LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

September 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS September 2007

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: MAC problem
From:	Nathaniel Austin <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Wed, 12 Sep 2007 08:47:16 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (85 lines)

Max,

In a Mac client here I found two root CA's pertaining to GTE Cybertrust. 
One of them is expired and called GTE Cybertrust Root CA. One is valid 
and called GTE Cybertrust Global Root CA.

Can you find out which one matches your CAS cert's CA?

Nate

Caines, Max wrote:
> Hi Nate
>
> This is a named certificate from a public CA (GTE CyberTrust). The browser
> didn't query it during the agent install process, so surely MacOS is OK with
> it too? Unfortunately I'm not in a position to contact the owner, so I can't
> be more definite than that.
>
> Regards
>
> Max 
>
>   
>> -----Original Message-----
>> From: Cisco Clean Access Users and Administrators 
>> [mailto:[log in to unmask]] On Behalf Of Nathaniel Austin
>> Sent: 12 September 2007 12:30
>> To: [log in to unmask]
>> Subject: Re: [CLEANACCESS] MAC problem
>>
>> Max,
>>
>> MacOS has much more stringent certificate verification rules than 
>> Windows. The two main things are:
>>
>> 1) CAS certificate has to be issued to a name. Windows can 
>> accept certs 
>> to IP address, but MacOS will not.
>> 2) The root cert for the CAS cert has to be already installed in the 
>> MacOS Keychain. Even if you bought a cert from an external 
>> CA, sometimes 
>> that root CA will not exist on the Mac.
>>
>> Can you verify those two things?
>>
>> Thanks,
>>
>> Nate
>>
>> Caines, Max wrote:
>>     
>>> Hi
>>>  
>>> We are using CCA 4.1.2.0 L2 in-band real-IP gateway on our wireless 
>>> network. I've got a MAC running MacOS 10.4.9 which has successfully 
>>> installed the agent, but when the owner enters her credentials, the 
>>> agent says "Cisco Clean Access Agent is having a problem 
>>>       
>> communicating 
>>     
>>> with the NAC server". The CAS certificate is a public one, and the 
>>> browser didn't query it. If you try to access a Web page you get 
>>> redirected back to the CAS, so the client clearly has 
>>>       
>> network access. 
>>     
>>> There are plenty of other people logged in, so it doesn't 
>>>       
>> appear to be 
>>     
>>> a CAS-CAM communication problem. The CAM log just says 
>>>       
>> "Unable to log 
>>     
>>> in". Any idea what this might be?
>>>  
>>> Thanks
>>>  
>>> Max Caines
>>> IT Services, University of Wolverhampton
>>> Wolverhampton, West Midlands WV1 1SB
>>> Tel: 01902 322245 Fax: 01902 322777
>>>  
>>>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU