Hi Tom, permission issue, check https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Administration_Guide.asciidoc#option-2-authentication-against-active-directory-ad
and search for usermod
Regards
Fabrice
Le 2015-02-08 15:48, Tom Fischer a écrit :
>
> I just upgraded to 4.6.0 from 4.0.5. My locally defined wireless
> users are working fine. The AD users fail in the EAP module with this
> error:
>
> Found Auth-Type = EAP
> # Executing group from file
> /usr/local/pf/raddb//sites-enabled/packetfence-tunnel
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/mschapv2
> [eap] processing type mschapv2
> [mschapv2] # Executing group from file
> /usr/local/pf/raddb//sites-enabled/packetfence-tunnel
> [mschapv2] +group MS-CHAP {
> [mschap] Creating challenge hash with username: First Last
> [mschap] Client is using MS-CHAPv2 for First Last, we need NT-Password
> [mschap] expand: %{Stripped-User-Name} -> First Last
> [mschap] expand:
> --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} ->
> --username=First Last
> [mschap] expand: %{mschap:NT-Domain} -> OGOGOG
> [mschap] expand: --domain=%{%{mschap:NT-Domain}:-OGOG.LOCAL} ->
> --domain=OGOGOG
> [mschap] Creating challenge hash with username: First Last
> [mschap] expand: --challenge=%{mschap:Challenge:-00} ->
> --challenge=5aa016975734f45f
> [mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
> --nt-response=b9f97847b548f1c49aa522c499b5b2cb74d8ffe34b249ede
> Exec output: Reading winbind reply failed! (0xc0000001)
> Exec plaintext: Reading winbind reply failed! (0xc0000001)
> [mschap] Exec: program returned: 1
> [mschap] External script failed.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
> ++[mschap] = reject
> +} # group MS-CHAP = reject
> [eap] Freeing handler
>
> Manually testing with winbind gets the expected results. “Reading
> winbind reply failed” seems to indicate a permission problem, but then
> I would expect the manual test to fail? Can anyone please help?
>
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
