Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS and IBM TSCM problem

Hi All,

I use ACS 4.1 server and IBM TSCM 5.1 server with FP 24 (for server and client) and CTA client and CSSC client.

At many stations (daily for other stations) is the following problem:

"No matched required credential types in any posture validation rule", temporarily I solve the problem by restarting the SCM service on workstation or restarting workstation.

The first rule of this internal posture is performed on the following IBM Corporation pair: IBM_Corporation:SCM:Violation_count

Logs on the ACS "Failed Attempts active" indicates the following:

- Message-Type: Authen failed

- Authen-Failure-Code: Posture Validation Failure (general)

- EAP Type Name: EAP-FAST

- Reason: No matched required credential types in any posture validation rule

- Cisco:PA:PA-Name: ..

- Cisco:PA:PA-Version: ..

- Cisco:PA:OS-Type: ..

- Cisco:Host:ServicePacks: ..

- IBM_Corporation:SCM:Violation_count: ..

After this messages I verify logs for the same workstation on the ACS "Passed Attempts active" indicates the following:

- System-Posture-Token: Unknown

- IBM_Corporation:SCM:Violation_count: ..

- Cisco:PA:OS-Type: Windows XP Professional

- Cisco:Host:ServicePacks: Service Pack 2

and workstation is placed into the quarantine vlan.

We used authentication with ACS without credential type IBM_Corporation: SCM in "Posture Validation" and I have no errors and workstation is placed in Healthy Vlan.

I think the problem is with the TSCM, does anyone have any idea how to solve it?

ibmnac6.inf

[main]

PluginName=ibmnac6.dll

VendorID=2

VendorIDName=IBM Corporation

AppList=scm

[scm]

AppType=50

AppTypeName=SCM

AttributeList=attr1,attr2

attr1=20,string,Policy Version

attr2=21,integer32,Violation Count

I use the following ADF file:

[attr#0]

vendor-id=2

vendor-name=IBM_Corporation

application-id=50

application-name=SCM

attribute-id=00020

attribute-name=Policy Version

attribute-profile=in out

attribute-type=string

[attr#1]

vendor-id=2

vendor-name=IBM_Corporation

application-id=50

application-name=SCM

attribute-id=00021

attribute-name=Violation count

attribute-profile=in out

attribute-type=unsigned integer

[attr#2]

vendor-id=2

vendor-name=IBM_Corporation

application-id=50

application-name=SCM

attribute-id=00010

attribute-name=Action

attribute-profile=out

attribute-type=String

Thanks in advance for your attention.

Best Regards,

Mugur

198
Views
0
Helpful
0
Replies