Here we are again, apologies for flooding this list with endless questions but
I appear to be hitting every stumbling block along the way.
Running the radtest line from the admin guide:
radtest dd9999 Abcd1234 localhost 12 testing12
I get:
radclient: no response from server for ID 212 socket 3
Now firstly, I presume I need to substitute this dd9999 user with a valid user
from my network? I have done this and get the same outcome as above.
Running radiusd -X I get:
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/mschap
/etc/raddb/modules/mschap[6]: Parse error: Unterminated string
Errors reading /etc/raddb/radiusd.conf
The mschap file mentioned in the error hasn't been edited by me and is as it
should be out of the box:
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%
{Stripped-User-Name}:-%{mschap:User-Name:-None}} --challenge=%
{mschap:Challenge:-00} .nt-response=%{mschap:NT-Response:-00}"
From: Morris, Andi [mailto:[email protected]]
Sent: 08 December 2011 14:50
To: [email protected]
Subject: Re: [Packetfence-users] Configuring radius with active directory
That's got it! No errors when joining now, and the lack of a winbind service
will absolutely definitely be because I haven't yet installed it ;)
I'm unsure whether the -w fixed it, or the reinitiated Kerberos ticket, but
it's working nonetheless.
Cheers!
From: Francois Gaudreault [mailto:[email protected]]
Sent: 08 December 2011 14:41
To: [email protected]
Subject: Re: [Packetfence-users] Configuring radius with active directory
Do you have a valid kerberos token (klist) ? If not, redo a kinit, and then
run the join again.
Winbind is not installed by default, you need to install it (samba-winbind).
On 11-12-08 9:35 AM, Morris, Andi wrote:
A small update since my last post.
I ran:
net ads join -U [email protected]<mailto:[email protected]>
createcomputer="Servers/SCS"
and got prompted to enter username's password, then got back:
Using short domain name -- CAMPUS
Joined 'PFENCE01' to realm 'domain.co.uk'
[2011/12/08 13:48:05.180300, 0] libads/kerberos.c:333(ads_kinit_password)
kerberos_kinit_password [email protected]<mailto:[email protected]>
failed: Client not found in Kerberos database
However, the server does now appear in Active Directory!
I attempted to move onto the next stage of the guide but when I run
service winbind start
I get:
winbind: unrecognized service
I initially installed samba by simply running 'yum install samba' so I'm not
sure whether I need to run anything else to include winbind.
To answer your latest question here is the output from running the -w flag of
net ads
[root@pfence01 samba]# net ads join -U
[email protected]<mailto:[email protected]> -w domain.co.uk
Enter [email protected]<mailto:[email protected]>'s password:
Using short domain name -- CAMPUS
Joined 'PFENCE01' to realm 'domain.co.uk'
[2011/12/08 14:33:30.282276, 0] libads/kerberos.c:333(ads_kinit_password)
kerberos_kinit_password [email protected]<mailto:[email protected]>
failed: Preauthentication failed
Cheers for your help,
Andi
From: Francois Gaudreault [mailto:[email protected]]
Sent: 08 December 2011 14:27
To:
[email protected]<mailto:[email protected]>
Subject: Re: [Packetfence-users] Configuring radius with active directory
Andi,
Can you try your "net ads join" command with -w domain.co.uk ?
On 11-12-08 6:26 AM, Morris, Andi wrote:
failed: Preauthentication failed
--
Francois Gaudreault, ing. jr
[email protected]<mailto:[email protected]> :: +1.514.447.4918
(x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
________________________________
>From 1st November 2011 UWIC changed its title to Cardiff Metropolitan
>University. From the 6th December, as part of this change, all email addresses
>which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent
>from Cardiff Metropolitan University will now be sent from the new
>@cardiffmet.ac.uk address. Please could you ensure that all of your contact
>records and databases are updated to reflect this change. Further information
>can be found on the website
>here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
Packetfence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected]<mailto:[email protected]> :: +1.514.447.4918
(x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
