User-ID agent, 802.1x and Windows 2008 NPS - help needed!

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User-ID agent, 802.1x and Windows 2008 NPS - help needed!

Not applicable

I followed the following guide here:

PANOS 5.0 User-ID Installation and configuration including integration guide with Microsoft NPS

I am able to capture the 6272 Windows Events and pass them to the UIDRADIUSScript.vbs, but I am having issues at that point. I have debugging enabled in UIDConfig.xml, and here is a sample of the output I get, it appears I am unable to obtain the DHCP scopes.

===================================================================================================================================

UID Script triggered at 11/15/2013 10:08:25 AM

Capturing arguments...

Script executed with arguments: "testuser" 94-94-26-E4-CD-CA

Loading Exclusions...

Exclusions loaded successfully

DHCP Lease query for Windows Event User: testuser Calling Station ID: 94-94-26-E4-CD-CA Querying DHCP Servers: 192.168.1.66

Not machine auth event

DHCP Server: 192.168.1.66

Defining scopes:

Searching DHCP leases for 949426e4cdca

       SCOPE:

UID Script finished execution at 11/15/2013 10:08:25 AM Run-time: 0 seconds

===================================================================================================================================

Here is my UIDConfig.xml

<?xml version="1.0" encoding="UTF-8"?>

<user-id-script-config>

<wireless-lan-controllers>

<wlc>1.1.1.1</wlc>

<wlc>1.1.1.2</wlc>

</wireless-lan-controllers>

<domain>NSCORP</domain>

<LogPath>C:\Windows\System32\LogFiles\npsaccounting\</LogPath>

<LogFormat>DHCP</LogFormat>

<AgentServer>127.0.0.1</AgentServer>

<AgentPort>5006</AgentPort>

<Debug>2</Debug>

<DHCPServer>dc.nscorp.local</DHCPServer>

<Key>key</Key>

<VSYS>vsys0</VSYS>

<Agent>1</Agent>

<Timeout>20</Timeout>

</user-id-script-config>

I am running the script as a domain admin, and I also added the domain admin to the DHCP Users group as instructed in the guide. My NPS server and User-ID agent are running on the same server, my DHCP server is running on another server.

1 accepted solution

Accepted Solutions

L3 Networker

Hi,

can you modify the script and add the green line please

Function PostToAgent(strUserAgentData)

         sUrl = "https://" & strAgentServer & ":" & strAgentPort & "/"
         On Error Resume Next
         xmlHttp.open "put", sUrl, False
         xmlhttp.setRequestHeader "Content-type", "text/xml"
         xmlHttp.setOption 2, 13056
         WScript.Echo(strUserAgentData)
         xmlHttp.send(strUserAgentData)
         xmlHttp.close
End Function

then can you run the script manually by executing the below command from command prompt ?

UIDRADIUSScript.vbs "test" 001b631c023c

you need to replace the MAC address with a valid one. check your DHCP server for a valid mac address.

also try to run this command manually and see if you can get the result "netsh dhcp server \\<dhcpserver> show scope"

you do not need to set <agent>1</agent> since you are not using agentless User-ID, change that to 0

also are you using the latest script ? the latest script supports multiple DHCP scope.

View solution in original post

5 REPLIES 5

L3 Networker

Hi,

can you modify the script and add the green line please

Function PostToAgent(strUserAgentData)

         sUrl = "https://" & strAgentServer & ":" & strAgentPort & "/"
         On Error Resume Next
         xmlHttp.open "put", sUrl, False
         xmlhttp.setRequestHeader "Content-type", "text/xml"
         xmlHttp.setOption 2, 13056
         WScript.Echo(strUserAgentData)
         xmlHttp.send(strUserAgentData)
         xmlHttp.close
End Function

then can you run the script manually by executing the below command from command prompt ?

UIDRADIUSScript.vbs "test" 001b631c023c

you need to replace the MAC address with a valid one. check your DHCP server for a valid mac address.

also try to run this command manually and see if you can get the result "netsh dhcp server \\<dhcpserver> show scope"

you do not need to set <agent>1</agent> since you are not using agentless User-ID, change that to 0

also are you using the latest script ? the latest script supports multiple DHCP scope.

