WAP561 RADIUS Authentication - deauthenticated constantly
Hi,
We have two WAP561 devices as a cluster and they authenticate wireless users from Windows 2008 server based RADIUS. We are seeing some strange logs from these access points.
Has anyone got any idea why there is such errors? The client in case cannot authenticate for a while, but when tried persistently, he/she can authenticate.
Sep 4 2014 14:2 3 hostapd[1203] trying to update accounting statistics, station ... not found
Sep 4 2014 14:2 3 hostapd[1203] trying to deauthenticate to station ... , but not authenticated
Sep 4 2014 14:3 3 hostapd[1203] trying to update accounting statistics, station ... not found
Sep 4 2014 14:3 3 hostapd[1203] trying to deauthenticate to station ... , but not authenticated
Sep 4 2014 14:4 3 hostapd[1203] trying to update accounting statistics, station ... not found
Sep 4 2014 14:4 3 hostapd[1203] trying to deauthenticate to station ... , but not authenticated
Thanks,
My name Eric Moyers. I am an Engineer in the Small Business Support Center.
I am sorry to hear that you are experiencing this issue.
From wording of your post, it sounds like it is only Apple products that are having this issue. Is that a fair understanding?
Please call our support center and open a case so that one of our engineers can work directly with you. When you get a case number please re-post it here or send me an email with it. (you can find my email by mousing over my picture)
Once we get you a case number I can work with that engineer to come to a resolution for you. Most of the engineers know who I am and how to contact me.
Eric Moyers
.:|:.:|:. CISCO | Eric Moyers | Cisco Technical Support |
Wireless and Surveillance Subject Matter Expert
Please rate helpful Posts and Let others know when your Question has been answered.
Similar Messages
-
ACS 5.3 Radius authentication with ASA and DACL
Hi,
I am trying to do Radius authentication on the ACS 5.3 for VPN access (cisco client) using a downloadable ACL with AD identity
Clients are connecting to an ASA 5510 with image asa843-K8.bin
I followed the configuration example on the Cisco site, but I am having some problems
First : AD identity is not triggered, I put a profile :
Status
Name
Conditions
Results
Hit Count
NDG:Location
Time And Date
AD1:memberOf
Authorization Profiles
1
TestVPNDACL
-ANY-
-ANY-
equals Network Admin
TEST DACL
0
But if I am getting no hits on it, Default Access is being used (Permit Access)
So I tried putting the DACL in the default profile, but when connecting I am immediately disconnected.
I can see the DACL/ASA being authenticated in the ACS log but no success
I am using my user which is member of the Network Admin Group.
Am I missing something?
Any help greatly appreciated!
WimHello Stephen,
As per the IP Pools feature, the ACS 5.x does not include such functionality. It is not on the ACS 5.x roadmap either as the recommended scenario would be to use a dedicated DHCP server.
ACS 4.x included that functionality, however, it was not the best solution as the ACS returned the IP Address value as a RADIUS Attribute instead of acting as a real DCHP server.
As per the IMEI and MISDN I am assuming you are referring to International Mobile Equipment Identity and Mobile Subscriber ISDN. Correct me if I am wrong.
In that case it seems that the ACS 5.x should be able to Allow or Deny access based on Radius Attribute 30 (Called-Station-Id) and 31 (Calling-Station-Id).
In that case you might want to use the End-Station Filters feature and use it as the condition for the Rule. The End-Station Filter feature uses CLI/DNIS where CLI is Radius Attribute 31 and DNIS is Attribute 30.
I am assuming a Generic Username will be embedded on the devices request. In that case you will define which end-user devices will be granted access based on the above attributes.
Here is a snapshot of the section: -
ASA , Cisco VPN client with RADIUS authentication
Hi,
I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
Thank you.
Kind regards,
AlexHi Alex,
It is working as it should.
You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
thanks
John -
VPN 3000 and Radius authentication/authorization
hello.
I have to configure RADIUS authentication
with a VPN 3000 concentrator.
I'm completely new with this product
(the concentrator).
It seems that, if I want to perform authentication
of username and password with Radius, then I also have to download the entire VPN configuration from the same Radius, using the attibute set loaded with the appropriate dictionary.
am I rigth with this supposition?
I mean: should be possible to authenticate only an username and password externally on RADIUS, while continuing to mantain the user (or group) VPN configuration locally in the concentrator?
thank you.
DavideNo, downloading the entire VPN configuration from the RADIUS server is not necessary. If you are new to configuring VPN's on concentrators or the Concentrator iself, having a look at the support page will be agood idea. It is accessible at http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Hardware:Cisco_VPN_3000_Concentrator
-
Local Radius Authentication - Fails
Hello all,
Access Point 1230AG (c1200-k9w7-mx.123-2.JA)
Client Adapter ABG (PCI)
I am new to Wireless Lan configuration with Aironet products (first project). I am configuring an Access Point for a small LAN and i can not get local radius authentication working. The password always fails if I try:
test aaa group radius xxxxx port 1812 new-code
although the password is matching..........
another thing is that in the configuration, it always defaults to 'nthash' mode. is this normal? in other words if i type:
radius-server local
user dgarnett password xxxx
when i do a 'show run' it displays as
user xxxx
I also get the following during a debug:
There is no RADIUS DB Some Radius attributes may not be stored
any help greatly appreciated
ap#test aaa group radius dgarnett 123456789 port 1812 new-code
Trying to authenticate with Servergroup radius
User rejected
ap#
Feb 19 20:57:44.535: RADIUS(00000000): Config NAS IP: 10.14.14.14
Feb 19 20:57:44.535: RADIUS(00000000): Config NAS IP: 10.14.14.14
Feb 19 20:57:44.535: RADIUS(00000000): sending
Feb 19 20:57:44.535: RADIUS(00000000): Send Access-Request to 10.14.14.14:1812 id 21645/14, len 64
Feb 19 20:57:44.535: RADIUS: authenticator 9C C4 E8 64 80 8B 64 8A - E7 5F 0A 64 14 2F 5D B6
Feb 19 20:57:44.536: RADIUS: User-Password [2] 18 *
Feb 19 20:57:44.536: RADIUS: User-Name [1] 10 "dgarnett"
Feb 19 20:57:44.536: RADIUS: Service-Type [6] 6 Login [1]
Feb 19 20:57:44.536: RADIUS: NAS-IP-Address [4] 6 10.14.14.14
Feb 19 20:57:44.536: RADIUS: Nas-Identifier [32] 4 "ap"
Feb 19 20:57:44.537: RADSRV: Client dgarnett password failed
Feb 19 20:57:44.537: RADIUS: Received from id 21645/14 10.14.14.14:1812, Access-Reject, len 88
Feb 19 20:57:44.538: RADIUS: authenticator 3C B3 9A 7F 61 27 3A A6 - 84 39 B6 DF 22 DF 45 26
Feb 19 20:57:44.538: RADIUS: State [24] 50
Feb 19 20:57:44.538: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
Feb 19 20:57:44.539: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
Feb 19 20:57:44.539: RADIUS: 6B 7C 18 EA F0 20 A4 E5 B1 28 0E BD 57 61 24 9A [k|??? ???(??Wa$?]
Feb 19 20:57:44.539: RADIUS: Message-Authenticato[80] 18 *
Feb 19 20:57:44.539: RADIUS(00000000): Received from id 21645/14
Feb 19 20:57:44.539: RADIUS(00000000): Unique id not in use
Feb 19 20:57:44.540: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be storedJust as an update.......I set this up authenticating to an external (ACSNT) Radius server and it authenticates successfully. But still will not for the local dbase. My goal is to use the Corporate ACS as primary and the local as backup. I think my problem has to do with the Radius attributes 24 (State) and 80 (Message Auth). I also think that it points back to the NTHash stuff. Please advise as I am not new security practices and wireless, but I am new to Cisco Wireless networking.
-
MacBook Pro will not connect to RADIUS authenticated SSID
We are having problems with MacBook Pros and a MacBook Air not connecting to our wireless network. We have successfully connected hundreds of iPads and multiple other machines. All of the non-working machines are running OS X 10.9.5. The MacBook Air is brand new.
We have a centrally managed wireless system made by Avaya. The SSID they are trying to connect to is protected by a password and RADIUS authentication. The SSID is called KT_MAC.
