Hi All,
We have a following Client requirement
1. Authentication type is EAP-TLS.........working fine.
2.For different AD group of users we have enforce different VLAN depending on group name........not working.
The issue we are faicng is when we created role mapping policy for different AD Groups i am getting following error messages.
Kindly let me know how to resolve this issue.
Request log details for session: R00000030-11-5225c73a
Time Message
2013-09-03 16:55:46,085 [Th 40 Req 315 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_service: Starting Service Categorization - 15:254:D4-3D-7E-12-A5-49
2013-09-03 16:55:46,092 [RequestHandler-1-0x7f2fad3e9700 r=psauto-1378126681-132 h=223 r=R00000030-11-5225c73a] INFO Core.ServiceReqHandler - Service classification result = Certificate_based_Test
2013-09-03 16:55:46,093 [Th 40 Req 315 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_service: The request has been categorized into service "Certificate_based_Test"
2013-09-03 16:55:46,093 [Th 40 Req 315 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_ldap: searching for user host/INGVYSAHOTEST.IN.intranet in AD:spininf00001.in.intranet
2013-09-03 16:55:46,095 [Th 40 Req 315 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_ldap: found user host/INGVYSAHOTEST.IN.intranet in AD:spininf00001.in.intranet
2013-09-03 16:55:46,095 [Th 40 Req 315 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_eap_tls: Initiate
2013-09-03 16:55:46,096 [Th 40 Req 315 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 15:76:D4-3D-7E-12-A5-49:0x00a40087002f00e73b010000d3e70a303a32a52dea8f6f95c95bd811
2013-09-03 16:55:46,112 [Th 32 Req 316 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "Certificate_based_Test" - 16:386:D4-3D-7E-12-A5-49
2013-09-03 16:55:46,113 [Th 32 Req 316 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - TLS_accept:error in SSLv3 read finished A
2013-09-03 16:55:46,113 [Th 32 Req 316 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - reqst_update_state: Access-Challenge 16:225:D4-3D-7E-12-A5-49:0x00f70020002b00c73c010000520e47f9ab1f806777c5c9926f39fd6e
2013-09-03 16:55:46,123 [Th 33 Req 317 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_service: The request was categorized into service "Certificate_based_Test" - 17:318:D4-3D-7E-12-A5-49
2013-09-03 16:55:46,123 [Th 33 Req 317 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_eap_tls: Session established.
2013-09-03 16:55:46,124 [Th 33 Req 317 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_policy: Starting Policy Evaluation.
2013-09-03 16:55:46,130 [RequestHandler-1-0x7f2fad3e9700 r=psauto-1378126681-133 h=239 r=R00000030-11-5225c73a] INFO Common.EndpointTable - Returning NULL (EndpointPtr) for macAddr d43d7e12a549
2013-09-03 16:55:46,130 [RequestHandler-1-0x7f2fad3e9700 r=psauto-1378126681-133 h=239 r=R00000030-11-5225c73a] INFO Common.TagDefinitionCacheTable - No InstanceTagDefCacheMap found for instance id = 3354 entity id = 29
2013-09-03 16:55:46,130 [RequestHandler-1-0x7f2fad3e9700 r=psauto-1378126681-133 h=239 r=R00000030-11-5225c73a] INFO Common.TagDefinitionCacheTable - Building the TagDefMapTable for NAD instance=3354
2013-09-03 16:55:46,130 [RequestHandler-1-0x7f2fad3e9700 r=psauto-1378126681-133 h=239 r=R00000030-11-5225c73a] INFO Common.TagDefinitionCacheTable - Built 0 tag(s) for NAD instanceId=3354|entityId=29
2013-09-03 16:55:46,131 [RequestHandler-1-0x7f2fad3e9700 r=psauto-1378126681-133 h=239 r=R00000030-11-5225c73a] INFO TAT.TagAttrHolderBuilder - No tags built for instanceId=3354|entity=Device
2013-09-03 16:55:46,131 [RequestHandler-1-0x7f2fad3e9700 r=psauto-1378126681-133 h=239 r=R00000030-11-5225c73a] INFO TAT.AluTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL AuthLocalUser)
2013-09-03 16:55:46,131 [RequestHandler-1-0x7f2fad3e9700 r=psauto-1378126681-133 h=239 r=R00000030-11-5225c73a] INFO TAT.GuTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL GuestUser)
2013-09-03 16:55:46,131 [RequestHandler-1-0x7f2fad3e9700 r=psauto-1378126681-133 h=239 r=R00000030-11-5225c73a] INFO TAT.EndpointTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Endpoint)