Thank you for the help. I realized my first mistake when I tried to run "nets DHCP" manually (from the server) - Since I didn't have a DHCP role or RSAT tools installed I didn't have the necessary helper DLL to run the command. I've since installed the tools and now I can run nets DHCP, and I see my MAC in the list. I added the "echo" line to my script and manually ran the script with my MAC, but I never did get an echo to the screen. Here is my latest debug after making the change. Any other suggestions?

===================================================================================================================================

UID Script triggered at 11/18/2013 8:20:42 AM

Capturing arguments...

Script executed with arguments: "testuser" 94-94-26-E4-CD-CA

Loading Exclusions...

Exclusions loaded successfully

DHCP Lease query for Windows Event User: testuser Calling Station ID: 94-94-26-E4-CD-CA Querying DHCP Servers: 192.168.1.66

Not machine auth event

DHCP Server: dc.nscorp.local

Defining scopes:

       10.2.86.0

       192.168.1.0

       192.168.10.0

       192.168.20.0

       192.168.21.0

       192.168.22.0

       192.168.30.0

       192.168.31.0

       192.168.32.0

       192.168.33.0

       192.168.34.0

       192.168.35.0

       192.168.36.0

       192.168.37.0

       192.168.38.0

       192.168.40.0

       192.168.51.0

       192.168.52.0

Searching DHCP leases for 949426e4cdca

       SCOPE: 10.2.86.0

       SCOPE: 192.168.1.0

       SCOPE: 192.168.10.0

       SCOPE: 192.168.20.0

       SCOPE: 192.168.21.0

       SCOPE: 192.168.22.0

       SCOPE: 192.168.30.0

       SCOPE: 192.168.31.0

       SCOPE: 192.168.32.0

       SCOPE: 192.168.33.0

       SCOPE: 192.168.34.0

       SCOPE: 192.168.35.0

       SCOPE: 192.168.36.0

       SCOPE: 192.168.37.0

       SCOPE: 192.168.38.0

       SCOPE: 192.168.40.0

       SCOPE: 192.168.51.0

       SCOPE: 192.168.52.0

UID Script finished execution at 11/18/2013 8:21:11 AM Run-time: 29 seconds

===================================================================================================================================

I laid down a new copy of the script and it appears to be working now! I may have altered the script somewhere in my troubleshooting. Ultimately the problem was with the DHCP tools. Also, I tried setting the agent to "0" and that failed. Once I set it back to "1" it worked. It looks like "0" is for agent less and "1" is for agent-based. Thanks for the help on this!

yes, you are correct, sorry my mistake

an agent/agentless flag, 1 = software agent, 0 = agentless, submitting to device

L1 Bithead

I have the same problem with Windows 2012 NPS. Here is my UIDConfig.

 

<useridscriptconfig>
<wireless-lan-controllers>
<wlc>1.1.1.1</wlc>
<wlc>1.1.1.2</wlc>
</wireless-lan-controllers>
<Domain>RACHAPREUK</Domain>
<LogPath>C:\Windows\System32\LogFiles\</LogPath>
<LogFormat>DHCP</LogFormat>
<AgentServer>192.168.1.31</AgentServer>
<AgentPort>5006</AgentPort>
<Debug>2</Debug>
<DHCPServer>RCP-AD1.RACHAPREUK.LOCAL</DHCPServer>
<Key>Key</Key>
<VSYS>vsys1</VSYS>
<Agent>1</Agent>
<Timeout>20</Timeout>
</useridscriptconfig>

 

And I got this from UIDDebug

Posting mapping: <uid-message><version>1.0</version><scriptv>5.8ps</scriptv><type>update</type><payload><login><entry name="RACHAPREUK\first" ip="192.168.25.14"/></login></payload></uid-message>
Local agent installed, posting data to https://192.168.1.31:5006/
Starting post

 

Please anyone help?

  • 1 accepted solution
  • 4541 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!