Security

Reply
Frequent Contributor I

cant get ordered filter for attributes

hello

im getting the following error but still im able to authenticate. do you have any idea why?

 

2012-11-02 14:23:27,673[AuthReqThreadPool-4-0x4250c940 r=R000001a8-01-5093c94f h=17] ERROR AuthSource.AuthAttributesInfo - Can't get ordered filters for attributes; error in getting filter for attribute cn
2012-11-02 14:23:27,673[AuthReqThreadPool-4-0x4250c940 r=R000001a8-01-5093c94f h=17] ERROR Ldap.LdapQuery - Failed to get value for attributes=cn]
2012-11-02 14:23:27,675[RequestHandler-1-0x4431b940 h=6175 c=R000001a8-01-5093c94f] ERROR Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Authorization:AD_Authentication:cn}, error=No values for param=Authorization:AD_Authentication:cn
2012-11-02 14:23:27,675

[RequestHandler-1-0x4431b940 h=6175 c=R000001a8-01-5093c94f] ERROR Core.EnfProfileComputer - checkAddAttr: Failed to find finalValue for %{Authorization:AD_Authentication:cn}

 

Attributes
Filter:(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))
Attributes:The following attributes are selected for this filter -
 NameAlias NameEnabled as
1.DepartmentDepartmentAttribute
2.MemberOfMemberOfAttribute
3.mailEmailAttribute
4.displayNamedisplayNameAttribute
5.distinguishedNamedistinguishedName

Attribute

Guru Elite

Re: cant get ordered filter for attributes

In the Primary Tab of your AD authentication source, did you enter a "Bind User"?  Can you click on "Search Base DN" to see if that LDAP user can browse correctly?

 

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Frequent Contributor I

Re: cant get ordered filter for attributes

yes i did otherwise i guess nothing would have worked.

 

Guru Elite

Re: cant get ordered filter for attributes

Without that Bind user, authentication will work but Authorization (retrieving attributes) will not.  Joining domain allows authentication via 802.1x.  Adding a bind user provides authorization on top of that.

 

You should open a TAC case if the Browse works but you continue to have that error.

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Frequent Contributor I

Re: cant get ordered filter for attributes

its strange because the log state , there is no hostname

 

2012-11-02 14:49:22,258[AuthReqThreadPool-1-0x41716940 r=R000001b5-01-5093cf62 h=14] ERROR AuthSource.AuthAttributesInfo - Can't get ordered filters for attributes; error in getting filter for attribute HostName
2012-11-02 14:49:22,258[AuthReqThreadPool-1-0x41716940 r=R000001b5-01-5093cf62 h=14] ERROR Ldap.LdapQuery - Failed to get value for attributes=HostName]
2012-11-02 14:49:22,259[RequestHandler-1-0x4431b940 h=6368 c=R000001b5-01-5093cf62] ERROR Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Authorization:AD_Authentication:HostName}, error=No values for param=Authorization:AD_Authentication:HostName
2012-11-02 14:49:22,259[RequestHandler-1-0x4431b940 h=6368 c=R000001b5-01-5093cf62] ERROR Core.EnfProfileComputer - checkAddAttr: Failed to find finalValue for %{Authorization:AD_Authentication:HostName}

 

but my attribs are diffrent,

1.DepartmentDepartment=Attribute  
2.MemberOfMemberOf=Attribute  
3.mailEmail=Attribute  
4.displayNamedisplayName=Attribute  
5.distinguishedNamedistinguishedName=Attribute  
6.Click to add...   
Guru Elite

Re: cant get ordered filter for attributes

You are missing some attributes:

 

attributes.png

filter2.png

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Frequent Contributor I

Re: cant get ordered filter for attributes

same error why is he looing for hostname

2012-11-02 15:40:24,717[AuthReqThreadPool-1-0x41716940 r=R000001b6-01-5093db58 h=14] ERROR AuthSource.AuthAttributesInfo - Can't get ordered filters for attributes; error in getting filter for attribute HostName
2012-11-02 15:40:24,717[AuthReqThreadPool-1-0x41716940 r=R000001b6-01-5093db58 h=14] ERROR Ldap.LdapQuery - Failed to get value for attributes=HostName]
2012-11-02 15:40:24,717[RequestHandler-1-0x4431b940 r=R000001b6-01-5093db58 h=6400 c=R000001b6-01-5093db58] INFO Core.PETaskRadiusCoAEnfProfileBuilder - getApplicableProfiles: No radius_coa enforcement profiles applicable for this device
2012-11-02 15:40:24,718[RequestHandler-1-0x4431b940 h=6399 c=R000001b6-01-5093db58] ERROR Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Authorization:AD_Authentication:HostName}, error=No values for param=Authorization:AD_Authentication:HostName
2012-11-02 15:40:24,718[RequestHandler-1-0x4431b940 h=6399 c=R000001b6-01-5093db58] ERROR Core.EnfProfileComputer - checkAddAttr: Failed to find finalValue for %{Authorization:AD_Authentication:HostName}
Guru Elite

Re: cant get ordered filter for attributes

Did you add the filter and the associated attributes?

 

If you did, please open a support case so that this can be looked into further.

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Frequent Contributor I

Re: cant get ordered filter for attributes

i only have these two now; it should be enough no?

 

Filter NameAttribute NameAlias NameEnabled As  
1.AuthenticationDepartmentDepartmentAttribute  
 MemberOfMemberOfAttribute
 mailEmailAttribute
 displayNamedisplayNameAttribute
 distinguishedNamedistinguishedNameAttribute
2.MachinednSHostNameHostNameAttribute 

 

 

 

 operatingSystemOperatingSystemAttribute
 operatingSystemServicePackOSServicePack

Attribute

 
Filters :

1. (&(objectClass=user)(sAMAccountName=%{Authentication:Username})) 2. (&(objectClass=computer)(sAMAccountName=%{Host:Name}))

Frequent Contributor I

Re: cant get ordered filter for attributes

i have re-created the service from scratch

still getting the same error

[AuthReqThreadPool-1-0x41716940 r=R000001b6-01-5093db58 h=14] ERROR AuthSource.AuthAttributesInfo - Can't get ordered filters for attributes; error in getting filter for attribute HostName

 

although everything is working fine

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: