NAC Unable to reach the appliance


Userlevel 4
Hello, everybody!

I have installed NAC in a virtual machine and the installation process completed successfully. I have installed NAC license and can ping address of the machine from everywhere. However, from Netsight server I can't get access to NAC appliance using NAC console. The NAC Appliance is accessible over http:\x.x.x.x:8080 and :8443

How can I use this sophisticated software??? Please, help! The only reason to use NAC is ExtremeWifi can't provide (Out-of-box, I mean) authentications for users when client has more than 1 Active Directory Domain!!!

Please, take a look at the picture below. I get this message and don't know what to do.

Many thanks in advance,

Ilya


8 replies

Userlevel 7
During the initial setup of the NAC you'd need to set certain parameters like Netsight IP, SNMP community...

Then you'd need to add the NAC to the Netsight console as a device with this SNMP parameters so Netsight could communicate via SNMP to the NAC.

Have you done that ?
Userlevel 4
Ron wrote:

During the initial setup of the NAC you'd need to set certain parameters like Netsight IP, SNMP community...

Then you'd need to add the NAC to the Netsight console as a device with this SNMP parameters so Netsight could communicate via SNMP to the NAC.

Have you done that ?

Just to clarify, SNMP is not used to manage a NAC appliance from NAC Manager, but rather, a secure TCP connection. SNMP can be used to monitor the NAC from NetSight Console, if so desired, but this is optional when adding a new NAC to NAC Manager and has no bearing on NAC appliance / NAC Manager communication.
Userlevel 7
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-setup-and-Use-Netsight-Authorizatio...
Userlevel 4
Hello,

SNMP is not used to manage a NAC appliance from NAC Manager, but rather, a secure TCP connection. Please make sure these ports are open between the NAC and NetSight server:

https://gtacknowledge.extremenetworks.com/articles/Solution/NAC-Appliance-is-red-in-NAC-Manager/

Also make sure the credentials havnt been changed prior to adding a new NAC:

https://gtacknowledge.extremenetworks.com/articles/Solution/New-NAC-Appliance-Green-in-NetSight-Cons...

If you continue to have issues you should open a case with the Extreme GTAC.

Regards,

Scott Keene
Userlevel 4
Gentlemen,

there is one more question appeared: how can I check whether NAC was properly installed?

I've found a lot of useful command to be executed over CLI, try to connect to my NAC over SSH and can't execute them, for example:

root@nac:~# nacconfig
nacconfig: command not found

Please, take a look at this:

root@nac:~# find.
./NetSight
./NetSight/Console
./NetSight/Console/Options
./NetSight/.netsightLogin
./NetSight/Options
./.bash_history
./.vimrc
./.ubuntu-postinst.sh
./.profile
./.cache
./.cache/motd.legal-displayed
./.bashrc
./scripts
./scripts/webserviceclient.php
./scripts/nacstatus
./scripts/nachelp
./scripts/isEarlier
./scripts/connTest.php
./scripts/echoTagConfig.php
./scripts/managelogs
./scripts/naccapture
./scripts/wsCall.php
./scripts/expandLVM.sh
./firmware
./firmware/images
./.aptitude
./.aptitude/cache
./.aptitude/config
./.java
./.java/fonts
./.java/fonts/1.7.0_79
./.java/fonts/1.7.0_79/fcinfo-1-nac-Ubuntu-12.04-en.properties
./.postinstall
root@nac:~#

AND at this also...(below). Is everything OK with my NAC installation?

root@nac:~# nacstatuscat: /usr/local/Extreme_Networks/nac/mgmtServerIP: No such file or directory
cat: /usr/postinstall/network.properties: No such file or directory
cat: /usr/postinstall/network.properties: No such file or directory

#-------------------------------------------------------------------------------
# NAC Status
#-------------------------------------------------------------------------------

NAC Device Type: NSV
NAC Device Version: 6.3.0.179
NAC OS Version: Ubuntu 12.04lts (64bit)
Management IP:

PHP Warning: fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
PHP Warning: filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
Unable to retrieve credentials to run Connectivity Test.

#-------------------------------------------------------------------------------
# NetSight Server Name Resolution
#-------------------------------------------------------------------------------

Cound not find ApplianceConfiguration.xml in /usr/local/Extreme_Networks/nac/server/config

#-------------------------------------------------------------------------------
# NAC Server Name Resolution
#-------------------------------------------------------------------------------

Cound not find ApplianceConfiguration.xml in /usr/local/Extreme_Networks/nac/server/config

#-------------------------------------------------------------------------------
# Communications Diagnostics
#-------------------------------------------------------------------------------

PHP Warning: fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
PHP Warning: filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
Unable to retrieve credentials to run Connectivity Test.

