Re: [PacketFence-users] 802.1x authentication

Wed, 27 May 2015 08:40:15 -0700 


On May 27, 2015, at 11:33 , Sohaib Afourid <[email protected]> wrote:

> Found Auth-Type = EAP
> # Executing group from file 
> /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/mschapv2
> [eap] processing type mschapv2
> [mschapv2] # Executing group from file 
> /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
> [mschapv2] +group MS-CHAP {
> [mschap] Creating challenge hash with username: renault
> [mschap] Client is using MS-CHAPv2 for renault, we need NT-Password
> [mschap]     expand: %{Stripped-User-Name} -> 
> [mschap]     ... expanding second conditional
> [mschap]     expand: %{User-Name} -> renault
> [mschap]     expand: %{%{User-Name}:-None} -> renault
> [mschap]     expand: 
> --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} -> 
> --username=renault
> [mschap] Creating challenge hash with username: renault
> [mschap]     expand: %{mschap:Challenge} -> 9228dd5c3c5d8992
> [mschap]     expand: --challenge=%{%{mschap:Challenge}:-00} -> 
> --challenge=9228dd5c3c5d8992
> [mschap]     expand: %{mschap:NT-Response} -> 
> 65a650adff1d78e110344ff370f63eacad42b9aaed6ab4e7
> [mschap]     expand: --nt-response=%{%{mschap:NT-Response}:-00} -> 
> --nt-response=65a650adff1d78e110344ff370f63eacad42b9aaed6ab4e7
> could not obtain winbind domain name!
> Exec output: Reading winbind reply failed! (0xc0000001) 
> Exec plaintext: Reading winbind reply failed! (0xc0000001) 
> [mschap] Exec: program returned: 1
> [mschap] External script failed.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
> ++[mschap] = reject
> +} # group MS-CHAP = reject

Radius can’t seem to get a reply from winbind.

1. Make sure your PF server is joined to a domain. run 
# net ads testjoin

2. make sure the user pf is in the wbpriv group.

3. Make sure winbind is running.


Regards,
--
Louis Munro
[email protected]  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)
------------------------------------------------------------------------------

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to