A typical scenario looks like this:
I add the device's MAC address to the RADIUS server (add it to the MAC OU in AD and add it to the MACAuth group)
I attempt to connect to the KT_MAC SSID
I am prompted for the password, which I type in
Sometimes it connects on the first try, but usually it doesn't. It will say something along the lines of Unable to join KT_MAC network or something.
I then attempt to connect to the KT_MAC SSID again
I am prompted for the password again, which I type in again
It generally connects on this second attempt but not always.
We have tried resetting the PRAM as well as deleting the saved profiles from each machine. Any guidance you can provide would be appreciated. Thank you.
Here is the wifi.log from one of the affected MacBook Pros:
Wed Apr 16 06:45:25.344 ***Starting Up***
Wed Apr 16 06:45:38.389 <airportd[79]> airportdProcessDLILEvent: en1 attached (down)
Wed Apr 16 06:45:39.056 <airportd[79]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Apr 16 10:40:37.435 ***Starting Up***
Wed Apr 16 10:40:53.769 <airportd[79]> airportdProcessDLILEvent: en1 attached (down)
Wed Apr 16 10:40:53.786 <airportd[79]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Apr 16 10:44:46.113 ***Starting Up***
Wed Apr 16 10:44:46.130 <airportd[61]> airportdProcessDLILEvent: en1 attached (up)
Thu Apr 17 09:20:53.884 ***Starting Up***
Thu Apr 17 09:21:09.766 <airportd[79]> airportdProcessDLILEvent: en1 attached (down)
Thu Apr 17 09:21:09.794 <airportd[79]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Apr 17 09:25:11.200 ***Starting Up***
Thu Apr 17 09:25:11.223 <airportd[62]> airportdProcessDLILEvent: en1 attached (up)
Fri Jun 6 09:31:42.478 ***Starting Up***
Fri Jun 6 09:31:58.966 <airportd[80]> airportdProcessDLILEvent: en1 attached (down)
Fri Jun 6 09:31:59.026 <airportd[80]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Fri Jun 6 09:36:06.250 ***Starting Up***
Fri Jun 6 09:36:06.270 <airportd[62]> airportdProcessDLILEvent: en1 attached (up)
Fri Jun 6 09:45:40.827 ***Starting Up***
Fri Jun 6 09:45:41.100 <airportd[64]> airportdProcessDLILEvent: en1 attached (up)
Thu Aug 7 14:07:36.331 ***Starting Up***
Thu Aug 7 14:07:51.354 <airportd[79]> airportdProcessDLILEvent: en1 attached (down)
Thu Aug 7 14:07:51.362 <airportd[79]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Aug 7 14:09:52.852 ***Starting Up***
Thu Aug 7 14:09:52.863 <airportd[65]> airportdProcessDLILEvent: en1 attached (up)
Thu Aug 7 14:18:27.352 ***Starting Up***
Thu Aug 7 14:18:27.478 <airportd[64]> airportdProcessDLILEvent: en1 attached (up)
Wed Aug 13 10:08:40.677 ***Starting Up***
Wed Aug 13 10:08:54.747 <airportd[79]> airportdProcessDLILEvent: en1 attached (down)
Wed Aug 13 10:08:54.775 <airportd[79]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 13 10:11:16.001 ***Starting Up***
Wed Aug 13 10:11:16.019 <airportd[65]> airportdProcessDLILEvent: en1 attached (up)
Wed Aug 13 10:36:42.311 <airportd[65]> _processSystemPSKAssoc: No password for network <CWNetwork: 0x7fb319c0c600> [ssid=KT_MAC, bssid=cc:f9:54:9c:0c:95, security=WPA/WPA2 Personal, rssi=-48, channel=<CWChannel: 0x7fb319c0be20> [channelNumber=11(2GHz), channelWidth={20MHz}], ibss=0] in the system keychain
Wed Aug 13 10:37:06.172 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:37:06.319 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:42:28.162 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:42:28.927 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:46:15.069 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:55:15.558 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 10:55:48.574 ***Starting Up***
Wed Aug 13 10:55:48.607 <airportd[65]> airportdProcessDLILEvent: en1 attached (up)
Wed Aug 13 10:57:06.316 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 11:01:36.170 <airportd[65]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 11:02:08.821 ***Starting Up***
Wed Aug 13 11:02:08.860 <airportd[66]> airportdProcessDLILEvent: en1 attached (up)
Wed Aug 13 11:03:30.508 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 11:51:20.003 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 11:51:21.436 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 11:51:28.110 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:19:51.335 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:19:51.881 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:20:42.635 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:24:03.774 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:24:04.289 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:24:13.201 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:28:39.658 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:28:40.139 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:29:19.235 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:30:30.152 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:30:30.639 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:30:39.280 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:41:45.386 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:41:45.870 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:42:01.343 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:45:19.733 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:45:20.322 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:46:21.947 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:46:46.015 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:46:46.938 <airportd[66]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:47:23.876 ***Starting Up***
Wed Aug 13 14:47:23.980 <airportd[76]> airportdProcessDLILEvent: en1 attached (down)
Wed Aug 13 14:47:30.166 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:47:49.006 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:50:45.857 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:50:46.733 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:50:53.301 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:53:50.650 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:53:51.139 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:53:55.950 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:54:04.344 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:54:04.890 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 14:54:10.672 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 15:29:37.354 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 15:29:37.949 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 13 15:29:43.381 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:45:08.606 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:45:09.095 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:45:15.685 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:52:36.817 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:52:37.317 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 07:52:43.699 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 10:35:31.857 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 10:35:32.343 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 10:35:37.513 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 14 15:14:58.070 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 20 09:02:37.988 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 09:04:16.526 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 20 13:38:15.045 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 13:42:00.449 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 13:42:00.947 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 13:42:06.664 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:00.054 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:00.467 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:05.892 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:12.064 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:12.709 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:17.467 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:26.654 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:27.140 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:32.104 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:38.083 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:38.597 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:19:44.561 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:20:58.990 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 20 14:20:59.540 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:48:48.223 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:51:31.070 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:51:31.627 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:51:44.224 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:55:39.838 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:55:40.309 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:55:48.012 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:10.669 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:11.170 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:16.734 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:38.283 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:38.782 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:56:43.755 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:57:27.425 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 07:57:27.862 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:00:35.541 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:07:15.263 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:07:20.996 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:07:35.210 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:08:08.856 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:08:09.394 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 11:09:40.498 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:00:57.796 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:00:58.388 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:01:09.718 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:02:10.320 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:02:10.841 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 14:02:16.251 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 21 15:19:57.730 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Aug 21 17:20:21.212 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Tue Aug 26 09:40:29.421 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Aug 26 09:40:31.018 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Aug 26 09:40:39.112 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Aug 26 12:33:17.002 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 27 11:19:57.907 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 27 13:39:45.540 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:39:49.983 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:39:51.109 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:40:03.295 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:40:24.889 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:40:25.379 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:40:25.412 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 13:43:14.013 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 14:00:05.235 <airportd[76]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Aug 27 14:39:41.454 <airportd[76]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Aug 27 14:40:24.778 ***Starting Up***
Wed Aug 27 14:40:24.962 <airportd[74]> airportdProcessDLILEvent: en1 attached (up)
Wed Aug 27 16:19:03.698 <airportd[74]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Aug 28 08:46:43.526 <airportd[74]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 10:17:27.689 <airportd[74]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Aug 28 11:28:30.790 <airportd[74]> _handleLinkEvent: Got an error trying to query WiFi for power. Resetting state variables.
Thu Aug 28 11:29:13.259 <airportd[74]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:29:44.661 ***Starting Up***
Thu Aug 28 11:29:45.001 <airportd[69]> airportdProcessDLILEvent: en1 attached (up)
Thu Aug 28 11:30:36.331 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:46:38.432 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:46:39.745 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:46:47.701 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:57:42.197 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:57:42.769 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 11:58:11.783 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Aug 28 14:20:25.408 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 14:24:19.381 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 14:24:19.850 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Aug 28 14:24:31.421 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Fri Aug 29 14:56:26.295 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:22:35.627 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:22:36.623 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:22:55.827 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:02.069 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:02.769 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:09.667 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:16.290 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:16.963 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:23:22.575 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:25:26.678 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:25:27.200 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:25:32.201 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:13.725 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:14.253 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:20.486 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:42.304 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:42.817 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:26:47.337 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:27:16.340 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:27:16.796 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:27:23.720 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:29:15.644 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:29:16.061 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Aug 29 15:29:18.938 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Sep 3 09:35:54.553 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 09:35:55.902 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 09:36:02.003 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 10:16:04.232 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 10:16:05.097 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 10:16:11.571 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:23:20.719 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:23:41.332 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:23:42.272 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:24:19.455 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:24:26.410 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:24:56.452 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:25:01.587 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 3 11:25:01.710 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 08:07:04.320 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 08:07:05.150 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 09:30:29.203 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:37:43.025 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:37:43.637 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:39:31.062 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:42:25.933 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:42:26.467 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 4 15:42:34.515 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Fri Sep 5 07:50:25.167 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Sep 5 07:50:25.648 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Fri Sep 5 07:50:42.279 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Fri Sep 5 11:54:40.981 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Sep 10 08:41:58.791 <airportd[69]> _handleLinkEvent: Got an error trying to query WiFi for power. Resetting state variables.