#-------------------------------------------------------------------------------
# Appliance License and Capacity Diagnostics
#-------------------------------------------------------------------------------

PHP Warning: fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
PHP Warning: filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
Unable to retrieve credentials to run Connectivity Test.

#-------------------------------------------------------------------------------
# Distributed Cache Diagnostics
#-------------------------------------------------------------------------------

PHP Warning: fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
PHP Warning: filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
Unable to retrieve credentials to run Connectivity Test.

#-------------------------------------------------------------------------------
# Process Status
#-------------------------------------------------------------------------------

PHP Warning: fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
PHP Warning: filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
Unable to retrieve credentials to run Connectivity Test.

#-------------------------------------------------------------------------------
# Most Recent Errors from /var/log/syslog
#-------------------------------------------------------------------------------

#-------------------------------------------------------------------------------
# Most Recent Actions from /var/log/watchdog.log
#-------------------------------------------------------------------------------

tail: cannot open '/var/log/watchdog.log' for reading: No such file or directory

#-------------------------------------------------------------------------------
# Most Recent Errors from /var/log/tag.log
#-------------------------------------------------------------------------------

tail: cannot open '/var/log/tag.log' for reading: No such file or directory

#-------------------------------------------------------------------------------
# Most Recent Errors from /var/log/radius/radius.log
#-------------------------------------------------------------------------------

tail: cannot open '/var/log/radius/radius.log' for reading: No such file or directory

#-------------------------------------------------------------------------------
# ProxyRedirect status
#-------------------------------------------------------------------------------

ProxyRedirector threads running: 0

#-------------------------------------------------------------------------------
# NetSight server status
#-------------------------------------------------------------------------------

Checking Status of Network Access Control & Network Access Control RADIUS Server:
Network Access Control Server is NOT running...
Network Access Control RADIUS Server is NOT running...

Run '/sbin/nacctl restart'.

#-------------------------------------------------------------------------------
# Hostname Information
#-------------------------------------------------------------------------------

Hostname: nac.spbstu.ru
#
# hosts This file describes a number of hostname-to-address
# mappings for the TCP/IP subsystem. It is mostly
# used at boot time, when no name servers are running.
# On small systems, this file can be used instead of a
# "named" name server. Just add the names, addresses
# and any aliases to this file...
#
# By the way, Arnt Gulbrandsen says that 127.0.0.1
# should NEVER be named with the name of the machine. It causes problems
# for some (stupid) programs, irc and reputedly talk. :^)
#

# For loopbacking.
127.0.0.1 localhost
192.168.245.238 nac.spbstu.ru nac

# End of hosts.

#-------------------------------------------------------------------------------
# NTP Status
#-------------------------------------------------------------------------------

NTP is enabled.

NTP peers
remote refid st t when poll reach delay offset jitter
==============================================================================
*cnd-b1.spbstu.r 89.109.251.24 2 u 392 1024 377 0.583 -6.112 6.576

#-------------------------------------------------------------------------------
# Date and Time Settings
#-------------------------------------------------------------------------------

Local Time: Wed May 25 18:17:24 MSK 2016
Universal Time: Wed May 25 14:17:24 UTC 2016
Timezone: Europe/Moscow

#-------------------------------------------------------------------------------
# DNS Configuration
#-------------------------------------------------------------------------------

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 194.190.225.226
nameserver 195.209.230.198
search spbstu.ru

#-------------------------------------------------------------------------------
# nslookup
#-------------------------------------------------------------------------------

>

Many thanks in advance,

Ilya
Userlevel 4
It sounds like this isnt really a NAC appliance if the nacconfig isnt working and the directories are missing. You should re-iso the appliance in this case.

-Scott
Userlevel 4
Keene, Scott wrote:

It sounds like this isnt really a NAC appliance if the nacconfig isnt working and the directories are missing. You should re-iso the appliance in this case.

-Scott

..or somehow it has become corrupt. I would not use it and re-iso.
Userlevel 4
Many thanks to everybody!

I have installed the NAC, the licenses were also applied, now it's green at the console tree.

Now the task is configure authentication for users in two AD domains using Internal Captive Portal on C5210 and MS RADIUS (NPS).

Reply