Hello Jeimerson, can you run:
raddebug -f /usr/local/pf/var/run/radius.sock -t 3000 and paste the result when you try to connect. Regards Fabrice Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit : > Hello everyone, I'm having problem with authentication, using Samba server 4. > > CLI authentication works. But, using the Cisco 2950 802.1x, does not > work according to the logs. > > ################################################################ > > chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC > --username=nacad...@samba.nac --password='Zaq!2wsx' > NT_STATUS_OK: Success (0x0) > > ################################################# > radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123 > Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 > User-Name = "nacadmin" > MS-CHAP-Password = "Zaq!2wsx" > NAS-IP-Address = 169.254.0.2 > NAS-Port = 0 > Message-Authenticator = 0x00 > Cleartext-Password = "Zaq!2wsx" > MS-CHAP-Challenge = 0xf8d279644d3003f7 > MS-CHAP-Response = > 0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f > Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 > User-Name = "nacadmin" > MS-CHAP-Password = "Zaq!2wsx" > NAS-IP-Address = 169.254.0.2 > NAS-Port = 0 > Message-Authenticator = 0x00 > Cleartext-Password = "Zaq!2wsx" > MS-CHAP-Challenge = 0xf8d279644d3003f7 > MS-CHAP-Response = > 0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f > Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 > User-Name = "nacadmin" > MS-CHAP-Password = "Zaq!2wsx" > NAS-IP-Address = 169.254.0.2 > NAS-Port = 0 > Message-Authenticator = 0x00 > Cleartext-Password = "Zaq!2wsx" > MS-CHAP-Challenge = 0xf8d279644d3003f7 > MS-CHAP-Response = > 0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f > (0) No reply from server for ID 149 socket 3 > > > What could it be? > > If you can help me. > > I created a testing environment with VMware ESXi 6.5. > > ############################################# > > > MAC Address00:0c:29:75:9d:61 > Auth StatusReject > Auth Typeeap > Auto Registrationno > Calling Station ID00:0c:29:75:9d:61 > Computer nameN/A > EAP TypeMSCHAPv2 > Event TypeRadius-Access-Request > IP Address > Is a Phoneno > Node statusN/A > DomainSAMBA > ProfileN/A > Realmsamba.nac > Reasonchrooted_mschap: Program returned code (1) and output 'Logon > failure (0xc000006d)' > RoleN/A > SourceN/A > Stripped User Namenacadmin > User namenacad...@samba.nac > Unique ID > > ######################################## > > Switch IDN/A > Switch MACN/A > Switch IP AddressN/A > Called Station ID00:16:47:53:3e:08 > Connection typeN/A > IfIndexN/A > NAS identifier > NAS IP Address10.190.90.24 > NAS Port50008 > NAS Port ID > NAS Port TypeEthernet > RADIUS Source IP Address10.190.90.24 > Wi-Fi Network SSID > > > ##################################### > > request_time0 > RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User > Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id = > "00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24 > FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type = > MSCHAPv2 NAS-IP-Address = 10.190.90.24 Calling-Station-Id = > "00:0c:29:75:9d:61" MS-CHAP-User-Name = "nacad...@samba.nac" > MS-CHAP-Challenge = 0x5c1c7d80053c06b835a6d60ed493985c > PacketFence-Domain = "SAMBA" User-Name = "nacad...@samba.nac" > Event-Timestamp = "Apr 11 2018 13:56:46 UTC" EAP-Message = > 0x0207004d1a0207004831ce8f7270555af5072eea462eb420f41e0000000000000000ceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e006e616361646d696e4073616d62612e6e6163 > MS-CHAP2-Response = > 0x0761ce8f7270555af5072eea462eb420f41e0000000000000000ceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e > Stripped-User-Name = "nacadmin" NAS-Port = 50008 Framed-MTU = 1500 > Module-Failure-Message = "chrooted_mschap: Program returned code (1) > and output 'Logon failure (0xc000006d)'" Module-Failure-Message = > "chrooted_mschap: External script says: Logon failure (0xc000006d)" > Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is > incorrect" User-Password = "******" Module-Failure-Message = "Failed > retrieving values required to evaluate condition" SQL-User-Name = > "nacad...@samba.nac" > RADIUS ReplyMS-CHAP-Error = "\007E=691 R=0 > C=e8ad3e58bb3c49bc6dd841d883b40c8a V=3 M=Authentication failed" > EAP-Message = 0x04070004 Message-Authenticator = > 0x00000000000000000000000000000000 > > > > Thank you. > > Com os melhores cumprimentos. > > Jeimerson Chaves > > Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros > informáticos com ele transmitidos são confidenciais, podem conter > informação privilegiada e destinam-se ao conhecimento e uso exclusivo > da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos > mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, > queira informar de imediato o remetente e proceder à destruição da > mensagem e de eventuais cópias. > > Confidentiality Warning: This e-mail and any files transmitted with it > are confidential and may be privileged and are intended solely for the > use of the individual or entity to whom they are addressed. Their > contents may not be altered. lf you are not the intended recipient of > this communication please notify the sender and delete and destroy all > copies immediately. > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
