ACS and IBM TSCM problem

Unanswered Question
Jan 19th, 2009

Hi All,

I use ACS 4.1 server and IBM TSCM 5.1 server with FP 24 (for server and client) and CTA client and CSSC client.

At many stations (daily for other stations) is the following problem:

"No matched required credential types in any posture validation rule", temporarily I solve the problem by restarting the SCM service on workstation or restarting workstation.

The first rule of this internal posture is performed on the following IBM Corporation pair: IBM_Corporation:SCM:Violation_count

Logs on the ACS "Failed Attempts active" indicates the following:

- Message-Type: Authen failed

- Authen-Failure-Code: Posture Validation Failure (general)

- EAP Type Name: EAP-FAST

- Reason: No matched required credential types in any posture validation rule

- Cisco:PA:PA-Name: ..

- Cisco:PA:PA-Version: ..

- Cisco:PA:OS-Type: ..

- Cisco:Host:ServicePacks: ..

- IBM_Corporation:SCM:Violation_count: ..

After this messages I verify logs for the same workstation on the ACS "Passed Attempts active" indicates the following:

- System-Posture-Token: Unknown

- IBM_Corporation:SCM:Violation_count: ..

- Cisco:PA:OS-Type: Windows XP Professional

- Cisco:Host:ServicePacks: Service Pack 2

and workstation is placed into the quarantine vlan.

We used authentication with ACS without credential type IBM_Corporation: SCM in "Posture Validation" and I have no errors and workstation is placed in Healthy Vlan.

I think the problem is with the TSCM, does anyone have any idea how to solve it?

ibmnac6.inf

[main]

PluginName=ibmnac6.dll

VendorID=2

VendorIDName=IBM Corporation

AppList=scm

[scm]

AppType=50

AppTypeName=SCM

AttributeList=attr1,attr2

attr1=20,string,Policy Version

attr2=21,integer32,Violation Count

I use the following ADF file:

[attr#0]

vendor-id=2

vendor-name=IBM_Corporation

application-id=50

application-name=SCM

attribute-id=00020

attribute-name=Policy Version

attribute-profile=in out

attribute-type=string

[attr#1]

vendor-id=2

vendor-name=IBM_Corporation

application-id=50

application-name=SCM

attribute-id=00021

attribute-name=Violation count

attribute-profile=in out

attribute-type=unsigned integer

[attr#2]

vendor-id=2

vendor-name=IBM_Corporation

application-id=50

application-name=SCM

attribute-id=00010

attribute-name=Action

attribute-profile=out

attribute-type=String

Thanks in advance for your attention.

Best Regards,

Mugur

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion