Hey Matthew,

I think this is because of CSCsg41565. Take a look at this bug at 
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsg41565+
&Submit=Search

Because of this, I think you will have to enter the Admin credentials
with each post

Regards
Prem

 

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Matthew Kocher
Sent: Wednesday, January 03, 2007 4:13 PM
To: [log in to unmask]
Subject: API - Invalid admin credentials

Hi Everyone,

I'm new to the list, though I've been reading the archive for a while.
We've been using Clean Access since it was perfigo, so excuse me if I
ever refer to secure smarts.

A coworker of mine posted about the disappearance of the logout URL, and
the solution seemed to be using the API,  That task was passed to me,
and here I am.  We're running 4.0.3 with failover.  I downloaded the
sample script from cisco, and it consistently returned "Invalid admin
credentials", though they were correct, and had api access privileges.
I happened across Alex Lanstein's php scripts at http://
oak.conncoll.edu/~aclan/cca/ and tried them out, same problem.

I read the API documentation again, noticed that it said the username/
password were optional parameters for all queries, so added them into
the perl script, and it works.  Currently the code reads:

# Params required for the POST...
my $req = POST $url,
'Authorization' => "Basic ".$encoded,
Content => [
op => "addmac",
mac => "000112233445",
ip => "192.168.151.1",
type => "userole",
role => "copyright",
desc => "Dummy testing entry", # no comma here!
admin=> "$cam_uname",
passwd=> "$cam_passwd"
];


Is there anything wrong with doing this?  Does anyone know why this is
necessary?

Thanks for your help.

Matthew Kocher
Information Systems - International House UC Berkeley