Thu Sep 11 10:07:01.271 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Sep 17 15:36:49.049 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 17 16:01:44.231 <airportd[69]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Thu Sep 18 08:56:41.771 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 18 08:56:43.081 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 18 08:56:43.186 <airportd[69]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Thu Sep 18 09:00:32.568 ***Starting Up***
Thu Sep 18 09:00:33.214 <airportd[64]> airportdProcessDLILEvent: en1 attached (up)
Mon Sep 22 09:22:24.363 <airportd[64]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Mon Sep 22 09:22:32.890 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Sep 23 14:41:33.196 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Sep 23 14:45:22.840 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Sep 23 14:45:23.438 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Sep 23 14:45:32.513 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 14:30:58.274 <airportd[64]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Wed Sep 24 14:56:26.902 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 14:57:33.995 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 14:57:34.531 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 14:57:34.646 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 15:39:07.563 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 15:40:16.183 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 15:40:16.637 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Wed Sep 24 15:40:43.234 <airportd[64]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Fri Oct 3 07:41:49.370 <airportd[64]> _handleLinkEvent: WiFi is not powered. Resetting state variables.
Tue Oct 7 07:54:00.397 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 08:10:14.340 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 08:10:15.306 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 08:10:21.639 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 09:04:53.718 <airportd[64]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 09:05:55.913 ***Starting Up***
Tue Oct 7 09:05:55.937 <airportd[63]> airportdProcessDLILEvent: en1 attached (down)
Tue Oct 7 09:08:48.018 <kernel> IO80211ScanManager::startScanMultiple: Scan request received from 'airportd' (pid 63) (2 SSIDs, 0 BSSIDs).
Tue Oct 7 09:08:48.018 <kernel> IO80211ScanManager::startScanMultiple: Initiating scan.
Tue Oct 7 09:08:48.323 <airportd[63]> userOnConsole: user: physed
Tue Oct 7 09:08:48.323 <airportd[63]> __startAutoJoinForInterface_block_invoke: AUTOJOIN: Already in progress for interface en1 in wake context 0.
Tue Oct 7 09:08:48.437 <airportd[63]> userOnConsole: user: physed
Tue Oct 7 09:08:48.437 <airportd[63]> __startAutoJoinForInterface_block_invoke: AUTOJOIN: Already in progress for interface en1 in wake context 0.
Tue Oct 7 09:08:48.870 <kernel> IO80211ScanManager::startScan: Broadcast scan request received from 'locationd' (pid 41) ().
Tue Oct 7 09:08:48.870 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'airportd' (pid 63).
Tue Oct 7 09:08:48.871 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'locationd' (pid 41).
Tue Oct 7 09:08:48.881 <airportd[63]> matchAndJoinNetworkListAgainstScanResults: matched with SSID “KT_MAC”
Tue Oct 7 09:08:48.881 <airportd[63]> _doAssociate: network: “KT_MAC”, systemMode: 1, userOnConsole: 1
Tue Oct 7 09:08:48.888 <airportd[63]> _doAssociate: Successfully pulled the password from the keychain. Now trying to associate.
Tue Oct 7 09:08:48.920 <airportd[63]> _handleNewMessage: Received XPC message, event = ASSOC_EVENT, pid = 63
Tue Oct 7 09:08:48.921 <airportd[63]> associate: INFO: airportd associate: network=<CWNetwork: 0x7fb243510a20> [ssid=KT_MAC, bssid=cc:f9:54:9c:0c:95, security=WPA/WPA2 Personal, rssi=-46, channel=<CWChannel: 0x7fb2435157d0> [channelNumber=1(2GHz), channelWidth={20MHz}], ibss=0], is8021X=0, remember=1
Tue Oct 7 09:08:48.930 <airportd[63]> associate: INFO: Checking if admin authorization is required
Tue Oct 7 09:08:48.936 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/CachedScanRecord' 'State:/Network/Interface/en1/AirPort/Power Status' }
Tue Oct 7 09:08:48.936 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:48.936 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:48.936 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Busy' }
Tue Oct 7 09:08:48.936 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:48.937 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/CHANNEL' 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' }
Tue Oct 7 09:08:48.937 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:48.937 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:48.982 <kernel> parseRSNIE: groupCipherType = 3 pairwiseCipherType = 5 authSel = 2
Tue Oct 7 09:08:48.982 <kernel> initWithInterfaceAndIE: _myMacAddress 2c:be:08:eb:fc:9e
Tue Oct 7 09:08:48.982 <kernel> setPMK: PMK SET!
Tue Oct 7 09:08:48.988 <airportd[63]> _p2pSupEventCallback: APPLE80211_M_LINK_CHANGED
Tue Oct 7 09:08:48.988 <airportd[63]> _p2pSupEventCallback: Primary interface link marked up
Tue Oct 7 09:08:48.988 <airportd[63]> _p2pSupEventCallback: New channel = 36 (flags=0x214)
Tue Oct 7 09:08:48.988 <airportd[63]> _bsd_80211_event_callback: LINK_CHANGED (en1)
Tue Oct 7 09:08:48.988 <airportd[63]> airportdProcessDriverEvent: link changed
Tue Oct 7 09:08:48.993 <airportd[63]> _bsd_80211_event_callback: SSID_CHANGED (en1)
Tue Oct 7 09:08:48.993 <airportd[63]> _bsd_80211_event_callback: BSSID_CHANGED (en1)
Tue Oct 7 09:08:48.993 <airportd[63]> _p2pSupEventCallback: APPLE80211_M_BSSID_CHANGED
Tue Oct 7 09:08:48.993 <airportd[63]> __AirPortOpportunisticRoamBSSIDChanged: <en1> BSSID Change Event old <CC:F9:54:9C:0C:85>, new <CC:F9:54:9C:0C:85>reset Opp Roam to <-2147483648>
Tue Oct 7 09:08:48.993 <airportd[63]> _bsd_80211_event_callback: Frequency Band updated <2>
Tue Oct 7 09:08:48.993 <airportd[63]> BluetoothCoexHandleUpdateForNode: <en1> Handle Bluetooth Coex: FrequencyBand <2>, Bluetooth Bandwidth Utilization <0>, Clamshell Mode <0>
Tue Oct 7 09:08:48.993 <airportd[63]> BluetoothCoexModeSet: <en1> already set to BT Coex mode 'Off', do not perform APPLE80211_IOC_BTCOEX_MODE
Tue Oct 7 09:08:48.993 <airportd[63]> BluetoothCoexSettingPerChainTransmitPowerOffsets: Per TX Chain Power Offset Control (
Tue Oct 7 09:08:48.993 0,
Tue Oct 7 09:08:48.993 0,
Tue Oct 7 09:08:48.993 0
Tue Oct 7 09:08:48.993 )
Tue Oct 7 09:08:48.996 <kernel> en1: Received EAPOL packet (length = 113)
Tue Oct 7 09:08:48.996 <kernel> inputEAPOLFrame: 0 extra bytes present in EAPOL frame.
