Hello everyone, I'm having problem with authentication, using Samba server 4.
CLI authentication works. But, using the Cisco 2950 802.1x, does not work according to the logs. ################################################################ chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC --username=nacad...@samba.nac --password='Zaq!2wsx' NT_STATUS_OK: Success (0x0) ################################################# radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123 Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 User-Name = "nacadmin" MS-CHAP-Password = "Zaq!2wsx" NAS-IP-Address = 169.254.0.2 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "Zaq!2wsx" MS-CHAP-Challenge = 0xf8d279644d3003f7 MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 User-Name = "nacadmin" MS-CHAP-Password = "Zaq!2wsx" NAS-IP-Address = 169.254.0.2 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "Zaq!2wsx" MS-CHAP-Challenge = 0xf8d279644d3003f7 MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 User-Name = "nacadmin" MS-CHAP-Password = "Zaq!2wsx" NAS-IP-Address = 169.254.0.2 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "Zaq!2wsx" MS-CHAP-Challenge = 0xf8d279644d3003f7 MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f (0) No reply from server for ID 149 socket 3 What could it be? If you can help me. I created a testing environment with VMware ESXi 6.5. ############################################# MAC Address00:0c:29:75:9d:61 Auth StatusReject Auth Typeeap Auto Registrationno Calling Station ID00:0c:29:75:9d:61 Computer nameN/A EAP TypeMSCHAPv2 Event TypeRadius-Access-Request IP Address Is a Phoneno Node statusN/A DomainSAMBA ProfileN/A Realmsamba.nac Reasonchrooted_mschap: Program returned code (1) and output 'Logon failure (0xc000006d)' RoleN/A SourceN/A Stripped User Namenacadmin User namenacad...@samba.nac Unique ID ######################################## Switch IDN/A Switch MACN/A Switch IP AddressN/A Called Station ID00:16:47:53:3e:08 Connection typeN/A IfIndexN/A NAS identifier NAS IP Address10.190.90.24 NAS Port50008 NAS Port ID NAS Port TypeEthernet RADIUS Source IP Address10.190.90.24 Wi-Fi Network SSID ##################################### request_time0 RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id = "00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24 FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type = MSCHAPv2 NAS-IP-Address = 10.190.90.24 Calling-Station-Id = "00:0c:29:75:9d:61" MS-CHAP-User-Name = "nacad...@samba.nac" MS-CHAP-Challenge = 0x5c1c7d80053c06b835a6d60ed493985c PacketFence-Domain = "SAMBA" User-Name = "nacad...@samba.nac" Event-Timestamp = "Apr 11 2018 13:56:46 UTC" EAP-Message = 0x0207004d1a0207004831ce8f7270555af5072eea462eb420f41e0000000000000000ceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e006e616361646d696e4073616d62612e6e6163 MS-CHAP2-Response = 0x0761ce8f7270555af5072eea462eb420f41e0000000000000000ceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e Stripped-User-Name = "nacadmin" NAS-Port = 50008 Framed-MTU = 1500 Module-Failure-Message = "chrooted_mschap: Program returned code (1) and output 'Logon failure (0xc000006d)'" Module-Failure-Message = "chrooted_mschap: External script says: Logon failure (0xc000006d)" Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is incorrect" User-Password = "******" Module-Failure-Message = "Failed retrieving values required to evaluate condition" SQL-User-Name = "nacad...@samba.nac" RADIUS ReplyMS-CHAP-Error = "\007E=691 R=0 C=e8ad3e58bb3c49bc6dd841d883b40c8a V=3 M=Authentication failed" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 Thank you. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users