Ronald, I don't think we're looking at a cert problem, as we're not even getting the weblogin page, and usually the hang up is the java client starting up. When the problem appears, we cannot even get to the point of inputting credentials.
Thanks to you and everyone for the input. --Homer Manila, CISSP Information Security Engineer Office of Information Technology American University 202-885-2209 * AU IT will never ask for your password via e-mail. * Don't share your password with anyone! From: "King, Ronald A." <[email protected]> To: [email protected] Date: 08/11/2010 04:56 PM Subject: Re: OSX Java issues with weblogin Sent by: Cisco Clean Access Users and Administrators <[email protected]> I have been troubleshooting a number of issues related to MACs. They tend to be related to JAVA and/or the certificate we use from ipsCA. · Most notably, Safari locks up as it tries to validate the certificate. I changed the Java Preferences to “Run applets in their own process.” · We have had users install the latest root certificate for ipsCA. o According to Cisco, if the root certificate is not present or invalid, nothing happens. That is no pop ups, no authentication completion. It just kicks the user back to a login. o Cisco has me verify the root certificate on their MAC matches the one on the CAS. Hope this helps. Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 700 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Fax: 757-823-2128 Email: [email protected] http://security.nsu.edu From: Cisco Clean Access Users and Administrators [ mailto:[email protected]] On Behalf Of Homer Manila Sent: Wednesday, August 11, 2010 1:50 PM To: [email protected] Subject: OSX Java issues with weblogin We are experiencing random problems on OSX's weblogin. In general, many of our OSX (and iPad) users are unable to login successfully, even when fully up-to-date, java and OSX-wise. We are forced to grant exemptions. We don't mandate any requirements for OSX users except for authentication (through weblogin, we don't push the agent yet), but users will experience one or a combination of the following errors when attempting to do so: weblogin will work in Firefox, but not in Safari weblogin will work in Safari, but not Firefox weblogin page will give out java applet error messages (error that most get) We're on 4.7.2. Anybody else getting this problem? --Homer Manila, CISSP Information Security Engineer Office of Information Technology American University 202-885-2209 * AU IT will never ask for your password via e-mail. * Don't share your password with anyone!
<<inline: graycol.gif>>
