Ok ... wasted hours on that. Their interface had an intermediate page saying the password would expire in X that was throwing everything off. Once I reset the password, that got rid of the nag screen and now everything is working again.
First Cup of Ubuntu
Ok ... wasted hours on that. Their interface had an intermediate page saying the password would expire in X that was throwing everything off. Once I reset the password, that got rid of the nag screen and now everything is working again.
5 Cups of Ubuntu
Ok, i've managed to get one step further through my issues now...
I changed the Realm configured in junipernc to be correct for our setup.
Now, instead of an Error 104 as below, i'm now getting the following:
NCUI.log shows:gavinw@Prometheus:~$ junipernc
Searching for ncsvc in current working directory
Searching for ncsvc in /home/gavinw/.juniper_networks/network_connect done.
ncapp> Failed to connect/authenticate with IVE. Error 5
The issue now appears to be that it's not picking up the necessary client certificate, and getting rejected by the IVE...20091202220455.202082 ncui[14829] dsclient.info <-- 302 https://vpn.card.co.uk/dana-na/auth/....cgi?p=no-cert (authenticate.cpp:168)
20091202220455.202402 ncui[14829] dsclient.info state: kStateError (dsclient.cpp:363)
20091202220455.202932 ncui[14829] ncapp.error Failed to connect/authenticate with IVE. Error 5 (ncapp.cpp:174)
Will have to raise a call with JTAC when I can...
Cheers
Gavin
Originally Posted by fatmcgav
First Cup of Ubuntu
well, i'm not sure if I follow everything in this thread, but I've just updated to 64 bit ubuntu for the first time and according to this thread (as best I can tell), the only way to connect to the vpn in 64 bit is to use madscientist's script? because the browser won't launch a 64 bit plugin?
regardless, I think I'm close to getting the junipernc script working, but like lakerol said, our server requires two (2) passwords... one regular password and one PIN+RSA_token... since the junipernc script only prompts me once, I'm assuming this is why it is failing with the error:
ncapp> Failed to connect/authenticate with IVE. Error 10
any idea on how to log into a 2 password server on 64 bit? I don't mind using the web browser instead of junipernc if I can get it to work.
First Cup of Ubuntu
Hi All
I'm attaching to this thread as I have some issue at the very end when running 'junippernc' script from madscientist.
First big thanks to madscientist for this really great job.
I went through this thread and also googled for information but couldn't find anything useful.
With 'junippernc' script I am able go to the point where the Network Connect GUI starts and attempts to connect to the VPN. After a few seconds I get such error:
ncapp> Failed to connect/authenticate with IVE. Error 10
I see some error when I look in the: .juniper_networks/network_connect$ cat ncsvc.log
20091213155006.501908 ncsvc[6811] dsclient.info <-- 200 (authenticate.cpp:168)
20091213155006.502012 ncsvc[6811] dsclient.info state: kStatePostCacheCleaner (dsclient.cpp:334)
20091213155006.502053 ncsvc[6811] dsclient.info --> POST /dana-na/cc/ccupdate.cgi (authenticate.cpp:136)
20091213155007.353933 ncsvc[6811] dsclient.info <-- 200 (authenticate.cpp:168)
20091213155007.354012 ncsvc[6811] dsclient.error state post auth cache cleaner failed, error 10 (dsclient.cpp:336)
Additional Info:
1) My VPN site requires user/realm/password.
2) I am using Kubuntu 9.10 (Karmic)
3) ncsvc version is:
krzysiek@delta:~/.juniper_networks/network_connect$ ./ncsvc -v
Juniper Network Connect Server for Linux.
Version : 6.3
Release Version : 6.3-0-Build14121
Build Date/time : Mar 26 2009 19:06:48
Copyright 2001-2008 Juniper Networks
If anyone had similar issue please share your solutions on that. Thanks in advance.
krzychosz
5 Cups of Ubuntu
Re: HOWTO set up Juniper Network Connect VPN on Ubuntu Dapper
I am getting similar errors -
[~]$ junipernc -nogui
Connecting to bng-access.juniper.net : 443
[~]$ junipernc
Searching for ncsvc in current working directory
Searching for ncsvc in /home/mayankr/.juniper_networks/network_connect done.
ncapp> Failed to connect/authenticate with IVE. Error 104
ncapp> Incorrect credentials. Please check the username/password/realm.
For -nogui it simply restarts with the dialog box VPN quit successfully. Without it the Network Connect window opens and I get the unable to connect to IVE dialog box.
