5 Replies Latest reply on Jul 14, 2014 12:47 PM by nick

    SIP2 authentication showing users as expired

    miked81 New Member

      We have a vWLAN controller running version 2.1.0.14 that provides wireless service to several library sites. We have an external SIP2 authentication server configured to authenticate users through their library credentials. About once a month or so we have an issue where one site will start reporting that all users are expired and fails the authentication. This came up again yesterday and while there were several accounts that were expired (the PA: Expiration Date attribute returned a date from last year) there were several others that had dates stretching into next year that returned as expired as well. When doing an external authentication test the test came back successful for those users.

       

      Here's what we're seeing a lot of in our logs for this one location:

      Login SIP2 user 20075000691293 at [BC:52:B7:1D:F6:FF]/10.236.16.15 has failed. AP=C_PL1. Role C_PL_Patron is expired.

       

      And here are the attributes returned for the same user during the external authentication test:

       

      'PI: User Access' => 'PIENGLISH',

      'PC: Profile' => 'COLLA',

      'BL: Patron Valid' => 'BLY',

      'AF: Screen Message' => 'AFOK',

      'PA: Expiration Date' => '20151202',

      'CQ: Patron Password Valid' => 'CQY',

      'PB: Birth Year' => undef,

      'User Name' => '20075000691293',

      'PD: Birth Date' => 'PD19820926'

       

      That's our usual return and it seems to work the rest of the time so I don't think there's a configuration issue. The only way I've found to fix the error is to restart the vWLAN controller but that's not an option during the day as it would cause an outage for several sites just to fix one.

       

      If anyone has run into this before, what have you done to correct it?

       

      Please note that we're stuck at software version 2.1.0.14 as newer versions have removed too many features that we rely on, namely the role based network access schedules that we were promised more than a year ago would be reinstated.

        • Re: SIP2 authentication showing users as expired
          nick Employee

          This particular situation would be better handled in a support ticket.   If you open a ticket please come back to this thread after it is resolved to post the solution so others can benefit from it.  You can create one using any of the methods listed below.  Please reference the URL of this thread when opening the ticket to help provide background information to our support team.

           

              - Open a webticket by clicking on this link: Create a Service Request

              - Open a ticket by emailing support@adtran.com

              - Open a ticket by phone by calling 1-888-423-8726

            • Re: SIP2 authentication showing users as expired
              nick Employee

              I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

            • Re: SIP2 authentication showing users as expired
              miked81 New Member

              Just an update on this issue for anyone that's looking. I opened a support ticket for the issue the same day that nick suggested it above. Unfortunately, since it happens randomly it hasn't occurred since I opened the ticket. I'm hoping that the issue will happen again soon so that we can have it looked at in depth.

                • Re: SIP2 authentication showing users as expired
                  yfl New Member


                  Mike,

                  I have the opposite problem. Our patrons authenticate SIP2 with a library card number. When they are done the PC reboots but the authentication remains in the vwlan. Do you use the vwlan in the same way? Do you have that issue? These are at remote rural libraries.

                  If you have the time I would like to discuss your setup. I'm running 2.4

                  Jim

                    • Re: SIP2 authentication showing users as expired
                      miked81 New Member

                      Jim,

                       

                      Sorry for the late response, I was away from the office for a few weeks. We don't use the vWLAN the same way, ours is used strictly for patrons bringing their own laptops to the library. It should be possible to accomplish what you want. I think what you're looking for is the connection tracking timeout. I'm not familiar with where it would be in 2.4 but in 2.1 it was under Platform > Admin > Miscellaneous. However by setting it low (ours is set to 600 seconds) you may risk people having to enter their credentials multiple times during a session. The way I understand it, if you're not actively loading a page, for instance reading a long article, the connection will start to timeout.

                       

                      Hope that helps.

                       

                      Mike