnel for this website, so the rewrite engine will not override any content, and it will display the website as it should.
  You can implement it as follow:
  Add a Bookmark
  Bookmark for the service and clicking the Enable Smart Tunnel option in the Add or Edit Bookmark dialog box.
  For further information you can find it here:
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/webvpn.html#wp1272236
  Let me know how tit works out!
  Please don't forget to rate and mark as correct the helpful Post!
  David Castro,
  Regards,

• SOAP Web Service +  Custom Login Module issue

  Hi Guys,
  We faced an authentication issue in our project. Could you please give any advice how the issue could be resolved.
  Environment: A simple SOAP Web Service on top of POJO class created in a Web Application. The web application deployed to the SAP NetWeaver 7.10 Application Server in the Enterprise Application Archive.
  Configuration:
        Single Service Administration Application(NetWeaver Administration -> SOA Management -> Application and Scenario Communication -> Single Service Administration)
         The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
      Authentication Application(NetWeaver Administration-> Configuration Management->Security->Authentication)
        The application(<vendorName>/<earName>*<vendor>~<webAppName>) has Authentication Stack configured to use our custom login module.
  Issue:  BasicPasswordLoginModule used by the J2EE when we are trying to execute the web service using Web Service Navigator(checked in debug mode). It seems that we missed something in configuration.
  Idea: The main Idea is to use our custom login module when we are executing a web service.
  Could you help me to resolve the issue.
  Thanks,
  Dmitry
  Edited by: Dmitry Eidin on Jul 17, 2009 3:46 PM

  > The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
  That's the point.

• Login Form Issue

  Dear All,
  I am new to forms i am trying to login with some user name and password when i pressed button it successfully works. But when it comes to invalid password for particular user it is not working. I wrote below code in when button press trigger
  DECLARE
       UNAME VARCHAR2(20);
       ULEVEL VARCHAR2(5);
       USTAT VARCHAR2(2);
       UPASS VARCHAR2(15);
  BEGIN
       IF :USER_TABLE.USER_NAME IS NULL THEN
            MESSAGE('USER NAME CAN NOT BE NULL');
                 MESSAGE('USER NAME CAN NOT BE NULL');
            RAISE FORM_TRIGGER_FAILURE;
            GO_ITEM(:USER_TABLE.USER_NAME);
       END IF;
            IF :USER_TABLE.USER_PASS IS NULL THEN
            MESSAGE('PASWORD CAN NOT BE NULL');
                 MESSAGE('PASWORD CAN NOT BE NULL');
            RAISE FORM_TRIGGER_FAILURE;
            GO_ITEM(:USER_TABLE.USER_PASS);
            END IF;
            SELECT USER_NAME,USER_LEVEL,ACTIVE_STATUS,USER_PASS INTO
            UNAME,ULEVEL,USTAT,UPASS FROM USER_TABLE WHERE
            USER_TABLE.USER_NAME=:USER_TABLE.USER_NAME
            AND USER_TABLE.USER_PASS=:USER_TABLE.USER_PASS;
            :GLOBAL.GUSER:=UNAME;
            :GLOBAL.GLEVEL:=USTAT;
            IF USTAT='A' THEN
                 NEW_FORM('WELCOME');
            END IF;
            IF USTAT='I' THEN
                 MESSAGE('ACCOUNT BLOCK CONTACT ADMIN');
                 MESSAGE('ACCOUNT BLOCK CONTACT ADMIN');
                 RAISE FORM_TRIGGER_FAILURE;
            END IF;
            EXCEPTION
                 WHEN OTHERS THEN
       IF :USER_TABLE.USER_NAME<> UNAME OR :USER_TABLE.USER_PASS<> UPASS THEN
            IF :USER_TABLE.USER_NAME<> UNAME THEN
                      MESSAGE('USER NAME INVALID');
                      MESSAGE('USER NAME INVALID');
                           CLEAR_FORM(NO_VALIDATE);
                           GO_ITEM(:USER_TABLE.USER_NAME);
                           RAISE FORM_TRIGGER_FAILURE;
            END IF;
            IF :USER_TABLE.USER_NAME=UNAME AND :USER_TABLE.USER_PASS<>UPASS THEN
                           MESSAGE('PASSWORD INVALID');
                      MESSAGE('PASSWORD INVALID');
                           CLEAR_FORM(NO_VALIDATE);
                                GO_ITEM(:USER_TABLE.USER_PASS);
                           RAISE FORM_TRIGGER_FAILURE;
            END IF;
            END IF;
       END;
  When user enter his correct user name and 'INCORRECT PASSWORD' then message should appear which says 'invalid password'
  I am also having one more issue with this form when user successfully login then this message appears 'DO YOU WANT TO SAVE THE CHANGES THAT YOU HAVE MADE?' I want to remove this message when user successfully login.
  Waiting for your reply.
  Thanks in Advance.
  Please help me.

  'DO YOU WANT TO SAVE THE CHANGES THAT YOU HAVE MADE?' I want to remove this message when user successfully login.It looks like you have based this block on table USER_TABLE. So, when a user enters username and password in the items, you are actually entering a new record in this table. You should not base this block on a table, but make it a control block.
  IF :USER_TABLE.USER_NAME=UNAME AND :USER_TABLE.USER_PASSUPASS THEN
  MESSAGE('PASSWORD INVALID');
  MESSAGE('PASSWORD INVALID');What is USER_PASSUPASS? It's never defined.