Tue Oct 7 09:08:48.996 <kernel> inputEAPOLFrame: Received message 1 of 4
Tue Oct 7 09:08:48.996 <kernel> FULL RSN IE FOUND:
Tue Oct 7 09:08:48.996 [00000000] 30 18 01 00 00 0F AC 02 02 00 00 0F AC 04 00 0F AC 02 01 00 00 0F AC 02 0C 00
Tue Oct 7 09:08:48.996 <kernel> storeFullRSNIE: getAP_IE_LIST returned 0
Tue Oct 7 09:08:48.996 <kernel> PMK:
Tue Oct 7 09:08:48.996 [00000000] 61 35 71 AB 2C F6 AF 24 23 06 8D C5 1E 5F 75 88 0A B9 72 A4 5E 05 BA F2 54 A5 2E 64 0E 2F
Tue Oct 7 09:08:48.996 [0000001E] F1 E3
Tue Oct 7 09:08:48.996 <kernel> TPTK:
Tue Oct 7 09:08:48.996 [00000000] 35 38 A9 BA 8C C2 A7 E2 8B FF 84 0B AC 62 21 01 E8 7C 00 CB 0C 64 36 C7 17 F7 BD 4A 20 1C
Tue Oct 7 09:08:48.996 [0000001E] 59 9E 58 DC 8C 88 BF 46 31 43 7F 3D 63 07 BC E4 2D B8 B9 4D AA D7 D0 AB 2F CB 49 F0 CB F7
Tue Oct 7 09:08:48.996 [0000003C] B5 D1 85 CC
Tue Oct 7 09:08:48.996 <kernel> KEY MIC:
Tue Oct 7 09:08:48.996 [00000000] 47 E1 FD 97 16 21 0F 8F BE 93 08 63 65 E7 83 50
Tue Oct 7 09:08:48.996 <kernel> process1of4: sending replyPacket 135 bytes
Tue Oct 7 09:08:48.996 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Power Status' 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' 'State:/Network/Interface/en1/AirPort/Busy' }
Tue Oct 7 09:08:48.997 <kernel> en1: Received EAPOL packet (length = 217)
Tue Oct 7 09:08:48.997 <kernel> inputEAPOLFrame: 0 extra bytes present in EAPOL frame.
Tue Oct 7 09:08:48.997 <kernel> inputEAPOLFrame: decrypting key data
Tue Oct 7 09:08:48.997 <kernel> inputEAPOLFrame: Received message 3 of 4
Tue Oct 7 09:08:48.997 <kernel> process3of4: Performing IE check.
Tue Oct 7 09:08:48.997 <kernel> process3of4: sending replyPacket ( len = 113 ).
Tue Oct 7 09:08:48.997 <kernel> process3of4: received pairwise GTK
Tue Oct 7 09:08:48.997 <kernel> ptkThread: Sleeping!
Tue Oct 7 09:08:48.997 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID' 'State:/Network/Interface/en1/AirPort/CachedScanRecord' 'State:/Network/Interface/en1/AirPort/SSID_STR' }
Tue Oct 7 09:08:48.999 <kernel> ptkThread: Installing PTK!
Tue Oct 7 09:08:48.999 <kernel> PTK:
Tue Oct 7 09:08:48.999 [00000000] 58 DC 8C 88 BF 46 31 43 7F 3D 63 07 BC E4 2D B8
Tue Oct 7 09:08:48.999 <kernel> ptkThread: Installing GTK!
Tue Oct 7 09:08:48.999 <kernel> installGTK: setting cipher key (flags = 0x0)
Tue Oct 7 09:08:49.000 <kernel> RSC:
Tue Oct 7 09:08:49.000 [00000000] 22 0B 1F 01 00 00
Tue Oct 7 09:08:49.000 <kernel> GTK:
Tue Oct 7 09:08:49.000 [00000000] 12 64 92 29 99 8D 4C 8A D2 D5 CC E5 5B CB B7 09 96 6B 53 F9 88 F4 C7 B7 71 72 DD 88 F1 EB
Tue Oct 7 09:08:49.000 [0000001E] 0C FC
Tue Oct 7 09:08:49.000 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/CHANNEL' }
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessDriverEvent: SSID changed
Tue Oct 7 09:08:49.000 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/BSSID' }
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessDriverEvent: BSSID changed
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID'
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:49.000 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID_STR'
Tue Oct 7 09:08:49.001 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:49.001 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/BSSID'
Tue Oct 7 09:08:49.028 <airportd[63]> _bsd_80211_event_callback: LINK_QUALITY (en1)
Tue Oct 7 09:08:49.103 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Power Status' 'State:/Network/Interface/en1/AirPort/UserMode8021X' }
Tue Oct 7 09:08:49.103 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:49.104 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/UserMode8021X'
Tue Oct 7 09:08:49.105 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' }
Tue Oct 7 09:08:49.105 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:49.109 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Busy' 'State:/Network/Interface/en1/AirPort/SSID' 'State:/Network/Interface/en1/AirPort/CachedScanRecord' }
Tue Oct 7 09:08:49.110 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:49.110 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID'
Tue Oct 7 09:08:49.110 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:49.110 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID_STR' 'State:/Network/Interface/en1/AirPort/CHANNEL' }
Tue Oct 7 09:08:49.110 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID_STR'
Tue Oct 7 09:08:49.110 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:49.110 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/BSSID' }
Tue Oct 7 09:08:49.111 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/BSSID'
Tue Oct 7 09:08:49.112 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEPOpenSystem' }
Tue Oct 7 09:08:49.112 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEPOpenSystem'
Tue Oct 7 09:08:49.112 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEP40' }
Tue Oct 7 09:08:49.113 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEP40'
Tue Oct 7 09:08:49.383 <airportd[63]> userOnConsole: user: physed
Tue Oct 7 09:08:49.383 <airportd[63]> __startAutoJoinForInterface_block_invoke: AUTOJOIN: Already in progress for interface en1 in wake context 0.
Tue Oct 7 09:08:49.394 <kernel> IO80211ScanManager::startScan: Broadcast scan request received from 'airportd' (pid 63) ().
Tue Oct 7 09:08:49.395 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'airportd' (pid 63).
Tue Oct 7 09:08:49.512 <kernel> IO80211ScanManager::startScan: Broadcast scan request received from 'airportd' (pid 63) ().
Tue Oct 7 09:08:49.513 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'airportd' (pid 63).
Tue Oct 7 09:08:49.522 <airportd[63]> _doAssociate: assocError (0)
Tue Oct 7 09:08:49.522 <airportd[63]> matchAndJoinNetworkListAgainstScanResults: successfully associated to “KT_MAC”
Tue Oct 7 09:08:49.527 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Power Status' 'State:/Network/Interface/en1/AirPort/UserMode8021X' }
Tue Oct 7 09:08:49.527 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:49.527 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/UserMode8021X'
Tue Oct 7 09:08:49.528 <kernel> IO80211ScanManager::startScan: Broadcast scan request received from 'SystemUIServer' (pid 167) ().
Tue Oct 7 09:08:49.528 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' 'State:/Network/Interface/en1/AirPort/WEPOpenSystem' }
Tue Oct 7 09:08:49.529 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:49.530 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEPOpenSystem'
Tue Oct 7 09:08:49.530 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'SystemUIServer' (pid 167).
Tue Oct 7 09:08:49.530 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEP40' }
Tue Oct 7 09:08:49.532 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEP40'
Tue Oct 7 09:08:49.532 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Busy' }
Tue Oct 7 09:08:49.532 <airportd[63]> interfaceBusyStateChanged: Busy state for en1 changed to not busy. gSystemSleeping = 0, gMaintenanceWake = 0
Tue Oct 7 09:08:49.532 <airportd[63]> _updateInterfaceBusySetting: Disabling P2P scan suppress
Tue Oct 7 09:08:49.532 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:49.534 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID' 'State:/Network/Interface/en1/AirPort/CachedScanRecord' 'State:/Network/Interface/en1/AirPort/SSID_STR' 'State:/Network/Interface/en1/AirPort/CHANNEL' }
Tue Oct 7 09:08:49.534 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID'
Tue Oct 7 09:08:49.534 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:49.534 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID_STR'
Tue Oct 7 09:08:49.534 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:49.534 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/BSSID' }
Tue Oct 7 09:08:49.534 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/BSSID'
Tue Oct 7 09:08:49.535 <airportd[63]> __startAutoJoinForInterface_block_invoke_2: exiting
Tue Oct 7 09:08:52.043 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Service/7916B194-D6E3-4D97-947E-70FBB10ECCED/DHCP' }
Tue Oct 7 09:08:52.043 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Service/7916B194-D6E3-4D97-947E-70FBB10ECCED/DHCP'
Tue Oct 7 09:08:52.043 <airportd[63]> _processDHCPChanges: State:/Network/Service/7916B194-D6E3-4D97-947E-70FBB10ECCED/DHCP
Tue Oct 7 09:08:52.043 <airportd[63]> _processDHCPChanges: DHCP airport_changed = 1
Tue Oct 7 09:08:52.044 <airportd[63]> _setDHCPMessage: dhcpInfoKey "State:/Network/Interface/en1/AirPort/DHCP Message" = (null)
Tue Oct 7 09:08:54.695 <kernel> IO80211ScanManager::startScanMultiple: Scan request received from 'SystemUIServer' (pid 167) (2 SSIDs, 0 BSSIDs).
