Hi, here's our output from /usr/local/pf/conf/realm.conf:
[DEFAULT] source=DFKI domain=DFKI.NET [dfki.net] domain=DFKI.NET options=strip source=DFKI cheers & thx: -m Am 06.02.2017 um 10:27 schrieb Markus Bolz: > > Hello, > > We are running a PacketFence 6.4.0 on a CentOS ZEN image. LAN > authentication on local and routed networks is running fine. Currently > we are trying to integrate our wireless network infrastructure. > Authentication is to be done against our active directory, the winbind > join should be working according to > > [root@packetfence ~]# chroot /chroots/MYDOMAIN.NET/ wbinfo --own-domain > MYDOMAIN > > We configured a realm on our wireless infrastucture to authenticate > @mydomain.net requests against the packetfence server. Authentication > is not successful, we see "'Reading winbind reply failed! > (0xc0000001)'): in the radius log files (also in radius debug log when > we start the radiusserver as user pf with -X ) > > Radius.log: > > Mon Jan 30 11:34:09 2017 : Auth: (226) Login incorrect (eap: Failed > continuing EAP PEAP (25) session. EAP sub-module failed): > [[email protected]] (from client 172.16.10.2 port 1 cli > bc:f5:ac:fe:d0:06) > Mon Jan 30 11:34:09 2017 : [mac:bc:f5:ac:fe:d0:06] Rejected user: > [email protected] > Mon Jan 30 11:34:27 2017 : ERROR: (234) mschap: ERROR: Program > returned code (1) and output 'Reading winbind reply failed! (0xc0000001)' > Mon Jan 30 11:34:27 2017 : Auth: (234) Login incorrect (mschap: > Program returned code (1) and output 'Reading winbind reply failed! > (0xc0000001)'): [[email protected]] (from client 172.16.10.2 port > 1 cli bc:f5:ac:fe:d0:06 via TLS tunnel) > Mon Jan 30 11:34:27 2017 : Info: rlm_sql (sql): Need 1 more > connections to reach 10 spares > Mon Jan 30 11:34:27 2017 : Info: rlm_sql (sql): Opening additional > connection (152), 1 of 62 pending slots used > Mon Jan 30 11:34:27 2017 : Info: (235) eap_peap: The users session > was previously rejected: returning reject (again.) > Mon Jan 30 11:34:27 2017 : Info: (235) eap_peap: This means you need > to read the PREVIOUS messages in the debug output > Mon Jan 30 11:34:27 2017 : Info: (235) eap_peap: to find out the > reason why the user was rejected > Mon Jan 30 11:34:27 2017 : Info: (235) eap_peap: Look for "reject" > or "fail". Those earlier messages will tell you > Mon Jan 30 11:34:27 2017 : Info: (235) eap_peap: what went wrong, > and how to fix the problem > > > If we test the same auth request in the chroot-environment as user pf > manually, the auth seems to be OK: > > -sh-4.1$ /usr/bin/sudo /usr/sbin/chroot /chroots/MYDOMAIN.NET/ > /usr/local/pf/bin/ntlm_auth_wrapper -- --request-nt-key > --username=testuser > password: > NT_STATUS_OK: Success (0x0) > -sh-4.1$ > > What are we missing? > > Thanks for any help: > -- -markus bolz __________________________________________________________________________ Markus Bolz - Leiter Infrastrukturgruppe DFKI Campus D 3.2, D-66123 Saarbruecken, Germany Phone: (+49 681) 85775-5572, Fax: ...-5020, E-Mail: [email protected] Deutsches Forschungszentrum fuer Kuenstliche Intelligenz GmbH, Trippstadter Strasse 122, D-67663 Kaiserslautern, Germany, www.dfki.de * Geschaeftsfuehrung: Prof. Dr. Dr. h.c. mult. Wolfgang Wahlster (Vors.), Dr. Walter Olthoff * Vorsitzender des Aufsichtsrats: Prof. Dr. h.c. Hans A. Aukes * Amtsgericht Kaiserslautern, HRB 2313 __________________________________________________________________________ ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
