[PacketFence-users] Problem with Samba 4 authentication

Thu, 12 Apr 2018 11:52:24 -0700 

Hello everyone, I'm having problem with authentication, using Samba server 4.

CLI authentication works. But, using the Cisco 2950 802.1x, does not
work according to the logs.

################################################################

chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC
--username=nacad...@samba.nac --password='Zaq!2wsx'
NT_STATUS_OK: Success (0x0)

#################################################
radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123
Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
    User-Name = "nacadmin"
    MS-CHAP-Password = "Zaq!2wsx"
    NAS-IP-Address = 169.254.0.2
    NAS-Port = 0
    Message-Authenticator = 0x00
    Cleartext-Password = "Zaq!2wsx"
    MS-CHAP-Challenge = 0xf8d279644d3003f7
    MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
    User-Name = "nacadmin"
    MS-CHAP-Password = "Zaq!2wsx"
    NAS-IP-Address = 169.254.0.2
    NAS-Port = 0
    Message-Authenticator = 0x00
    Cleartext-Password = "Zaq!2wsx"
    MS-CHAP-Challenge = 0xf8d279644d3003f7
    MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
    User-Name = "nacadmin"
    MS-CHAP-Password = "Zaq!2wsx"
    NAS-IP-Address = 169.254.0.2
    NAS-Port = 0
    Message-Authenticator = 0x00
    Cleartext-Password = "Zaq!2wsx"
    MS-CHAP-Challenge = 0xf8d279644d3003f7
    MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
(0) No reply from server for ID 149 socket 3


What could it be?

If you can help me.

I created a testing environment with VMware ESXi 6.5.

#############################################


MAC Address00:0c:29:75:9d:61
Auth StatusReject
Auth Typeeap
Auto Registrationno
Calling Station ID00:0c:29:75:9d:61
Computer nameN/A
EAP TypeMSCHAPv2
Event TypeRadius-Access-Request
IP Address
Is a Phoneno
Node statusN/A
DomainSAMBA
ProfileN/A
Realmsamba.nac
Reasonchrooted_mschap: Program returned code (1) and output 'Logon
failure (0xc000006d)'
RoleN/A
SourceN/A
Stripped User Namenacadmin
User namenacad...@samba.nac
Unique ID

########################################

Switch IDN/A
Switch MACN/A
Switch IP AddressN/A
Called Station ID00:16:47:53:3e:08
Connection typeN/A
IfIndexN/A
NAS identifier
NAS IP Address10.190.90.24
NAS Port50008
NAS Port ID
NAS Port TypeEthernet
RADIUS Source IP Address10.190.90.24
Wi-Fi Network SSID


#####################################

request_time0
RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User
Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id =
"00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24
FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type =
MSCHAPv2 NAS-IP-Address = 10.190.90.24 Calling-Station-Id =
"00:0c:29:75:9d:61" MS-CHAP-User-Name = "nacad...@samba.nac"
MS-CHAP-Challenge = 0x5c1c7d80053c06b835a6d60ed493985c
PacketFence-Domain = "SAMBA" User-Name = "nacad...@samba.nac"
Event-Timestamp = "Apr 11 2018 13:56:46 UTC" EAP-Message =
0x0207004d1a0207004831ce8f7270555af5072eea462eb420f41e0000000000000000ceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e006e616361646d696e4073616d62612e6e6163
MS-CHAP2-Response =
0x0761ce8f7270555af5072eea462eb420f41e0000000000000000ceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e
Stripped-User-Name = "nacadmin" NAS-Port = 50008 Framed-MTU = 1500
Module-Failure-Message = "chrooted_mschap: Program returned code (1)
and output 'Logon failure (0xc000006d)'" Module-Failure-Message =
"chrooted_mschap: External script says: Logon failure (0xc000006d)"
Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is
incorrect" User-Password = "******" Module-Failure-Message = "Failed
retrieving values required to evaluate condition" SQL-User-Name =
"nacad...@samba.nac"
RADIUS ReplyMS-CHAP-Error = "\007E=691 R=0
C=e8ad3e58bb3c49bc6dd841d883b40c8a V=3 M=Authentication failed"
EAP-Message = 0x04070004 Message-Authenticator =
0x00000000000000000000000000000000



Thank you.

Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to