https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/kerberos-information-not-showing-in-nac/m-p/61158#M7569 Hi Martin.<BR /> <BR /> can be related to reauthentication? Some properties are updated only in end-system history and not in the end-system table. Not sure if it is the case with username.<BR /> <BR /> Z. Fri, 24 May 2019 13:20:51 GMT Zdeněk_Pala 2019-05-24T13:20:51Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/kerberos-information-not-showing-in-nac/m-p/61156#M7567 Hi,<BR /> <BR /> Have this working on another site, but trying to replicate it I cannot seem to get it working or find any step I'm missing?<BR /> <BR /> The switch firmware is 22.4.1.4-patch1-2<BR /> XMC / Control is 8.2.4.55<BR /> <BR /> The configuration on the switch is as follows:<BR /> <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">create xml-notification target nac-target_10.1.0.85 url https://10.1.0.85:8443/axis/services/event vr VR-Default<BR />configure xml-notification target nac-target_10.1.0.85 user admin<BR /><BR />Extreme@pp<BR /><BR />configure xml-notification target nac-target_10.1.0.85 from 10.1.10.38<BR />configure xml-notification target nac-target_10.1.0.85 add idMgr<BR />enable xml-notification "nac-target_10.1.0.85"<BR /><BR />enable ip-security dhcp-snooping vlan Staff ports all violation-action none<BR />enable ip-security dhcp-snooping vlan Students ports all violation-action none<BR /><BR />configure trusted-ports 51 trust-for dhcp-server<BR /><BR />configure identity-management kerberos snooping add server 10.1.10.71<BR />configure identity-management kerberos snooping add server 10.1.10.72<BR />configure identity-management kerberos snooping add server 10.1.10.70<BR />configure identity-management kerberos snooping add server 10.1.0.74<BR />configure identity-management kerberos snooping add server 10.1.0.75<BR />configure identity-management kerberos snooping add server 10.1.0.73<BR /></PRE></DIV><BR /> <BR /> When you look at XML notification it looks fine:<BR /> <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false"># show xml-notification statistics <BR /><BR />Target Name : nac-target_10.1.0.85<BR />Server URL : https://10.1.0.85:8443/axis/services/event<BR />Server Queue Size : 100 <BR />Enabled : yes <BR />Connection Status : connected <BR />Events Received : 16 <BR />Connection Failures : 0 <BR />Events Sent Success : 16 <BR />Events Sent Failed : 0 <BR />Events Dropped : 0 <BR /></PRE></DIV><BR /> <BR /> Idmgr also looks fine. I've replaced sensitive information with x's:<BR /> <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false"># show identity-management entries <BR />ID Name/ Flags Port MAC/ VLAN Role <BR />Domain Name IP<BR />--------------------------------------------------------------------------------<BR />xxxxxxxx --k- 43 a4:4c:c8:a9:56:be business(1) authenticated<BR />BUSINESS.xxxx.AC.UK 10.1.24.171(1) <BR />xxxxxxxx --k- 13 a4:4c:c8:dd:fa:6c business(1) authenticated<BR />BUSINESS.xxxx.AC.UK 10.1.24.82(1) <BR />xxxxxxxx --k- 33 48:ba:4e:61:a4:23 business(1) authenticated<BR />BUSINESS.xxxx.AC.UK 10.1.27.80(1) <BR />xxxxxxxx --k- 21 18:66:da:2b:92:cc academic(1) authenticated<BR />BUSINESS.xxxx.AC.UK 10.0.25.151(1) <BR />xxxxxxxx --k- 5 18:db:f2:44:b4:4e business(1) authenticated<BR />BUSINESS.xxxx.AC.UK 10.1.24.170(1) <BR /></PRE></DIV><BR /> <BR /> <BR /> When I look up any of these end-system in XMC I should see the authentication as 'Kerberos' and the 'User Name' filled in with the username show in idmgr.<BR /> <BR /> Currently I have MAC auth enabled on the ports only.<BR /> <BR /> XMC Connect Extreme Control Module has the kerberos function enabled. When I enable debug mode I believe the below is showing me the process is working, but no mention of the devices and type of authentication:<BR /> <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">2019-05-22 10:23:30,295 DEBUG [com.enterasys.fusion.modules.NetSightHandler] ES Group Storage: Retrieved data for endsystem group [Web Authenticated Users]: com.enterasys.fusion.common.EndSystemGroup@2cc952ee[approvalRequired=false,description=End-Systems that have authenticated through the NAC web interface and been granted permission to access the network,lastUpdate=May 22, 2019 10:23:30 AM,name=Web Authenticated <BR /></PRE></DIV><BR /> <BR /> I'm seeing all the end-system information like IP, Hostname, Device type &amp; family, but not the user name.<BR /> <BR /> Just wondering if anyone has any ideas.<BR /> <BR /> Thanks in advance Wed, 22 May 2019 21:21:44 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/kerberos-information-not-showing-in-nac/m-p/61156#M7567 Anonymous 2019-05-22T21:21:44Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/kerberos-information-not-showing-in-nac/m-p/61157#M7568 Well perhaps it was just because I wasn't patient enough, but had to leave it at least an hour (I believe) and it started working!<BR /> <BR /> There is probably a very logical explanation for that, but least I know the configuration works  Wed, 22 May 2019 22:39:30 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/kerberos-information-not-showing-in-nac/m-p/61157#M7568 Anonymous 2019-05-22T22:39:30Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/kerberos-information-not-showing-in-nac/m-p/61158#M7569 Hi Martin.<BR /> <BR /> can be related to reauthentication? Some properties are updated only in end-system history and not in the end-system table. Not sure if it is the case with username.<BR /> <BR /> Z. Fri, 24 May 2019 13:20:51 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/kerberos-information-not-showing-in-nac/m-p/61158#M7569 Zdeněk_Pala 2019-05-24T13:20:51Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/kerberos-information-not-showing-in-nac/m-p/61159#M7570 Thanks for replying Z, sounds logical  Tue, 28 May 2019 03:51:32 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/kerberos-information-not-showing-in-nac/m-p/61159#M7570 Anonymous 2019-05-28T03:51:32Z