Tue Oct 7 09:08:54.695 <kernel> IO80211ScanManager::startScanMultiple: Initiating scan.
Tue Oct 7 09:08:57.902 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'SystemUIServer' (pid 167).
Tue Oct 7 09:08:57.902 <kernel> IO80211ScanManager::startScan: Broadcast scan request received from 'locationd' (pid 41) ().
Tue Oct 7 09:08:57.903 <kernel> IO80211ScanManager::getScanResult: All scan results returned for 'locationd' (pid 41).
Tue Oct 7 09:08:58.788 <airportd[63]> _SC_callback: Changed keys = { 'Setup:/Network/Interface/en1/AirPort' }
Tue Oct 7 09:08:58.788 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'Setup:/Network/Interface/en1/AirPort'
Tue Oct 7 09:08:58.798 <airportd[63]> userOnConsole: user: physed
Tue Oct 7 09:08:58.798 <airportd[63]> __startAutoJoinForInterface_block_invoke_2: AUTOJOIN: Starting for interface en1 in wake context 0.
Tue Oct 7 09:08:58.802 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Power Status' 'State:/Network/Interface/en1/AirPort/UserMode8021X' 'State:/Network/Interface/en1/AirPort/BSSID' }
Tue Oct 7 09:08:58.802 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:58.802 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/UserMode8021X'
Tue Oct 7 09:08:58.802 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/BSSID'
Tue Oct 7 09:08:58.803 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' }
Tue Oct 7 09:08:58.803 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:58.805 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEPOpenSystem' 'State:/Network/Interface/en1/AirPort/CHANNEL' 'State:/Network/Interface/en1/AirPort/WEP40' }
Tue Oct 7 09:08:58.805 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEPOpenSystem'
Tue Oct 7 09:08:58.805 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:58.805 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEP40'
Tue Oct 7 09:08:58.808 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Busy' }
Tue Oct 7 09:08:58.808 <airportd[63]> interfaceBusyStateChanged: Busy state for en1 changed to busy. gSystemSleeping = 0, gMaintenanceWake = 0
Tue Oct 7 09:08:58.808 <airportd[63]> _updateInterfaceBusySetting: Enabling P2P scan suppress
Tue Oct 7 09:08:58.809 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:58.809 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID' 'State:/Network/Interface/en1/AirPort/CachedScanRecord' }
Tue Oct 7 09:08:58.809 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID'
Tue Oct 7 09:08:58.809 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:58.809 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID_STR' }
Tue Oct 7 09:08:58.809 <airportd[63]> _doAutoJoin: Wi-Fi supports multiple-directed scans
Tue Oct 7 09:08:58.809 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID_STR'
Tue Oct 7 09:08:58.809 <airportd[63]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 09:08:58.812 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Power Status' 'State:/Network/Interface/en1/AirPort/UserMode8021X' }
Tue Oct 7 09:08:58.812 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Power Status'
Tue Oct 7 09:08:58.812 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/UserMode8021X'
Tue Oct 7 09:08:58.812 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/BSSID' }
Tue Oct 7 09:08:58.812 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/BSSID'
Tue Oct 7 09:08:58.813 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID_STR' }
Tue Oct 7 09:08:58.813 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID_STR'
Tue Oct 7 09:08:58.814 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp' }
Tue Oct 7 09:08:58.814 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/AutoJoinTimestamp'
Tue Oct 7 09:08:58.815 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/CachedScanRecord' }
Tue Oct 7 09:08:58.815 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CachedScanRecord'
Tue Oct 7 09:08:58.816 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEPOpenSystem' }
Tue Oct 7 09:08:58.816 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEPOpenSystem'
Tue Oct 7 09:08:58.816 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/CHANNEL' }
Tue Oct 7 09:08:58.816 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/CHANNEL'
Tue Oct 7 09:08:58.817 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/WEP40' }
Tue Oct 7 09:08:58.817 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/WEP40'
Tue Oct 7 09:08:58.819 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/Busy' }
Tue Oct 7 09:08:58.819 <airportd[63]> __startAutoJoinForInterface_block_invoke_2: exiting
Tue Oct 7 09:08:58.819 <airportd[63]> interfaceBusyStateChanged: Busy state for en1 changed to not busy. gSystemSleeping = 0, gMaintenanceWake = 0
Tue Oct 7 09:08:58.819 <airportd[63]> _updateInterfaceBusySetting: Disabling P2P scan suppress
Tue Oct 7 09:08:58.819 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/Busy'
Tue Oct 7 09:08:58.819 <airportd[63]> _SC_callback: Changed keys = { 'State:/Network/Interface/en1/AirPort/SSID' }
Tue Oct 7 09:08:58.819 <airportd[63]> airportdProcessSystemConfigurationEvent: Processing 'State:/Network/Interface/en1/AirPort/SSID'
Tue Oct 7 09:08:58.995 <airportd[63]> _handleNewMessage: Received XPC message, event = DEBUG_FLAGS_EVENT, pid = 274
Tue Oct 7 09:08:59.037 <airportd[63]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.
Tue Oct 7 09:08:59.147 <airportd[63]> _doAutoJoin: Already associated to “KT_MAC”. Bailing on auto-join.Eventually ended up on the phone with an Apple Engineer through Educational Support. They reported to us there are known issues with some RADIUS connections and didn't have any solutions beyond installing the new version of OS X 10.10 Yosemite
We did install 10.10 on a spare machine and it did appear to solve the issue but was still in beta at the time. -
Radius authentication with ISE - wrong IP address
Hello,
We are using ISE for radius authentication. I have setup a new Cisco switch stack at one of our locations and setup the network device in ISE. Unfortunately, when trying to authenticate, the ISE logs show a failure of "Could not locate Network Device or AAA Client" The reason for this failure is the log shows it's coming from the wrong IP address. The IP address of the switch is 10.xxx.aaa.241, but the logs show it is 10.xxx.aaa.243. I have removed and re-added the radius configs on both ISE and the switch, but it still comes in as .243. There is another switch stack at that location (same model, IOS etc), that works properly.
The radius config on the switch:
aaa new-model
aaa authentication login default local
aaa authentication login Comm group radius local
aaa authentication enable default enable
aaa authorization exec default group radius if-authenticated
ip radius source-interface Vlanyy
radius server 10.xxx.yyy.zzz
address ipv4 10.xxx.yyy.zzz auth-port 1812 acct-port 1813
key 7 abcdefg
The log from ISE:
Overview
Event 5405 RADIUS Request dropped
Username
Endpoint Id
Endpoint Profile
Authorization Profile
Authentication Details
Source Timestamp 2014-07-30 08:48:51.923
Received Timestamp 2014-07-30 08:48:51.923
Policy Server ise
Event 5405 RADIUS Request dropped
Failure Reason 11007 Could not locate Network Device or AAA Client
Resolution Verify whether the Network Device or AAA client is configured in: Administration > Network Resources > Network Devices
Root cause Could not find the network device or the AAA Client while accessing NAS by IP during authentication.
Username
User Type
Endpoint Id
Endpoint Profile
IP Address
Identity Store
Identity Group
Audit Session Id
Authentication Method
Authentication Protocol
Service Type
Network Device
Device Type
Location
NAS IP Address 10.xxx.aaa.243
NAS Port Id tty2
NAS Port Type Virtual
Authorization Profile
Posture Status
Security Group
Response Time
Other Attributes
ConfigVersionId 107
Device Port 1645
DestinationPort 1812
Protocol Radius
NAS-Port 2
AcsSessionID ise1/186896437/1172639
Device IP Address 10.xxx.aaa.243
CiscoAVPair
Steps
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
11007 Could not locate Network Device or AAA Client
5405
As a test, I setup a device using the .243 address. While ISE claims it authenticates, it really doesn't. I have to use my local account to access the device.
