Security

Reply
Frequent Contributor I
Posts: 85
Registered: ‎10-17-2012

cant get ordered filter for attributes

hello

im getting the following error but still im able to authenticate. do you have any idea why?

 

2012-11-02 14:23:27,673[AuthReqThreadPool-4-0x4250c940 r=R000001a8-01-5093c94f h=17] ERROR AuthSource.AuthAttributesInfo - Can't get ordered filters for attributes; error in getting filter for attribute cn
2012-11-02 14:23:27,673[AuthReqThreadPool-4-0x4250c940 r=R000001a8-01-5093c94f h=17] ERROR Ldap.LdapQuery - Failed to get value for attributes=cn]
2012-11-02 14:23:27,675[RequestHandler-1-0x4431b940 h=6175 c=R000001a8-01-5093c94f] ERROR Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Authorization:AD_Authentication:cn}, error=No values for param=Authorization:AD_Authentication:cn
2012-11-02 14:23:27,675

[RequestHandler-1-0x4431b940 h=6175 c=R000001a8-01-5093c94f] ERROR Core.EnfProfileComputer - checkAddAttr: Failed to find finalValue for %{Authorization:AD_Authentication:cn}

 

Attributes
Filter:(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))
Attributes:The following attributes are selected for this filter -
 NameAlias NameEnabled as
1.DepartmentDepartmentAttribute
2.MemberOfMemberOfAttribute
3.mailEmailAttribute
4.displayNamedisplayNameAttribute
5.distinguishedNamedistinguishedName

Attribute

Guru Elite
Posts: 20,574
Registered: ‎03-29-2007

Re: cant get ordered filter for attributes

In the Primary Tab of your AD authentication source, did you enter a "Bind User"?  Can you click on "Search Base DN" to see if that LDAP user can browse correctly?

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 85
Registered: ‎10-17-2012

Re: cant get ordered filter for attributes

yes i did otherwise i guess nothing would have worked.

 

Guru Elite
Posts: 20,574
Registered: ‎03-29-2007

Re: cant get ordered filter for attributes

Without that Bind user, authentication will work but Authorization (retrieving attributes) will not.  Joining domain allows authentication via 802.1x.  Adding a bind user provides authorization on top of that.

 

You should open a TAC case if the Browse works but you continue to have that error.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 85
Registered: ‎10-17-2012

Re: cant get ordered filter for attributes

its strange because the log state , there is no hostname

 

2012-11-02 14:49:22,258[AuthReqThreadPool-1-0x41716940 r=R000001b5-01-5093cf62 h=14] ERROR AuthSource.AuthAttributesInfo - Can't get ordered filters for attributes; error in getting filter for attribute HostName
2012-11-02 14:49:22,258[AuthReqThreadPool-1-0x41716940 r=R000001b5-01-5093cf62 h=14] ERROR Ldap.LdapQuery - Failed to get value for attributes=HostName]
2012-11-02 14:49:22,259[RequestHandler-1-0x4431b940 h=6368 c=R000001b5-01-5093cf62] ERROR Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Authorization:AD_Authentication:HostName}, error=No values for param=Authorization:AD_Authentication:HostName
2012-11-02 14:49:22,259[RequestHandler-1-0x4431b940 h=6368 c=R000001b5-01-5093cf62] ERROR Core.EnfProfileComputer - checkAddAttr: Failed to find finalValue for %{Authorization:AD_Authentication:HostName}

 

but my attribs are diffrent,

1.DepartmentDepartment=Attribute  
2.MemberOfMemberOf=Attribute  
3.mailEmail=Attribute  
4.displayNamedisplayName=Attribute  
5.distinguishedNamedistinguishedName=Attribute  
6.Click to add...   
Guru Elite
Posts: 20,574
Registered: ‎03-29-2007

Re: cant get ordered filter for attributes

[ Edited ]

You are missing some attributes:

 

attributes.png

filter2.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 85
Registered: ‎10-17-2012

Re: cant get ordered filter for attributes

same error why is he looing for hostname

2012-11-02 15:40:24,717[AuthReqThreadPool-1-0x41716940 r=R000001b6-01-5093db58 h=14] ERROR AuthSource.AuthAttributesInfo - Can't get ordered filters for attributes; error in getting filter for attribute HostName
2012-11-02 15:40:24,717[AuthReqThreadPool-1-0x41716940 r=R000001b6-01-5093db58 h=14] ERROR Ldap.LdapQuery - Failed to get value for attributes=HostName]
2012-11-02 15:40:24,717[RequestHandler-1-0x4431b940 r=R000001b6-01-5093db58 h=6400 c=R000001b6-01-5093db58] INFO Core.PETaskRadiusCoAEnfProfileBuilder - getApplicableProfiles: No radius_coa enforcement profiles applicable for this device
2012-11-02 15:40:24,718[RequestHandler-1-0x4431b940 h=6399 c=R000001b6-01-5093db58] ERROR Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =%{Authorization:AD_Authentication:HostName}, error=No values for param=Authorization:AD_Authentication:HostName
2012-11-02 15:40:24,718[RequestHandler-1-0x4431b940 h=6399 c=R000001b6-01-5093db58] ERROR Core.EnfProfileComputer - checkAddAttr: Failed to find finalValue for %{Authorization:AD_Authentication:HostName}
Guru Elite
Posts: 20,574
Registered: ‎03-29-2007

Re: cant get ordered filter for attributes

Did you add the filter and the associated attributes?

 

If you did, please open a support case so that this can be looked into further.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 85
Registered: ‎10-17-2012

Re: cant get ordered filter for attributes

i only have these two now; it should be enough no?

 

Filter NameAttribute NameAlias NameEnabled As  
1.AuthenticationDepartmentDepartmentAttribute  
 MemberOfMemberOfAttribute
 mailEmailAttribute
 displayNamedisplayNameAttribute
 distinguishedNamedistinguishedNameAttribute
2.MachinednSHostNameHostNameAttribute 

 

 

 

 operatingSystemOperatingSystemAttribute
 operatingSystemServicePackOSServicePack

Attribute

 
Filters :

1. (&(objectClass=user)(sAMAccountName=%{Authentication:Username})) 2. (&(objectClass=computer)(sAMAccountName=%{Host:Name}))

Frequent Contributor I
Posts: 85
Registered: ‎10-17-2012

Re: cant get ordered filter for attributes

i have re-created the service from scratch

still getting the same error

[AuthReqThreadPool-1-0x41716940 r=R000001b6-01-5093db58 h=14] ERROR AuthSource.AuthAttributesInfo - Can't get ordered filters for attributes; error in getting filter for attribute HostName

 

although everything is working fine

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: