Hi, I just deployed Packetfence ZEN in our VMware cluster. I want to authenticate wifi 802.1x users + device MAC address through Packetfence against our AD, and dynamically assign a VLAN to the user depending on the assigned role. The wifi controller I'm using is Mikrotik CAPSMAN.
So far, I've managed to add the AD sources for authentication, and configured the CAPSMAN controller on Packetfence. Now I'm experiencing random problems when a user is trying to connect. The problems range from no working connection to failure (device gets connected to wifi SSID, but no traffic goes through, or it takes as long as 20-30 seconds to get DHCP answer), to authenticate new users against AD (previously authenticated users seem to work, though). It works sometimes, but other times it doesn't. Can't figure out what's the problem. I've been trying to run some debugging, but also found some problems with the debugging tools mentioned on the manuals. For example, when trying to test AD credentials, the installation manual (chapter 16.7) says to use: #radtest <username> <pass> <server>:18120 12 testing123 (I'm running this command from CLI on the same packetfence server) But port 18120 is not open on localhost, so I try with port 1812, that is open. If I check on log file /usr/local/pf/logs/radius.log, I see the "server is not managed by packetfence". Although chapter 16.7 doesn't mention if it's necessary to define a new switch, I guess that is indeed necessary to do so. So I have defined a new switch on Configuation -> Policies and Access Control -> Network Devices -> Switches. If I try radtest again, now I get a different error message in radius.log: "rejected in post-auth: [username] (from client localhost port 12)", but still not working. I wanted to try radtest because I was seeing the following error while running "raddebug -f /usr/local/pf/var/run/radiusd.sock" when authenticating new users against AD: "chrooted_mschap: Invalid output from ntlm_auth: expecting 'NT_KEY: ' prefix" At this point, AD auth source seems to be properly configured (as it can authenticate some users), but can't authenticate new users, I'm stuck and I don't know what else to try. I'll appreciate any suggestion. Best regards, -- Josep M. Torné jm.to...@tsiic.com<mailto:jm.to...@tsiic.com>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