Any advice on how to resolve this issue would be appreciated. Please let me know if more information is needed.Well from the debug I would say there may be an issue with the addressing of the radius server on the switch.
radius-server host 10.xxx.xxx.xxx key******** <--- Make sure this address and Key matches what you have in ISE PSN and that switch. Watch for spaces in your key at the begining or end of the string.
What interface should your switch be sending the radius request?
ip radius source-interface VlanXXX vrf default
Here is what my debug looks like when it is working correctly.
Aug 4 15:58:47 EST: RADIUS/ENCODE(00000265): ask "Password: "
Aug 4 15:58:47 EST: RADIUS/ENCODE(00000265):Orig. component type = EXEC
Aug 4 15:58:47 EST: RADIUS(00000265): Config NAS IP: 10.xxx.xxx.251
Aug 4 15:58:47 EST: RADIUS/ENCODE(00000265): acct_session_id: 613
Aug 4 15:58:47 EST: RADIUS(00000265): sending
Aug 4 15:58:47 EST: RADIUS(00000265): Send Access-Request to 10.xxx.xxx.35:1645 id 1645/110, len 104
Aug 4 15:58:47 EST: RADIUS: authenticator 97 FB CF 13 2E 6F 62 5D - 5B 10 1B BD BA EB C9 E3
Aug 4 15:58:47 EST: RADIUS: User-Name [1] 9 "admin"
Aug 4 15:58:47 EST: RADIUS: Reply-Message [18] 12
Aug 4 15:58:47 EST: RADIUS: 50 61 73 73 77 6F 72 64 3A 20 [ Password: ]
Aug 4 15:58:47 EST: RADIUS: User-Password [2] 18 *
Aug 4 15:58:47 EST: RADIUS: NAS-Port [5] 6 3
Aug 4 15:58:47 EST: RADIUS: NAS-Port-Id [87] 6 "tty3"
Aug 4 15:58:47 EST: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Aug 4 15:58:47 EST: RADIUS: Calling-Station-Id [31] 15 "10.xxx.xxx.100"
Aug 4 15:58:47 EST: RADIUS: Service-Type [6] 6 Login [1]
Aug 4 15:58:47 EST: RADIUS: NAS-IP-Address [4] 6 10.xxx.xxx.251
Aug 4 15:58:47 EST: RADIUS(00000265): Started 5 sec timeout
Aug 4 15:58:47 EST: RADIUS: Received from id 1645/110 10.xxx.xxx.35:1645, Access-Accept, len 127
Aug 4 15:58:47 EST: RADIUS: authenticator 1B 98 AB 4F B1 F4 81 41 - 3D E1 E9 DB 33 52 54 C1
Aug 4 15:58:47 EST: RADIUS: User-Name [1] 9 "admin"
Aug 4 15:58:47 EST: RADIUS: State [24] 40
Aug 4 15:58:47 EST: RADIUS: 52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 30 61 [ReauthSession:0a]
Aug 4 15:58:47 EST: RADIUS: 30 63 66 65 32 33 30 30 30 31 46 37 30 37 35 33 [0cfe230001F70753]
Aug 4 15:58:47 EST: RADIUS: 44 46 45 35 46 37 [ DFE5F7]
Aug 4 15:58:47 EST: RADIUS: Class [25] 58
Aug 4 15:58:47 EST: RADIUS: 43 41 43 53 3A 30 61 30 63 66 65 32 33 30 30 30 [CACS:0a0cfe23000]
Aug 4 15:58:47 EST: RADIUS: 31 46 37 30 37 35 33 44 46 45 35 46 37 3A 50 52 [1F70753DFE5F7:PR]
Aug 4 15:58:47 EST: RADIUS: 59 49 53 45 30 30 32 2F 31 39 33 37 39 34 36 39 [YISE002/19379469]
Aug 4 15:58:47 EST: RADIUS: 38 2F 32 30 36 33 31 36 [ 8/206316]
Aug 4 15:58:47 EST: RADIUS(00000265): Received from id 1645/110
---------------------------------------------------------------------------------------------------------------This is after I added the incorrect Radius server address.
Aug 4 16:05:19 EST: RADIUS/ENCODE(00000268): ask "Password: "
Aug 4 16:05:19 EST: RADIUS/ENCODE(00000268):Orig. component type = EXEC
Aug 4 16:05:19 EST: RADIUS(00000268): Config NAS IP: 10.xxx.xxx.251
Aug 4 16:05:19 EST: RADIUS/ENCODE(00000268): acct_session_id: 616
Aug 4 16:05:19 EST: RADIUS(00000268): sending
Aug 4 16:05:19 EST: RADIUS(00000268): Send Access-Request to 10.xxx.xxx.55:1645 id 1645/112, len 104
Aug 4 16:05:19 EST: RADIUS: authenticator FC 94 BA 5D 75 1F 84 08 - E0 56 05 3A 7F BC FB BB
Aug 4 16:05:19 EST: RADIUS: User-Name [1] 9 "admin"
Aug 4 16:05:19 EST: RADIUS: Reply-Message [18] 12
Aug 4 16:05:19 EST: RADIUS: 50 61 73 73 77 6F 72 64 3A 20 [ Password: ]
Aug 4 16:05:19 EST: RADIUS: User-Password [2] 18 *
Aug 4 16:05:19 EST: RADIUS: NAS-Port [5] 6 7
Aug 4 16:05:19 EST: RADIUS: NAS-Port-Id [87] 6 "tty7"
Aug 4 16:05:19 EST: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Aug 4 16:05:19 EST: RADIUS: Calling-Station-Id [31] 15 "10.xxx.xxx.100"
Aug 4 16:05:19 EST: RADIUS: Service-Type [6] 6 Login [1]
Aug 4 16:05:19 EST: RADIUS: NAS-IP-Address [4] 6 10.xxx.xxx.251
Aug 4 16:05:19 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:23 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:23 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:23 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:29 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:29 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:29 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:33 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:33 EST: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.xxx.xxx.55:1645,1646 is not responding.
Aug 4 16:05:33 EST: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.xxx.xxx.55:1645,1646 is being marked alive.
Aug 4 16:05:33 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:33 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:38 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:38 EST: RADIUS: Fail-over to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:38 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:43 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:43 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:43 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:48 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:48 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:48 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:53 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:53 EST: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.xxx.xxx.55:1645,1646 is not responding.
Aug 4 16:05:53 EST: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.xxx.xxx.55:1645,1646 is being marked alive.
Aug 4 16:05:53 EST: RADIUS: Retransmit to (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:53 EST: RADIUS(00000268): Started 5 sec timeout
Aug 4 16:05:57 EST: RADIUS(00000268): Request timed out
Aug 4 16:05:57 EST: RADIUS: No response from (10.xxx.xxx.55:1645,1646) for id 1645/112
Aug 4 16:05:57 EST: RADIUS/DECODE: parse response no app start; FAIL
Aug 4 16:05:57 EST: RADIUS/DECODE: parse response; FAIL
This is a default template I use for all my devices routers or switches hope it helps. I have two PSN's that is why we have two radius-server host commands..
aaa authentication login vty group radius local enable
aaa authentication login con group radius local enable
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting system default start-stop group radius
ip radius source-interface VlanXXX vrf default
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 30 tries 3
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646 key *********
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646 key *********
radius-server vsa send accounting
radius-server vsa send authentication
You can use this in the switch to test radius
test aaa group radius server 10.xxx.xxx.xxx <username> <password> -
BBSM and RADIUS Authenticated Session Limits
I have setup a BBSM System with RADIUS authentication, the authentication traffic is passed to a seperate RSA Box to authenticate user using fobs and everything works fine.
My question is how do I limited the time a user can have a onnection to the BBSM without having to re-authenticationIf you are using the 'Access Code' pageset, when the 'Stop Date and Time' of the Access
Code is reached, all currently connected users who have used that Access Code, are
disconnected.
When you define an Access Code, you define a 'Start Date and Time' and a 'Stop Date and
Time' for the Access Code. All users who have Connected by using that Access Code will be disconnected when that Date/Time is reached.
Please refer to
http://www.cisco.com/en/US/products/sw/netmgtsw/ps533/products_user_guide_ch
apter09186a0080192294.html#1038530
for more information on Access Codes.
HTH,
-Joe -
CSS - Radius authentication problem
Hi,
for a customer we need to configure Radius authentication working like this:
- CSS administrator login to device at user level
- then switch to "enable" mode using a superuser level account.
