I just fixed a problem with the same symptom, can you post the full radius
debug so we can look @ it? My issue was for some reason the group of the
winbind_privlaged file was wrong, it should be set to group radius (or at least
that solved my problem : )
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Morris, Andi [mailto:[email protected]]
Sent: Thursday, April 19, 2012 6:22 AM
To: [email protected]
Subject: Re: [Packetfence-users] New install of v3.3, freeradius issues
As an update, I created a local user and used those credentials and the
authentication was successful, suggesting that radius is not set to
authenticate against our ADS server.
The mschap module is configured as:
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
}
I'll go through this section in the admin guide again to double check I haven't
missed anything out.
Cheers,
Andi
From: Morris, Andi
[mailto:[email protected]]<mailto:[mailto:[email protected]]>
Sent: 19 April 2012 10:49
To:
[email protected]<mailto:[email protected]>
Subject: [Packetfence-users] New install of v3.3, freeradius issues
Hi,
I've done a fresh install of v3.3 and used the packaged
packetfence-freeradius2, but my access attempts are being rejected. The
radiusd debug output shows the following:
[mschapv2] # Executing group from file
/etc/raddb/sites-enabled/packetfence-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: sm18818
[mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
It's obviously far more likely that it's my config rather than a problem with
the PF freeradius package, but nevertheless I've checked inside the freeradius
virtual servers and can see nothing untoward.
Radtest and ntlm_auth both return successful outputs.
The only thing I've done differently that I can tell since the dev setup (v3.2)
is that I haven't configured ldap on the server. I'm not sure whether this is
required or not as I'm only authenticating users via radius. Is this required
to be setup in order for the PF server to query the ADS server?
Cheers,
Andi
________________________________
>From 1st November 2011 UWIC changed its title to Cardiff Metropolitan
>University. From the 6th December 2011, as part of this change, all email
>addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All
>emails sent from Cardiff Metropolitan University will now be sent from the new
>@cardiffmet.ac.uk address. Please could you ensure that all of your contact
>records and databases are updated to reflect this change. Further information
>can be found on the website
>here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan
Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n
cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a
ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o'r cyfeiriad
@cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion
cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar
y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