• Login page issue

  Hi,
  When I  open a webpage , NAC login page does not display or hit. I have enabled the login page in CAM, I dont have DNS server in this setup.
  Folllowing things i have done :-
        1, Trunk link to Untrusted Port of CAS allowed only Authentication vlan(eg 9)
        2, Trunk Link to Trusted Port of cas allowed only Access vlans and management Vlan of CAS.(99,218)
        3,
                 eth0: IP is 10.10.10.252
                    DG:10.10.10.1(ip address of SVI218)
                 eth1:-ip is 1.1.1.1
                    DG:1.1.1.2 ( there is no SVI with tis ip address)
        3, Added CAS to CAM with L2OOB  Virtual Gateway and configured managed Subnet and Vlan mapping.
        4, Enabled user login page in CAM.
        5, Switch management :-SNMP configuration on CAM and Switch( working fine)
  I used to type CAS management ip address in Address bar of Internet Explorer from Untrusted side, but no responds . any thing im missing ???

  Dear Faisal,
  many thanks for your responds
  I am getting ip address from DHCP on client (authentication vlan9, access vlan99 and ip address got from dhcp is 10.10.99.11). when we assign same subnet ip address for eth0 and eth1(OOB virtual gatway), we will loose access to CAS. We can have same subnet ip addresses, if CAS in IB virtual gateway. i have configured following things in Manged subnet and Vlan mapping.
  Managed subnet :-
       ip address    :10.10.99.4
       subnetmask : 255.255.255.0
       vlan             : 9
  Vlan Mapping:-
         Vlan mapping is enabled
               Untrusted vlan:- 9
               Trusted Vlan  :- 99
  Thanks & Regards,
  Fahad Salim.

• Oracle E-Business R12 (12.1.1) Login Assistant issue

  Dear Friends
  We have issue in Oracle E-BusienssR12 with login assistant, it is not sending the password reset emails to user, how can we resolve this issue.
  thanks

  Hi;
  yep solvedThanks for sharing solution and its nice to hear issue solved ;) If your issue has been solved; please change thread status to answered if it possible, it pretend to lose time of other forums user while they are searching open question which is not answered,thanks for understanding
  Regard
  Helios

• Windows 7 Enterprise login performance issue RODC site

  Hi, 
  We are deploying windows 7 enterprise to all our computers in our domain and we didn't have any performance issue on any site with Full DC. Now we are facing a problem with our multiple sites with RODC but only with new deployed windows 7 (WinXp is not having
  this slow login problem). The problem is very strange. Whatever a user start a session on a desktop or laptop with Windows 7, wireless or cabled, when the user enter his credential and press the "validation arrow" next to the password nothing happen
  (well it look like nothing happen). After 5 to 10 minutes at this logon screen, we finally see the logon process start applying domain policy, preparing the desktop etc etc and this take less then 10 seconds but remember, we just wait 5 to 10 minutes until
  the computer process the "process my log in" botton. Sometime, the CTRL+ALT+DEL screen come back and when we press them we got nothing, we have to wait for the "logon" to occur before doing anything else with the computer.
  I've looked to many way to solve this but for now nothing worked.   

  Hi,
  Sorry for my dilatory reply. How about using a same user account  to log on XP computer? Will it logon fast?
  Have you tried to add a user account into Allowed RODC Password Replication Group for test? This problem probably caused by the password authentication problem In RODC host.
  For further investigation, you can try to use Network Manitor at RODC host to capture package of client machine authenticate to a domain controller.
  The blog about Understanding "Read Only Domain Controller" authentication
  may be helpful.
  After the above steps, We can narrow the cause of this problem.
  If problem persists, this problem may caused by Windows 7 Client performance. Generally speaking, the problem like this most probably caused by sercurity application problem. You can try to disable or uninstall security application temportaily for test.
  If there is any progress, please feel free let us know.
  Roger Lu
  TechNet Community Support

• NIS authentication from login window issues?

  Hi,
  I've a bunch of new iMacs that arrived this week, and I'm trying to get them integrated into our existing network, using NFS mounted /home and NIS for authentication, but I'm have some issues ...
  NFS mounting: no problem, this works just fine, and is mounted on boot
  NIS: this is where I start having issues, ypwhich shows the correct server, ypcat passwd can get the passwd from remotely and shows everything, and I can login using ssh or even sudo to an NIS user without any issues, HOWEVER, I can't login from the login window, I just get the window doing its little shake showing an authentication failure, and nothing seems to show up in the log files to indicate what the problem may be.
  Anyone got any further ideas as to what to check? I have a number of older macs that are able to do this fine, just the newly arrived ones are having these problems

  Did you tell the system to authenticate against NIS?
  Just because you're bound to a directory server, that doesn't mean you'll automatically use that server for logins.
  Check Directory Access -> Authentication and make sure your NIS configuration is listed in the directories used for authentication.
  The order of entries here is important, too. They're following in a top-down fashion until the first match is found. This means that if you have a user 'joe' in the local domain, an Open Directory server and in NIS and you're checking in that order, it will authenticate the user against the local account and the Open Directory account before it checks NIS, and if the username is found in one of those two options it won't query the NIS server at all.