First login to CSS with a Radius account at user level works fine, but (after enable command) the login at superuser level doesn't work neighter with Radius account nor with local superuser account.
Ver.: 08.10.4.01
This is the configuration:
radius-server primary 10.113.212.17 secret XXX auth-port 1645
radius-server source-interface 10.113.212.32
sntp primary-server 10.113.205.1 version 3
date european-date
radius-server secondary 10.113.197.24 secret XXX auth-port 1645
radius-server dead-time 15
radius-server retransmit 15
radius-server timeout 15
virtual authentication primary radius
virtual authentication secondary local
username ZZZ des-password ZZZ superuser
Any idea?
Thanks in advance.is your server correctly configured as described at :
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/security/guide/Radius.html#wp1108380
"From the Group Settings section of the Cisco Secure ACS HTML interface, click the IETF RADIUS Attributes, [006] Service-Type checkbox. Then select Administrative. Administrative is required to enable RADIUS authentication for privileged user (SuperUser) connection with the CSS. "
Gilles. -
ACS 4.0.2 Radius Authentication Setup
Dear Experts,
I am having ACS 4.0.2 in my network, which I want to use for 802.1x Radius Authentication for Clients on PEAP-MSCHAPv2 methodology.
As per the documentation " EAP Authentication with RADIUS Server", Doc ID: 44844
I have configured Network Configuration and populated AAA client IP range and Secret Key.
Question1:
Under Authenticate Using option, there are various RADIUS flavors available for selection. For a Non Cisco AAA client, should I select RADIUS IETF?
Question 2:
In the above snap shot, It has an option called Global Authentication Setup, where we can setup EAP configuration. Under PEAP subsection there is an option to "Allow EAP-MSCHAPv2" check box.
After checking that, is a restart required to the ACS Server? Would it cause any disruptions to the existing services on the ACS?
Kindly help as it is not mentioned in the documentation available with me.
Regards,
KarthikHello,
As per the ASCII and HEXA settings concern you might want to ignore those fields and leave them as they are by default.
As per the "Bad request from NAS" and "Invalid message authenticator in EAP request" it is 99% of the times a Shared Secret Mismatch.
Under the ACS Interface Configuration > Advanced Options > Is the Network Device Groups option enabled? If yes, please check the Shared Secret Key at the NDG level where the device was created. Remember the NDG Shared Secret takes precedence over the one configured on the AAA Client entry itself.
Attaching an Example:
AAA client with Shared Secret as "Cisco123":
NDG Entry (which allocates AAA clients) with Shared Secret as "cisco"
In order to check the NDG Shared Secret go to Network Configuration > Click the appropriate NDG > Scroll to the bottom and click on Edit Properties.: -
What do IPSEC mean under Security - AAA - Radius - Authentication
I can't find exact information regarding the IPSec checkbox in Security -> AAA -> Radius -> Authentication.
On the Cisco Wireless LAN Controller Configuration Guide 5.1, it says "Check the IPSec check box to enable the IP security mechanism, or uncheck it to disable this feature.
The default value is unchecked."
What is exactly mean by IP security mechanism?
Does this mean that I can terminate VPN client over my WLC?
Take note that this options appeared even though no crypto card installed in my controller.This is old code from the Airespace days. There used to be a VPN module that would ride in the WLC. No longer supported, well can't buy it new, but if you had one already...you get the idea.
HTH,
Steve -
Radius authentication for the browser-based webtop
Hiya all,
With help of the radius-authentication module for apache (http://www.freeradius.org/mod_auth_radius/) and web-authentication it is possible to use radius-authentication for the classic-webtop. Has anyone got Radius authentication working for the browser-basedwebtop?
SSGD version:
Sun Secure Global Desktop Software for Intel Solaris 10+ (4.30.915)
Architecture code: i3so0510
This host: SunOS sgd1.<removed> 5.10 Generic_118855-36 i86pc i386 i86pc
I have the radius-module running for authentication of a single directory with the apache-config-lines:
SetEnvIf Request_URI "\.(cab|jar|gif|der)$" sgd_noauth_ok
<LocationMatch "/secure">
Order Allow,Deny
Allow from env=sgd_noauth_ok
AuthName "Radius authentication for SGD"
Authtype Basic
AuthRadiusAuthoritative on
AuthRadiusCookieValid 540
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
When changing the line <LocationMatch "/secure"> to <LocationMatch "/sgd"> the browser asks for a authentication and then a 'Not Found' page is being displayed.
When using the config-lines from http://docs.sun.com/source/819-6255/webauth_config_browser.html the login-page is being displayed normally and SSGD works.
The main difference I can find between the location /secure and /sgd is: /secure is a simple directory and /sgd is a JkMount to Tomcat.
Changing the JkLogLevel to debug gives the following info in the JkLogFile:
Radius authentication:
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (449): Attempting to map URI '/sgd' from 5 maps
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/examples/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (486): Found an exact match tta -> /sgd
With the password-authentication file:
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (449): Attempting to map URI '/sgd/' from 5 maps
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/examples/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (475): Found a wildchar match tta -> /sgd/*
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_get_worker_for_name::jk_worker.c (111): found a worker tta
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker axis
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker tta
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker examples
It seems that the JkMount is not being evaluated correctly after using the radius-authentication.
Any help will be usefull since I am allready stuck on this problem for a couple of days :(
Thanks,
Remold | EverettI got response from the Fat Bloke on the mailing list.
Adding the following line in the apache httpd.conf seams to help and resolved my problem:
Alias /sgd "/opt/tarantella/webserver/tomcat/5.0.28_axis1.2final_jk1.2.8/webapps/sgd"
Thanks The Fat Bloke !!
- Remold
These instructions are for a 4.2 SGD installation using SGD's third
party web authentication with mod_auth_radius.so (www.freeradius.org).
With 4.2 Sun didn't distribute enough of the Apache configured tree
to enable the use of axps to build the mod_auth_radius module, 4.3 is
better - Sun now install a modified axps and include files, I haven't
tried this with 4.3 yet though.
I built the mod_auth_radius module for Apache 1.3.33 (shipped with 4.2)
So, this is how we got this working with Radius (tested with SBR
server and freeradius.org server.)
Install SGD in the usual way.
Enable 3rd party authentication:
According to:
http://docs.sun.com/source/819-4309-10/en-us/base/standard/
webauth_config_browser.html
Configure the Tomcat component of the Secure Global Desktop Web
Server to
trust the web server authentication. On each array member, edit the
/opt/tarantella/webserver/tomcat/version/conf/server.xml file. Add the
following attribute to the connector element (<Connector>) for the
Coyote/JK2 AJP 1.3 Connector:
tomcatAuthentication="false"
# cat /opt/tarantella/webserver/tomcat/5.0.28_axis1.2final_jk1.2.8/
conf/server.xml
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<Connector port="8009" minProcessors="5" maxProcessors="75"
tomcatAuthentication="false"
enableLookups="true" redirectPort="8443"
acceptCount="10" debug="0" connectionTimeout="0"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
"By default, for security reasons, Secure Global Desktop
Administrators can't
log in to the browser-based webtop with web server authentication.
The standard
login page always displays for these users even if they have been
authenticated
by the web server. To change this behavior, run the following command:"
# tarantella config edit --tarantella-config-login-thirdparty-
allowadmins 1
Without this, after authenticating via webauth, the user will be
prompted for a
second username and password combination.
