Also, check that you have enabled local auth by uncommenting line 98 in conf/radiusd/packetfence-tunnel.
> On Sep 7, 2016, at 3:31 PM, Louis Munro <[email protected]> wrote: > > Hi Jason, > > It's trying to use winbind for authentication. > Assuming you want to use locally defined users, it should not do that. > > Can you send the output to > > # radiusd -d /usr/local/pf/raddb -n auth -X > > Please? > > It should tell us why it's doing that. > > >> On Sep 7, 2016, at 3:23 PM, Jason 'XenoPhage' Frisvold >> <[email protected] <mailto:[email protected]>> wrote: >> >> Hi all, >> >> I'm trying to set up a new packetfence instance to authenticate via >> 802.1x. I'm working on wired only right now but will be adding wireless >> shortly. I'm running into a problem, though, as shown in the error >> pasted below. >> >> I'm only looking to use users defined in the packetfence admin >> interface, no external database as of right now. What am I doing wrong? >> >> ==> logs/radius.log <== >> Wed Sep 7 15:18:20 2016 : ERROR: (36) mschap: ERROR: Program returned >> code (1) and output 'Reading winbind reply failed! (0xc0000001)' >> Wed Sep 7 15:18:20 2016 : Auth: (36) Login incorrect (mschap: Program >> returned code (1) and output 'Reading winbind reply failed! >> (0xc0000001)'): [testuser] (from client 192.168.10.10 port 50101 cli >> xx:xx:xx:xx:xx:xx via TLS tunnel) >> Wed Sep 7 15:18:20 2016 : Info: rlm_sql (sql): Closing connection (61): >> Hit idle_timeout, was idle for 97 seconds >> Wed Sep 7 15:18:20 2016 : Info: rlm_sql (sql): Closing connection (62): >> Hit idle_timeout, was idle for 97 seconds >> Wed Sep 7 15:18:20 2016 : Info: rlm_sql (sql): Opening additional >> connection (63), 1 of 64 pending slots used >> Wed Sep 7 15:18:20 2016 : Info: rlm_sql (sql): Need 2 more connections >> to reach 10 spares >> Wed Sep 7 15:18:20 2016 : Info: rlm_sql (sql): Opening additional >> connection (64), 1 of 63 pending slots used >> Wed Sep 7 15:18:20 2016 : Info: (37) eap_peap: The users session was >> previously rejected: returning reject (again.) >> Wed Sep 7 15:18:20 2016 : Info: (37) eap_peap: This means you need to >> read the PREVIOUS messages in the debug output >> Wed Sep 7 15:18:20 2016 : Info: (37) eap_peap: to find out the reason >> why the user was rejected >> Wed Sep 7 15:18:20 2016 : Info: (37) eap_peap: Look for "reject" or >> "fail". Those earlier messages will tell you >> Wed Sep 7 15:18:20 2016 : Info: (37) eap_peap: what went wrong, and >> how to fix the problem >> Wed Sep 7 15:18:20 2016 : Auth: (37) Login incorrect (eap: Failed >> continuing EAP PEAP (25) session. EAP sub-module failed): [testuser] >> (from client 192.168.10.10 port 50101 cli xx:xx:xx:xx:xx:xx) >> Wed Sep 7 15:18:20 2016 : [mac:xx:xx:xx:xx:xx:xx] Rejected user: testuser >> >> Thanks, > > > > > Regards, > > -- > Louis Munro > [email protected] <mailto:[email protected]> :: www.inverse.ca > <http://www.inverse.ca/> > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and > PacketFence (www.packetfence.org <http://www.packetfence.org/>) > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Louis Munro [email protected] <mailto:[email protected]> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and PacketFence (www.packetfence.org <http://www.packetfence.org/>)
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
