11-15-2013 12:11 PM
I followed the following guide here:
PANOS 5.0 User-ID Installation and configuration including integration guide with Microsoft NPS
I am able to capture the 6272 Windows Events and pass them to the UIDRADIUSScript.vbs, but I am having issues at that point. I have debugging enabled in UIDConfig.xml, and here is a sample of the output I get, it appears I am unable to obtain the DHCP scopes.
===================================================================================================================================
UID Script triggered at 11/15/2013 10:08:25 AM
Capturing arguments...
Script executed with arguments: "testuser" 94-94-26-E4-CD-CA
Loading Exclusions...
Exclusions loaded successfully
DHCP Lease query for Windows Event User: testuser Calling Station ID: 94-94-26-E4-CD-CA Querying DHCP Servers: 192.168.1.66
Not machine auth event
DHCP Server: 192.168.1.66
Defining scopes:
Searching DHCP leases for 949426e4cdca
SCOPE:
UID Script finished execution at 11/15/2013 10:08:25 AM Run-time: 0 seconds
===================================================================================================================================
Here is my UIDConfig.xml
<?xml version="1.0" encoding="UTF-8"?>
<user-id-script-config>
<wireless-lan-controllers>
<wlc>1.1.1.1</wlc>
<wlc>1.1.1.2</wlc>
</wireless-lan-controllers>
<domain>NSCORP</domain>
<LogPath>C:\Windows\System32\LogFiles\npsaccounting\</LogPath>
<LogFormat>DHCP</LogFormat>
<AgentServer>127.0.0.1</AgentServer>
<AgentPort>5006</AgentPort>
<Debug>2</Debug>
<DHCPServer>dc.nscorp.local</DHCPServer>
<Key>key</Key>
<VSYS>vsys0</VSYS>
<Agent>1</Agent>
<Timeout>20</Timeout>
</user-id-script-config>
I am running the script as a domain admin, and I also added the domain admin to the DHCP Users group as instructed in the guide. My NPS server and User-ID agent are running on the same server, my DHCP server is running on another server.
11-18-2013 12:42 AM
Hi,
can you modify the script and add the green line please
Function PostToAgent(strUserAgentData)
sUrl = "https://" & strAgentServer & ":" & strAgentPort & "/"
On Error Resume NextxmlHttp.open "put", sUrl, False
xmlhttp.setRequestHeader "Content-type", "text/xml"
xmlHttp.setOption 2, 13056
WScript.Echo(strUserAgentData) xmlHttp.send(strUserAgentData) xmlHttp.closeEnd Function
then can you run the script manually by executing the below command from command prompt ?
UIDRADIUSScript.vbs "test" 001b631c023c
you need to replace the MAC address with a valid one. check your DHCP server for a valid mac address.
also try to run this command manually and see if you can get the result "netsh dhcp server \\<dhcpserver> show scope"
you do not need to set <agent>1</agent> since you are not using agentless User-ID, change that to 0
also are you using the latest script ? the latest script supports multiple DHCP scope.
11-18-2013 12:42 AM
Hi,
can you modify the script and add the green line please
Function PostToAgent(strUserAgentData)
sUrl = "https://" & strAgentServer & ":" & strAgentPort & "/"
On Error Resume NextxmlHttp.open "put", sUrl, False
xmlhttp.setRequestHeader "Content-type", "text/xml"
xmlHttp.setOption 2, 13056
WScript.Echo(strUserAgentData) xmlHttp.send(strUserAgentData) xmlHttp.closeEnd Function
then can you run the script manually by executing the below command from command prompt ?
UIDRADIUSScript.vbs "test" 001b631c023c
you need to replace the MAC address with a valid one. check your DHCP server for a valid mac address.
also try to run this command manually and see if you can get the result "netsh dhcp server \\<dhcpserver> show scope"
you do not need to set <agent>1</agent> since you are not using agentless User-ID, change that to 0
also are you using the latest script ? the latest script supports multiple DHCP scope.