# /opt/tarantella/bin/tarantella objectmanager &
# /opt/tarantella/bin/tarantella arraymanager &
In Array Manager:
Select "Secure Global Desktop Login" on left side and click
"Properites" at bottom
Under "Secure Global Desktop Login Properties"
cd /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/conf
edit httpd.conf:
### For SGD Apache based authentication
Include conf/httpd4radius.conf
at the end of httpd.conf add:
Alias /sgd "/opt/tarantella/webserver/tomcat/
5.0.28_axis1.2final_jk1.2.8/webapps/sgd"
# cat httpd4radius.conf
LoadModule radius_auth_module libexec/mod_auth_radius.so
AddModule mod_auth_radius.c
# Add to the BOTTOM of httpd.conf
# If we're using mod_auth_radius, then add it's specific
# configuration options.
<IfModule mod_auth_radius.c>
# AddRadiusAuth server[:port] <shared-secret> [ timeout [ : retries ]]
# Use localhost, the old RADIUS port, secret 'testing123',
# time out after 5 seconds, and retry 3 times.
AddRadiusAuth radiusserver:1812 testing123 5:3
# AuthRadiusBindAddress <hostname/ip-address>
# Bind client (local) socket to this local IP address.
# The server will then see RADIUS client requests will come from
# the given IP address.
# By default, the module does not bind to any particular address,
# and the operating system chooses the address to use.
# AddRadiusCookieValid <minutes-for-which-cookie-is-valid>
# the special value of 0 (zero) means the cookie is valid forever.
AddRadiusCookieValid 5
</IfModule>
<LocationMatch /radius >
Order Allow,Deny
AuthType Basic
AuthName "RADIUS Authentication"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
SetEnvIf Request_URI "\.(cab|jar|gif|der)$" sgd_noauth_ok
<LocationMatch /sgd >
Order Allow,Deny
Allow from env=sgd_noauth_ok
AuthType Basic
AuthName "RADIUS Authentication"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
Put appropriate mod_auth_radius.so into
/opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/libexec
# mkdir /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/htdocs/radius/
# cat /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/htdocs/htpasswd/index.html
<HTML>
<HEAD>
<TITLE> Test Page for RADIUS authentication </TITLE>
</HEAD>
<BODY>
<B> You have reached the test page for RADIUS authentication.
</BODY>
</HTML>
I hope this helps!
-FB -
ACS Express radius authentication AD authorization
I work at a University and for some reason we have multiple systems for authentication and authorization. That being said I am trying to use radius to do authentication and AD for authorization for VPNs. I have the radius authentication working against our radius server. I have my ACS express setup to join the AD domain and everything looks good there. I setup the AD server as a radius object in AAA server groups on my ASA. Then I add the server below in the servers in selected groups window. I put all the info in there and when I hit test I click authorization and put in the username that I know is in the domain group I have associated with this on the ACS. The test fails and with authorization failed with invalid password. When I look at the logs on the ACS I see
01/06/2011 20:14:26 acsxp/server Warning Server 0 AD Agent Plain Text Authentication Failed for user: username@domain
01/06/2011 20:14:26 acsxp/server Warning Server 0 Authentication for user username failed for reason = 0
01/06/2011 20:14:26 acsxp/server Error Protocol 0 Request from 172.20.5.2: User username rejected . by RemoteServer: AD (InvalidPassword).
Username and domain are correct I just edited them for posting. It seems like it is trying to authenticate rather than authorize. All I want it to do is say yes the user is in this group or no the user is not in this group? You can't even fill in the password when testing authorization? Maybe I have something setup wrong on the ACS side but when I look at AD under users and identity stores, it says it is joined to the domain. When I do AD domain diagnostics under troubleshooting everything looks good. I have the ASA I am testing from defined as a device and in the ASA device group. Under access services in Radius access services I have one service that I setup that connects to the AD and it found the group so I know it is connecting. Any idea what I am doing wrong or where to look?
Any help would be GREATLY appreciated!
Thanks
JoeHi Joe,
We could take a deeper look at what is happening through some logs and debugs:
1. On ACS Express, under
Reports & Troubleshooting > Troubleshooting > Server Logs
please set the Express Server Trace Level to 5 and the Web Server Trace Level to 4.
Also, for the Log Level under OS Logging, please set its value to "Debug".
If previous old logs are not essential to you, you may also wanna delete all the log files first, so that we capture logs for the last day only.
2. On the ASA, please enable the following debugs
debug aaa authentication
debug aaa authorization
debug radius
3. Then please first recreate a successful authentication attempt, and then recreate the authorization test issue with the same user account for which you tested the successful authentication.
4. After the issue is recreated, please attach the debugs from the ASA and following files from the ACS Server Logs:
acsxp_adagent.log
acsxp_agent_server.log
acsxp_mcd.log
acsxp_server.log
acsxp_server_trace.log
Regards,
Fede
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
RADIUS authentication SF300-24P
RADIUS authentication SF300-24P
We have just purchased 20x SF300-24P switches to be installed at our remote offices and we are unable to get RADIUS authentication to work. We already use RADIUS on all our primary network CISCO switches (e.g. 4506s¸ 3560s, 3750s, AP1231Gs,etc) and these work fine so we know the RADIUS server is working.
We are trying to use RADIUS authentication to gain management access onto these switches. Quite simply although we can see that the RADIUS server is accepting the username and password being sent, however the switch says “authentication failed” when to receives the response. We are using Microsoft NPS RADIUS Clients for authentication purposes.
We have upgrade the switches to the latest firmware 1.1.2.0, via the console it seems to have a very cut down IOS version so we cannot use the typical CISCO command set to configure the RADIUS as we normally would. Looking at the web GUI there seems to be a number of options missing including the Accounting port. When debugging is switch on there is no indication to say that any of the settings have been misconfigured.
Any advice you could offer would be gratefully received.
Mike LewisHere is the documentation excerpt-
For the RADIUS server to grant access to the web-based switch configuration
utility, the RADIUS server must return cisco-avpair = shell:priv-lvl=15.
User authentication occurs in the order that the authentication methods are
selected. If the first authentication method is not available, the next selected
method is used. For example, if the selected authentication methods are RADIUS
and Local, and all configured RADIUS servers are queried in priority order and do
not reply, the user is authenticated locally.
If an authentication method fails or the user has insufficient privilege level, the user
is denied access to the switch. In other words, if authentication fails at an
authentication method, the switch stops the authentication attempt; it does not
continue and does not attempt to use the next authentication method.
Of course the point of interest here is the second paragraph. The initial wording is the behavior you want. The second portion is very open for interpretation (I do agree it is somewhat ambiguous but consistent with the switch behavior). When I read the example and it says the Radius is busy or not responding then you will authenticate locally. Which seems fair enough. But what it doesn't say, is if you can use one or the other, but instead it seems based on preference failure.
-Tom
Please rate helpful posts -
Radius Authentication in ACS 5.2 with AD
Friend,
I have a questión about radius authenticaction with AD, when I log in into the network with user in AD and I make a mistake in password my radius authenticaction event in ACS 5.2 dont show me this logg. only show the authentication succeeded but dont show me the authentication failed. Maybe i must to enable same service to show the authentiaction failed. The Voice authetication works fine..
This is the confg in the port of the switch:
interface FastEthernet0/12
switchport mode access
switchport access vlan 2
switchport voice vlan 10
authentication port-control auto
authentication host-mode multi-domain
authentication violation protect
authentication event fail action authorize vlan 11
authentication event fail retry 2 action authorize vlan 11
authentication event no-response action authorize vlan 11
authentication periodic
authentication timer reauthenticate 60
mab
dot1x pae authenticator
dot1x timeout tx-period 10
dot1x max-reauth-req 3
spanning-tree portfast
end
Vlan 2: DATA
Vlan 10: VOICE
Vlan 11: GUEST
thank...
MarcoHi Marco,
When you type in the wrong password do you see the login fail on the device you entered it? Depending on how you have configured fallback mechanisms on ACS, an attempt can still be permited eventhough the authentication failed.
It would be best to take a look at the authentication steps under the RADIUS authentication log for an attempt you beleive should have failed to see what ACS is doing with the request.
Steve.
Maybe you are looking for
-
After upgrading Itunes to version 11.1.2.32 my Ipod Touch no longer works with Windows. I've tried removing and replacing the driver, I've tried removing and reinstalling Itunes. When I call up the driver in Device Manager the Apple Mobile Device U
-
OIM 11g 11.1.1.5.0 I had exported the AD connector from our Dev environment and imported it into Test. When I try to assign the AD resource to a user, provisioning is stuck on the AD Create User adapter, specifically the isADAM Task. I'm assuming som
-
Timed structure for output in producer consumer data acquisition
Hello LabVIEW community, I have a bit of a problem. I am writing a program that is primarily for data aquisition but has a few control features as well. I need the program to aquire and write several channels of data at a relitively high speed. Th
-
Ipad: photo slide show with music problem.
Using the ipad, looking at my photo's, I select a photo, select slide show and knowing that I have already set the play music with slide show, I then press the Airplay icon. Seconds later the slide show starts on the Apple TV, but there is no music.
-
I've got a HTML/JS air app which connects to a REST interface on a remote server via HTTPS. It POSTs data to the interface every minute, sometimes more frequently but certainly no more than 3 times a minute. Every time it connects, my code creates a