I did have an OG realm set to LOCAL. I comented out the LOCAL and it
still fails the same way.
realm OG {
# authhost = LOCAL
# accthost = LOCAL
# nostrip
}
________________________________
From: Francois Gaudreault [mailto:[email protected]]
Sent: Monday, August 15, 2011 5:19 PM
To: [email protected]
Subject: Re: [Packetfence-users] 802.1x wireless username corruption
Tom,
Can you add your realm to proxy.conf like the following :
realm OG {
}
Let me know if it fixes the issue.
On 11-08-15 3:09 PM, Tom Fischer wrote:
I have installed PF 2.2.0 on a Centos 5.6 server to test
wireless authentication against Active Directory. I have installed Samba
and Winbind, and can manually enter the ntlm_auth command to verify
users. I have configured FreeRadius per the Admin guide, but
authentication fails. I temporarily removed the PF settings from
FreeRadius and it will successfully authenticate users. Starting radiusd
in debug mode, it seems like the username is getting mangled when passed
to EAP. I've copied the pertinent part of the log, but can provide more
if needed.
Can anyone help me?
+- entering group authorize {...}
[ntdomain] Looking up realm "OG" for User-Name = "OG\tom"
[ntdomain] Found realm "OG"
[ntdomain] Adding Realm = "OG"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[suffix] Request already proxied. Ignoring.
++[suffix] returns ok
++[preprocess] returns ok
[eap] EAP packet type response id 2 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair Calling-Station-Id = 0090.4b78.9270
rlm_perl: Added pair Called-Station-Id = 0022.90b3.9501
rlm_perl: Added pair Message-Authenticator =
0x4ee87ab12cc6ae6f53c0cb6c7ee93d5b
rlm_perl: Added pair User-Name = OG\\tom
rlm_perl: Added pair NAS-Identifier = ap
rlm_perl: Added pair EAP-Message = 0x0202000b014f475c746f6d
rlm_perl: Added pair Realm = OG
rlm_perl: Added pair EAP-Type = Identity
rlm_perl: Added pair NAS-IP-Address = x.x.x.x
rlm_perl: Added pair NAS-Port = 79397
rlm_perl: Added pair NAS-Port-Id = 79397
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Identity does not match User-Name, setting from EAP
Identity.
[eap] Failed in handler
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [OG\\\tom/<via Auth-Type = EAP>] (from client
Cisco port 79397 cli 0090.4b78.9270)
} # server packetfence
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> OG\
omm
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
------------------------------------------------------------------------
------
uberSVN's rich system and user administration capabilities and
model
configuration take the hassle out of deploying and managing
Subversion and
the tools developers use with it. Learn more about uberSVN and
get a free
download at: http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model
configuration take the hassle out of deploying and managing Subversion and
the tools developers use with it. Learn more about uberSVN and get a free
download at: http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