2013-09-03 16:55:46,131 [RequestHandler-1-0x7f2fad3e9700 r=psauto-1378126681-133 h=239 r=R00000030-11-5225c73a] INFO TAT.OnboardTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Onboard Device User)
2013-09-03 16:55:46,131 [RequestHandler-1-0x7f2fad3e9700 h=1235 c=R00000030-11-5225c73a] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Started ***
2013-09-03 16:55:46,132 [RequestHandler-1-0x7f2fad3e9700 h=1236 c=R00000030-11-5225c73a] WARN REC.EvaluatorCtx - Prerequisites set is empty, not populating the Request Map
2013-09-03 16:55:46,132 [AuthReqThreadPool-26-0x7f307adf6700 r=R00000030-11-5225c73a h=67] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(distinguishedName=%{memberOf}), error=No values for param=memberOf
2013-09-03 16:55:46,133 [AuthReqThreadPool-26-0x7f307adf6700 r=R00000030-11-5225c73a h=67] WARN Ldap.LdapQuery - execute: Failed to construct filter=(distinguishedName=%{memberOf})
2013-09-03 16:55:46,133 [AuthReqThreadPool-26-0x7f307adf6700 r=R00000030-11-5225c73a h=67] WARN Ldap.LdapQuery - Failed to get value for attributes=Groups]
2013-09-03 16:55:46,133 [RequestHandler-1-0x7f2fad3e9700 h=1237 c=R00000030-11-5225c73a] INFO Core.PETaskRoleMapping - Roles: Guest], Machine Authenticated]
2013-09-03 16:55:46,135 [RequestHandler-1-0x7f2fad3e9700 h=1240 c=R00000030-11-5225c73a] INFO Core.PETaskEnforcement - EnfProfiles: Cert_based_NAC_infrastructure
2013-09-03 16:55:46,135 [RequestHandler-1-0x7f2fad3e9700 h=1245 c=R00000030-11-5225c73a] INFO Core.PETaskGenericEnfProfileBuilder - getApplicableProfiles: No App enforcement (Generic) profiles applicable for this device
2013-09-03 16:55:46,136 [RequestHandler-1-0x7f2fad3e9700 h=1241 c=R00000030-11-5225c73a] INFO Core.PETaskRadiusEnfProfileBuilder - EnfProfileAction=ACCEPT
2013-09-03 16:55:46,136 [RequestHandler-1-0x7f2fad3e9700 h=1241 c=R00000030-11-5225c73a] INFO Core.PETaskRadiusEnfProfileBuilder - Radius enfProfiles used: Cert_based_NAC_infrastructure
2013-09-03 16:55:46,136 [RequestHandler-1-0x7f2fad3e9700 h=1241 c=R00000030-11-5225c73a] INFO Core.EnfProfileComputer - getFinalSessionTimeout: sessionTimeout = 10800
2013-09-03 16:55:46,137 [RequestHandler-1-0x7f2fad3e9700 h=1246 c=R00000030-11-5225c73a] INFO Core.PETaskCliEnforcement - startHandler: No commands for CLI enforcement
2013-09-03 16:55:46,137 [RequestHandler-1-0x7f2fad3e9700 r=R00000030-11-5225c73a h=1244 c=R00000030-11-5225c73a] INFO Core.PETaskPostAuthEnfProfileBuilder - getApplicableProfiles: No Post auth enforcement profiles applicable for this device
2013-09-03 16:55:46,138 [RequestHandler-1-0x7f2fad3e9700 r=R00000030-11-5225c73a h=1242 c=R00000030-11-5225c73a] INFO Core.PETaskRadiusCoAEnfProfileBuilder - getApplicableProfiles: No radius_coa enforcement profiles applicable for this device
2013-09-03 16:55:46,142 [RequestHandler-1-0x7f2fad3e9700 h=1248 c=R00000030-11-5225c73a] INFO Core.XpipPolicyResHandler - populateResponseTlv: PETaskPostureOutput does not exist. Skip sending posture VAFs
2013-09-03 16:55:46,142 [RequestHandler-1-0x7f2fad3e9700 h=1248 c=R00000030-11-5225c73a] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr
2013-09-03 16:55:46,143 [Th 33 Req 317 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_policy: Received Accept Enforcement Profile
2013-09-03 16:55:46,143 [Th 33 Req 317 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_policy: Added Class attribute with value Class = 0xe01eeb5fba974171b4bba595e0ae50d1d80b0000000000005230303030303033302d31312d35323235633733610000000000000000000000
2013-09-03 16:55:46,143 [Th 33 Req 317 SessId R00000030-11-5225c73a] INFO RadiusServer.Radius - rlm_policy: Policy Server reply does not contain Posture-Validation-Response
2013-09-03 16:55:46,143 [RequestHandler-1-0x7f2fad3e9700 h=1247 c=R00000030-11-5225c73a] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr
2013-09-03 16:55:46,143 [RequestHandler-1-0x7f2fad3e9700 r=R00000030-11-5225c73a h=1235 c=R00000030-11-5225c73a] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Completed ***
#AP225