Hi Markus, I had a similar problem some day ago. I had a problem in realm definition.
You can try to investigate which realm you authentication request flow matches (in my case it was DEFAULT) and tries to add your domain and ldap source in realm definition. Have a nice day Luca Messori Diretto: +39 0522265843 Mobile: +39 3351442007 Mail: [email protected] Mead Informatica Srl SEDE - Via T. Edison, 6/a - 42122 Reggio Emilia Tel. +39 0522 265800 Fax +39 0522 393306 FILIALE - Galleria Spagna, 28 - 35127 Padova Tel. +39 049 8702540 Fax +39 049 8706249 http://www.meadinformatica.it/ ________________________________________ Da: Markus Bolz <[email protected]> Inviato: lunedì 6 febbraio 2017 10:27 A: [email protected] Oggetto: [PacketFence-users] PF ZEN 6.4.0: No user authentication against AD (Reading winbind reply failed!) Hello, We are running a PacketFence 6.4.0 on a CentOS ZEN image. LAN authentication on local and routed networks is running fine. Currently we are trying to integrate our wireless network infrastructure. Authentication is to be done against our active directory, the winbind join should be working according to [root@packetfence ~]# chroot /chroots/MYDOMAIN.NET/ wbinfo --own-domain MYDOMAIN We configured a realm on our wireless infrastucture to authenticate @mydomain.net requests against the packetfence server. Authentication is not successful, we see "'Reading winbind reply failed! (0xc0000001)'): in the radius log files (also in radius debug log when we start the radiusserver as user pf with -X ) Radius.log: Mon Jan 30 11:34:09 2017 : Auth: (226) Login incorrect (eap: Failed continuing EAP PEAP (25) session. EAP sub-module failed): [[email protected]] (from client 172.16.10.2 port 1 cli bc:f5:ac:fe:d0:06) Mon Jan 30 11:34:09 2017 : [mac:bc:f5:ac:fe:d0:06] Rejected user: [email protected] Mon Jan 30 11:34:27 2017 : ERROR: (234) mschap: ERROR: Program returned code (1) and output 'Reading winbind reply failed! (0xc0000001)' Mon Jan 30 11:34:27 2017 : Auth: (234) Login incorrect (mschap: Program returned code (1) and output 'Reading winbind reply failed! (0xc0000001)'): [[email protected]] (from client 172.16.10.2 port 1 cli bc:f5:ac:fe:d0:06 via TLS tunnel) Mon Jan 30 11:34:27 2017 : Info: rlm_sql (sql): Need 1 more connections to reach 10 spares Mon Jan 30 11:34:27 2017 : Info: rlm_sql (sql): Opening additional connection (152), 1 of 62 pending slots used Mon Jan 30 11:34:27 2017 : Info: (235) eap_peap: The users session was previously rejected: returning reject (again.) Mon Jan 30 11:34:27 2017 : Info: (235) eap_peap: This means you need to read the PREVIOUS messages in the debug output Mon Jan 30 11:34:27 2017 : Info: (235) eap_peap: to find out the reason why the user was rejected Mon Jan 30 11:34:27 2017 : Info: (235) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you Mon Jan 30 11:34:27 2017 : Info: (235) eap_peap: what went wrong, and how to fix the problem If we test the same auth request in the chroot-environment as user pf manually, the auth seems to be OK: -sh-4.1$ /usr/bin/sudo /usr/sbin/chroot /chroots/MYDOMAIN.NET/ /usr/local/pf/bin/ntlm_auth_wrapper -- --request-nt-key --username=testuser password: NT_STATUS_OK: Success (0x0) -sh-4.1$ What are we missing? Thanks for any help: -- -markus bolz __________________________________________________________________________ Markus Bolz - Leiter Infrastrukturgruppe DFKI Campus D 3.2, D-66123 Saarbruecken, Germany Phone: (+49 681) 85775-5572, Fax: ...-5020, E-Mail: [email protected] Deutsches Forschungszentrum fuer Kuenstliche Intelligenz GmbH, Trippstadter Strasse 122, D-67663 Kaiserslautern, Germany, www.dfki.de * Geschaeftsfuehrung: Prof. Dr. Dr. h.c. mult. Wolfgang Wahlster (Vors.), Dr. Walter Olthoff * Vorsitzender des Aufsichtsrats: Prof. Dr. h.c. Hans A. Aukes * Amtsgericht Kaiserslautern, HRB 2313 __________________________________________________________________________ ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
