NAC Unable to reach the appliance

  • 2
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
Hello, everybody!

I have installed NAC in a virtual machine and the installation process completed successfully. I have installed NAC license and can ping address of the machine from everywhere. However, from Netsight server I can't get access to NAC appliance using NAC console. The NAC Appliance is accessible over http:\\x.x.x.x:8080 and :8443

How can I use this sophisticated software??? Please, help! The only reason to use NAC is ExtremeWifi can't provide (Out-of-box, I mean) authentications for users when client has more than 1 Active Directory Domain!!! 

Please, take a look at the picture below. I get this message and don't know what to do.

Many thanks in advance,

Ilya


Photo of Ilya Semenov

Ilya Semenov

  • 4,384 Points 4k badge 2x thumb

Posted 2 years ago

  • 2
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,086 Points 20k badge 2x thumb
During the initial setup of the NAC you'd need to set certain parameters like Netsight IP, SNMP community...

Then you'd need to add the NAC to the Netsight console as a device with this SNMP parameters so Netsight could communicate via SNMP to the NAC.

Have you done that ?
Photo of Keene, Scott

Keene, Scott, Employee NMS/GTAC

  • 1,348 Points 1k badge 2x thumb
Just to clarify, SNMP is not used to manage a NAC appliance from NAC Manager, but rather, a secure TCP connection. SNMP can be used to monitor the NAC from NetSight Console, if so desired, but this is optional when adding a new NAC to NAC Manager and has no bearing on NAC appliance / NAC Manager communication.  
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,086 Points 20k badge 2x thumb
Photo of Keene, Scott

Keene, Scott, Employee NMS/GTAC

  • 1,348 Points 1k badge 2x thumb
Hello,

SNMP is not used to manage a NAC appliance from NAC Manager, but rather, a secure TCP connection.  Please make sure these ports are open between the NAC and NetSight server:

https://gtacknowledge.extremenetworks.com/articles/Solution/NAC-Appliance-is-red-in-NAC-Manager/

Also make sure the credentials havnt been changed prior to adding a new NAC:

https://gtacknowledge.extremenetworks.com/articles/Solution/New-NAC-Appliance-Green-in-NetSight-Cons...

If you continue to have issues you should open a case with the Extreme GTAC.


Regards,

Scott Keene
(Edited)
Photo of Ilya Semenov

Ilya Semenov

  • 4,384 Points 4k badge 2x thumb
Gentlemen,

there is one more question appeared: how can I check whether NAC was properly installed?

I've found a lot of useful command to be executed over CLI, try to connect to my NAC over SSH and can't execute them, for example:

root@nac:~# nacconfig
nacconfig: command not found

Please, take a look at this:

root@nac:~# find.
./NetSight
./NetSight/Console
./NetSight/Console/Options
./NetSight/.netsightLogin
./NetSight/Options
./.bash_history
./.vimrc
./.ubuntu-postinst.sh
./.profile
./.cache
./.cache/motd.legal-displayed
./.bashrc
./scripts
./scripts/webserviceclient.php
./scripts/nacstatus
./scripts/nachelp
./scripts/isEarlier
./scripts/connTest.php
./scripts/echoTagConfig.php
./scripts/managelogs
./scripts/naccapture
./scripts/wsCall.php
./scripts/expandLVM.sh
./firmware
./firmware/images
./.aptitude
./.aptitude/cache
./.aptitude/config
./.java
./.java/fonts
./.java/fonts/1.7.0_79
./.java/fonts/1.7.0_79/fcinfo-1-nac-Ubuntu-12.04-en.properties
./.postinstall
root@nac:~#


AND at this also...(below). Is everything OK with my NAC installation?

root@nac:~# nacstatuscat: /usr/local/Extreme_Networks/nac/mgmtServerIP: No such file or directory
cat: /usr/postinstall/network.properties: No such file or directory
cat: /usr/postinstall/network.properties: No such file or directory

#-------------------------------------------------------------------------------
# NAC Status
#-------------------------------------------------------------------------------

NAC Device Type:    NSV
NAC Device Version: 6.3.0.179
NAC OS Version:     Ubuntu 12.04lts (64bit)
Management IP:




PHP Warning:  fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
PHP Warning:  filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
Unable to retrieve credentials to run Connectivity Test.



#-------------------------------------------------------------------------------
# NetSight Server Name Resolution
#-------------------------------------------------------------------------------

Cound not find ApplianceConfiguration.xml in /usr/local/Extreme_Networks/nac/server/config

#-------------------------------------------------------------------------------
# NAC Server Name Resolution
#-------------------------------------------------------------------------------

Cound not find ApplianceConfiguration.xml in /usr/local/Extreme_Networks/nac/server/config

#-------------------------------------------------------------------------------
# Communications Diagnostics
#-------------------------------------------------------------------------------




PHP Warning:  fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
PHP Warning:  filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
Unable to retrieve credentials to run Connectivity Test.