The logs are as below -
[~/.juniper_networks/network_connect]$ cat ncui.log
20091216195523.339723 ncui[6548] ncapp.info New ncapp log level set to 3 (nccommon.cpp:75)
20091216195523.339784 ncui[6548] ncapp.info Version : 6.3
Release Version : 6.3-0-Build13881
Build Date/Time : Jan 22 2009
Copyright 2001-2008 Juniper Networks
(ncapp.cpp:152)
20091216195523.348358 ncui[6548] dsclient.info state: kStateSignin (dsclient.cpp:238)
20091216195523.348406 ncui[6548] dsclient.info --> GET / (authenticate.cpp:136)
20091216195523.349309 ncui[6548] dsclient.info <-- 302 https://xxx-xxxxxx.xxxx/auth/url_default/welcome.cgi (authenticate.cpp:168)
20091216195523.349348 ncui[6548] dsclient.info state: kStateWelcome (dsclient.cpp:246)
20091216195523.349368 ncui[6548] dsclient.info --> GET /xxx/auth/url_default/welcome.cgi (authenticate.cpp:136)
20091216195523.362383 ncui[6548] dsclient.info <-- 200 (authenticate.cpp:168)
20091216195523.362560 ncui[6548] dsclient.info state: kStateLogin (dsclient.cpp:278)
20091216195523.362587 ncui[6548] dsclient.info --> POST /xxx/auth/url_default/login.cgi (authenticate.cpp:136)
20091216195528.893456 ncui[6548] dsclient.info <-- 302 https://xxxxxxxxxxxxxx.xxx/xxx/auth/...igninRealmId=4 (authenticate.cpp:168)
20091216195528.893614 ncui[6548] dsclient.info state: kStatePostAuth (dsclient.cpp:318)
20091216195528.893685 ncui[6548] dsclient.info --> GET /xxx/auth/url_default/welcome.cgi?p=preauth&id=state_218aa74&signinRealm Id=4 (authenticate.cpp:136)
20091216195528.910979 ncui[6548] dsclient.info <-- 200 (authenticate.cpp:168)
20091216195528.911061 ncui[6548] dsclient.info state: kStatePostCacheCleaner (dsclient.cpp:334)
20091216195528.911108 ncui[6548] dsclient.info --> POST /xxx/cc/ccupdate.cgi (authenticate.cpp:136)
20091216195528.920852 ncui[6548] dsclient.info <-- 200 (authenticate.cpp:168)
20091216195528.920921 ncui[6548] dsclient.error state post auth cache cleaner failed, error 10 (dsclient.cpp:336)
20091216195528.921088 ncui[6548] ncapp.error Failed to connect/authenticate with IVE. Error 10 (ncapp.cpp:174)
I am not sure what Realm ID it is taking. The source showed - "RSA Secure ID". How can this be checked/reset?
It appears from the script this is fetched automatically so don't know what I am missing.
Last edited by mynk; December 16th, 2009 at 03:39 PM.
Gee! These Aren't Roasted!
Unfortunately I'm no expert in Juniper software so there's little I can say once the application starts up... if it doesn't connect after that then you'll need someone who knows a lot more about Juniper's VPN solution and the various ways that the server side can be configured.
I will say that my login also requires 3 items: my username, the realm, and a passcode... which in my case is a PIN plus a 6-digit number provided by a RSA SecurID fob/card. But, I suppose this could also just be a plain password, if you don't want to go to the time/expense of integrating with RSA (I have no idea if this is an option).
In previous posts, people have said they need "two" passwords, but then they list username/realm/password... what's the "other" password?
Is anyone in this situation able to connect at all, even with the web interface? If you can then one thing you can try is replacing the ncsvc application with a simple shell script that just prints its arguments to a temporary file... that's a simple way to find out how the command is being invoked, and how the passwords/etc. you are entering into the web interface are being passed to the command. If you can connect via the web and want more help with this, let me know.
"Please remain calm...I may be mad, but I am a professional." --Mad Scientist
5 Cups of Ubuntu
Thanks a lot for the effort madscientist.
We have a similar login like yours with 6 digit RSA SecureID. It works like a charm on 32 bit karmic/mint through web interface. I need to check if junipernc works on that. It might give some clues.
Will check at work about it also.
5 Cups of Ubuntu
Thanks a lot for the effort madscientist.
We have a similar login like yours with 6 digit RSA SecureID. It works like a charm on 32 bit karmic/mint through web interface. I need to check if junipernc works on that. It might give some clues.
Will check at work about it also.
First Cup of Ubuntu
Hi again
I was desperate to get it running so I decided to reinstall my kubuntu to a 32bit. Previously I had x86_64. Of course first I checked it in Virtualbox.
The observations are as follows:
1. I can connect to the VPN using regular web based interface. It starts Network Connect and everything works perfect.
2. Next I tried the 'junippernc' script. I was supprised but it doesn't work the same way as in my previous x86_64 (post #304).
3. I have done a parameters sniffer scrpt as suggested by madscientist. The script is as follows:
~/.juniper_networks/network_connect/ncsvc
Unfortunately the expected file /tmp/junipper-options.txt is not created. Perhaps the Network Connect checks whether the ncsvc is a correct binary to call (some CRC check?) - just guessing.Code:#!/bin/bash echo "junipper parameters:" > /tmp/junipper-options.txt while (($#)); do echo $1 >> /tmp/junipper-options.txt shift done
Let me know if you have any suggestions about the 3-rd
krzychosz
5 Cups of Ubuntu
There is a small error in this script at line 303:
jbit=`file -L -b "$java" | sed -n 's/.*ELF \([0-9]*\).*/\1/'p`
needs to be:
jbit=`file -L -b "$JAVA" | sed -n 's/.*ELF \([0-9]*\).*/\1/'p`
(Make the "$java" uppercase).
- Bruce
Posting Permissions
Adv Reply
Bookmarks