Hi Fabrice,
So, what is the expected order of realms processing ?
Any ideas or enlightenments about what is wrong?
I restarted radius service many times and even rebooted the appliance
From: Fabrice Durand [mailto:fdur...@inverse.ca]
Sent: Friday, March 09, 2018 5:32 AM
To: E.P. <ype...@gmail.com>; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] [Packetfence] AD authentication with
FreeRadius: "reading winbind reply failed!"
Hum really strange that even if you restart radius service the file still
missing the other realms.
Le 2018-03-08 à 23:55, E.P. a écrit :
Easy 😉
cat /usr/local/pf/raddb/proxy.conf.inc
realm default {
strip
}
From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Thursday, March 08, 2018 6:42 PM
To: E.P. <mailto:ype...@gmail.com> <ype...@gmail.com>;
packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] [Packetfence] AD authentication with
FreeRadius: "reading winbind reply failed!"
Can you paste the file proxy.conf.inc from raddb directory ?
Le 2018-03-08 à 16:54, E.P. a écrit :
I tried it as well, Fabrice.
Doesn’t matter what I use as a username, whether it is t...@options.bc.ca
<mailto:t...@options.bc.ca> or OPTIONS\test.
I had both realms added before I ended up using the default one. They both
point to the same AD domain.
Attached is yet another RADIUS debug session with my attempt to authenticate
with OPTIONS realm
Also, may I know why do I see the username showing initially as OPTIONS\\test
(two backslashes) ?
[OPTIONS]
domain=optionsad
options=strip
[OPTIONS-AD-REALM]
domain=optionsad
options=strip
Eugene
From: Fabrice Durand [mailto:fdur...@inverse.ca]
Sent: Thursday, March 08, 2018 11:28 AM
To: E.P. <mailto:ype...@gmail.com> <ype...@gmail.com>;
packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] [Packetfence] AD authentication with
FreeRadius: "reading winbind reply failed!"
Hello Eugene,
it looks that you need to add a realm OPTIONS because the username is like
OPTIONS\test.
Regards
Fabrice
Le 2018-03-08 à 14:23, E.P. a écrit :
Hi Fabrice,
Since Jimmy and I seem to have the same problem with winbind I’m attaching
requested RADIUS requests.
There are two files, radius-request shows the session when I have only one
default realm and the authentication source also points to the default realm
[DEFAULT]
domain=optionsad
options=strip
And the second file, radius-request2 shows the session when I added a named
realm, i.e.
[OPTIONS-AD-REALM]
domain=optionsad
options=strip
Eugene
From: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Thursday, March 08, 2018 5:29 AM
To: packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
Cc: Fabrice Durand <mailto:fdur...@inverse.ca> <fdur...@inverse.ca>
Subject: Re: [PacketFence-users] [Packetfence] AD authentication with
FreeRadius: "reading winbind reply failed!"
cd /usr/local/pf
raddebug -f var/run/radiusd.sock -t 3000
Le 2018-03-08 à 02:57, Jimmy Claes via PacketFence-users a écrit :
Hello Fabrice
When I run the command it says that file does not exist, neither does the
directory ‘/etc/raddb/’:
Regards
Jimmy
Van: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Verzonden: woensdag 7 maart 2018 23:09
Aan: packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
CC: Fabrice Durand <mailto:fdur...@inverse.ca> <fdur...@inverse.ca>
Onderwerp: Re: [PacketFence-users] [Packetfence] AD authentication with
FreeRadius: "reading winbind reply failed!"
Ok can you send me a complete radius request ? (raddebug -f
var/run/radiusd.sock -t 3000)
Regards
Fabrice
Le 2018-03-07 à 02:04, Jimmy Claes via PacketFence-users a écrit :
Hello Fabrice
Realms are already created and associated with the AD.
Regards
Jimmy
Van: Durand fabrice via PacketFence-users [
<mailto:packetfence-users@lists.sourceforge.net>
mailto:packetfence-users@lists.sourceforge.net]
Verzonden: woensdag 7 maart 2018 3:26
Aan: <mailto:packetfence-users@lists.sourceforge.net>
packetfence-users@lists.sourceforge.net
CC: Durand fabrice <mailto:fdur...@inverse.ca> <fdur...@inverse.ca>
Onderwerp: Re: [PacketFence-users] [Packetfence] AD authentication with
FreeRadius: "reading winbind reply failed!"
Hello Jimmy,
create the realms associated to your domain, like you have a user like ACME\bob
and b...@acme.com <mailto:b...@acme.com> then create the 2 realms and
associate them to your AD.
Regards
Fabrice
Le 2018-03-06 à 07:14, Jimmy Claes via PacketFence-users a écrit :
I’ve been trying to figure out this problem for days, whenever I try to
authenticate a user on Windows, I get the following error while the login is
correct:
‘wbinfo –p’ fails aswell:
Winbind service is running:
Freeradius service is running:
The permissions on winbindd_privileged are properly set:
Result of running ‘freeradius –X’ attached.
PacketFence (http://packetfence.org)
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) ::
www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) ::
www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users