#-------------------------------------------------------------------------------
# Appliance License and Capacity Diagnostics
#-------------------------------------------------------------------------------




PHP Warning:  fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
PHP Warning:  filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
Unable to retrieve credentials to run Connectivity Test.



#-------------------------------------------------------------------------------
# Distributed Cache Diagnostics
#-------------------------------------------------------------------------------




PHP Warning:  fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
PHP Warning:  filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
Unable to retrieve credentials to run Connectivity Test.



#-------------------------------------------------------------------------------
# Process Status
#-------------------------------------------------------------------------------




PHP Warning:  fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
PHP Warning:  filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
Unable to retrieve credentials to run Connectivity Test.



#-------------------------------------------------------------------------------
# Most Recent Errors from /var/log/syslog
#-------------------------------------------------------------------------------


#-------------------------------------------------------------------------------
# Most Recent Actions from /var/log/watchdog.log
#-------------------------------------------------------------------------------

tail: cannot open `/var/log/watchdog.log' for reading: No such file or directory

#-------------------------------------------------------------------------------
# Most Recent Errors from /var/log/tag.log
#-------------------------------------------------------------------------------

tail: cannot open `/var/log/tag.log' for reading: No such file or directory

#-------------------------------------------------------------------------------
# Most Recent Errors from /var/log/radius/radius.log
#-------------------------------------------------------------------------------

tail: cannot open `/var/log/radius/radius.log' for reading: No such file or directory

#-------------------------------------------------------------------------------
# ProxyRedirect status
#-------------------------------------------------------------------------------

ProxyRedirector threads running: 0

#-------------------------------------------------------------------------------
# NetSight server status
#-------------------------------------------------------------------------------

Checking Status of Network Access Control & Network Access Control RADIUS Server:
    Network Access Control Server is NOT running...
    Network Access Control RADIUS Server is NOT running...

Run '/sbin/nacctl restart'.

#-------------------------------------------------------------------------------
# Hostname Information
#-------------------------------------------------------------------------------

Hostname: nac.spbstu.ru
#
# hosts     This file describes a number of hostname-to-address
#       mappings for the TCP/IP subsystem.  It is mostly
#       used at boot time, when no name servers are running.
#       On small systems, this file can be used instead of a
#       "named" name server.  Just add the names, addresses
#       and any aliases to this file...
#
# By the way, Arnt Gulbrandsen <agulbra@nvg.unit.no> says that 127.0.0.1
# should NEVER be named with the name of the machine.  It causes problems
# for some (stupid) programs, irc and reputedly talk. :^)
#

# For loopbacking.
127.0.0.1 localhost
192.168.245.238 nac.spbstu.ru nac

# End of hosts.

#-------------------------------------------------------------------------------
# NTP Status
#-------------------------------------------------------------------------------

NTP is enabled.

NTP peers
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*cnd-b1.spbstu.r 89.109.251.24    2 u  392 1024  377    0.583   -6.112   6.576

#-------------------------------------------------------------------------------
# Date and Time Settings
#-------------------------------------------------------------------------------

Local Time: Wed May 25 18:17:24 MSK 2016
Universal Time: Wed May 25 14:17:24 UTC 2016
Timezone: Europe/Moscow

#-------------------------------------------------------------------------------
# DNS Configuration
#-------------------------------------------------------------------------------

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 194.190.225.226
nameserver 195.209.230.198
search spbstu.ru

#-------------------------------------------------------------------------------
# nslookup
#-------------------------------------------------------------------------------

>


Many thanks in advance,

Ilya
Photo of Keene, Scott

Keene, Scott, Employee NMS/GTAC

  • 1,348 Points 1k badge 2x thumb
It sounds like this isnt really a NAC appliance if the nacconfig isnt working and the directories are missing.  You should re-iso the appliance in this case.

-Scott
Photo of Keene, Scott

Keene, Scott, Employee NMS/GTAC

  • 1,348 Points 1k badge 2x thumb
..or somehow it has become corrupt. I would not use it and re-iso.
Photo of Ilya Semenov

Ilya Semenov

  • 4,384 Points 4k badge 2x thumb
Many thanks to everybody!

I have installed the NAC, the licenses were also applied, now it's green at the console tree.

Now the task is configure authentication for users in two AD domains using Internal Captive Portal on C5210 and MS RADIUS (NPS).