Homer,

Create a new Login Page, select MAC_ALL as the Operating System and uncheck the 
"Use web client to detect client MAC address and Operating System." Check box.
Move the new Login Page up the list so that it is above the one that applies to 
ALL.

As long as you set the Default Provider for the Login Page the same for both 
pages then users will still be authenticated just as before.  The only 
difference will be that the Mac users will have their OS version determined by 
browser agent detection instead of using the web agent detection.

_____________________________
Rob Biddle
Network Systems Engineer / Administrator
College of Mount St. Joseph

From: Cisco Clean Access Users and Administrators 
[mailto:[email protected]] On Behalf Of Homer Manila
Sent: Thursday, August 12, 2010 11:46 AM
To: [email protected]
Subject: Re: OSX Java issues with weblogin


Dan,

We currently only have one user page for the whole user community, and yes, the 
web client is enabled for it. Are you suggesting we turn off the web client for 
problematic OSes? Doesn't that mean we'd have to disable the login page for 
those devices, and preclude authentication?

--Homer Manila, CISSP
Information Security Engineer
Office of Information Technology
American University
202-885-2209

* AU IT will never ask for your password via e-mail.
* Don't share your password with anyone!

[cid:[email protected]]Dan Taube ---08/11/2010 04:13:03 PM--- 
Homer, Do you have the web client enabled for your user page?

From: Dan Taube <[email protected]>
To: [email protected]
Date: 08/11/2010 04:13 PM
Subject: Re: OSX Java issues with weblogin
Sent by: Cisco Clean Access Users and Administrators 
<[email protected]>

________________________________



Homer,

Do you have the web client enabled for your user page?

For example, our users that are put into a web login path (iPhones, iPads, 
BlackBerry & Android devices, etc.) do not have the web client enabled for 
their user pages. This means when the NAC appliance is figuring out what OS the 
user has it does not require the Java applet, but rather other means (browser 
useragent).

Dan Taube
Call Center Supervisor :: Associate IT Support
University Computer Help Desk :: Illinois State University
309-438-8985 [direct] :: 309-438-4357 [support]
[email protected]<mailto:[email protected]>

On 8/11/2010 12:50 PM, Homer Manila wrote:
We are experiencing random problems on OSX's weblogin. In general, many of our 
OSX (and iPad) users are unable to login successfully, even when fully 
up-to-date, java and OSX-wise. We are forced to grant exemptions.

We don't mandate any requirements for OSX users except for authentication 
(through weblogin, we don't push the agent yet), but users will experience one 
or a combination of the following errors when attempting to do so:

          *   weblogin will work in Firefox, but not in Safari
          *   weblogin will work in Safari, but not Firefox
          *   weblogin page will give out java applet error messages (error 
that most get)


We're on 4.7.2.

Anybody else getting this problem?

--Homer Manila, CISSP
Information Security Engineer
Office of Information Technology
American University
202-885-2209

* AU IT will never ask for your password via e-mail.
* Don't share your password with anyone!

<<inline: image001.gif>>

Reply via email to