11-18-2013 06:40 AM
Thank you for the help. I realized my first mistake when I tried to run "nets DHCP" manually (from the server) - Since I didn't have a DHCP role or RSAT tools installed I didn't have the necessary helper DLL to run the command. I've since installed the tools and now I can run nets DHCP, and I see my MAC in the list. I added the "echo" line to my script and manually ran the script with my MAC, but I never did get an echo to the screen. Here is my latest debug after making the change. Any other suggestions?
===================================================================================================================================
UID Script triggered at 11/18/2013 8:20:42 AM
Capturing arguments...
Script executed with arguments: "testuser" 94-94-26-E4-CD-CA
Loading Exclusions...
Exclusions loaded successfully
DHCP Lease query for Windows Event User: testuser Calling Station ID: 94-94-26-E4-CD-CA Querying DHCP Servers: 192.168.1.66
Not machine auth event
DHCP Server: dc.nscorp.local
Defining scopes:
10.2.86.0
192.168.1.0
192.168.10.0
192.168.20.0
192.168.21.0
192.168.22.0
192.168.30.0
192.168.31.0
192.168.32.0
192.168.33.0
192.168.34.0
192.168.35.0
192.168.36.0
192.168.37.0
192.168.38.0
192.168.40.0
192.168.51.0
192.168.52.0
Searching DHCP leases for 949426e4cdca
SCOPE: 10.2.86.0
SCOPE: 192.168.1.0
SCOPE: 192.168.10.0
SCOPE: 192.168.20.0
SCOPE: 192.168.21.0
SCOPE: 192.168.22.0
SCOPE: 192.168.30.0
SCOPE: 192.168.31.0
SCOPE: 192.168.32.0
SCOPE: 192.168.33.0
SCOPE: 192.168.34.0
SCOPE: 192.168.35.0
SCOPE: 192.168.36.0
SCOPE: 192.168.37.0
SCOPE: 192.168.38.0
SCOPE: 192.168.40.0
SCOPE: 192.168.51.0
SCOPE: 192.168.52.0
UID Script finished execution at 11/18/2013 8:21:11 AM Run-time: 29 seconds
===================================================================================================================================
11-18-2013 07:25 AM
I laid down a new copy of the script and it appears to be working now! I may have altered the script somewhere in my troubleshooting. Ultimately the problem was with the DHCP tools. Also, I tried setting the agent to "0" and that failed. Once I set it back to "1" it worked. It looks like "0" is for agent less and "1" is for agent-based. Thanks for the help on this!
11-18-2013 12:33 PM
yes, you are correct, sorry my mistake
an agent/agentless flag, 1 = software agent, 0 = agentless, submitting to device
07-10-2018 12:59 AM
I have the same problem with Windows 2012 NPS. Here is my UIDConfig.
<useridscriptconfig>
<wireless-lan-controllers>
<wlc>1.1.1.1</wlc>
<wlc>1.1.1.2</wlc>
</wireless-lan-controllers>
<Domain>RACHAPREUK</Domain>
<LogPath>C:\Windows\System32\LogFiles\</LogPath>
<LogFormat>DHCP</LogFormat>
<AgentServer>192.168.1.31</AgentServer>
<AgentPort>5006</AgentPort>
<Debug>2</Debug>
<DHCPServer>RCP-AD1.RACHAPREUK.LOCAL</DHCPServer>
<Key>Key</Key>
<VSYS>vsys1</VSYS>
<Agent>1</Agent>
<Timeout>20</Timeout>
</useridscriptconfig>
And I got this from UIDDebug
Posting mapping: <uid-message><version>1.0</version><scriptv>5.8ps</scriptv><type>update</type><payload><login><entry name="RACHAPREUK\first" ip="192.168.25.14"/></login></payload></uid-message>
Local agent installed, posting data to https://192.168.1.31:5006/
Starting post
Please anyone help?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
