Hi, I try to use packetfence for mikrotik device cli access. I want to access with my MS Active Directory users. First i try with freeradius via ldap connection. It's working but when i try with packetfence, it doesn't work. To my understanding, mikrotik try to ldap connection but packetfence connect to Active Directory with NTLM. (Cisco devices working successfully) It is possible to solve this problem. packetfence.log:
*Mar 9 18:08:12 debian packetfence_httpd.aaa: httpd.aaa(2089) WARN: [mac:[undef]] Trying to match IP address with an invalid MAC address 'undef' (pf::ip4log::mac2ip)Mar 9 18:08:12 debian packetfence_httpd.aaa: httpd.aaa(2089) WARN: [mac:[undef]] Trying to match IP address with an invalid MAC address 'undef' (pf::ip4log::mac2ip)Mar 9 18:08:13 debian packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile)Mar 9 18:08:13 debian packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]] Found authentication source(s) : 'AD-source' for realm 'null' (pf::config::util::filter_authentication_sources)Mar 9 18:08:13 debian packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile)Mar 9 18:08:13 debian packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]] Found authentication source(s) : 'AD-source' for realm 'null' (pf::config::util::filter_authentication_sources)Mar 9 18:08:13 debian packetfence_httpd.aaa: httpd.aaa(2089) WARN: [mac:[undef]] [AD-source] User CN=net-admin,CN=Users,DC=evrenkorkmaz,DC=xyz cannot bind from CN=Users,DC=evrenkorkmaz,DC=xyz on 192.168.56.102:389 <http://192.168.56.102:389> (pf::Authentication::Source::LDAPSource::authenticate)Mar 9 18:08:13 debian packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]] User net-admin tried to login in 192.168.30.6 but authentication failed (pf::radius::switch_access)Mar 9 18:08:13 debian packetfence_httpd.aaa: httpd.aaa(2089) WARN: [mac:[undef]] [AD-source] User CN=net-admin,CN=Users,DC=evrenkorkmaz,DC=xyz cannot bind from CN=Users,DC=evrenkorkmaz,DC=xyz on 192.168.56.102:389 <http://192.168.56.102:389> (pf::Authentication::Source::LDAPSource::authenticate)Mar 9 18:08:13 debian packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]] User net-admin tried to login in 192.168.30.6 but authentication failed (pf::radius::switch_access)* radius.log: *Mar 9 18:05:36 debian auth[5605]: Need 6 more connections to reach 10 sparesMar 9 18:05:36 debian auth[5605]: rlm_sql (sql): Opening additional connection (4), 1 of 60 pending slots usedMar 9 18:05:36 debian auth[5605]: Need 6 more connections to reach 10 sparesMar 9 18:05:36 debian auth[5605]: rlm_sql (sql): Opening additional connection (4), 1 of 60 pending slots usedMar 9 18:05:37 debian auth[5605]: (3) Ignoring duplicate packet from client 192.168.30.6/32 <http://192.168.30.6/32> port 47498 - ID: 10 due to unfinished request in component post-auth module restMar 9 18:05:37 debian auth[5605]: (3) Ignoring duplicate packet from client 192.168.30.6/32 <http://192.168.30.6/32> port 47498 - ID: 10 due to unfinished request in component post-auth module restMar 9 18:05:37 debian auth[5605]: (3) Ignoring duplicate packet from client 192.168.30.6/32 <http://192.168.30.6/32> port 47498 - ID: 10 due to unfinished request in component post-auth module restMar 9 18:05:37 debian auth[5605]: (3) Ignoring duplicate packet from client 192.168.30.6/32 <http://192.168.30.6/32> port 47498 - ID: 10 due to unfinished request in component post-auth module restMar 9 18:05:38 debian auth[5605]: (3) rest: ERROR: Server returned:Mar 9 18:05:38 debian auth[5605]: (3) rest: ERROR: {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Authentication failed on PacketFence"}Mar 9 18:05:38 debian auth[5605]: Need 1 more connections to reach min connections (3)Mar 9 18:05:38 debian auth[5605]: rlm_rest (rest): Opening additional connection (2), 1 of 62 pending slots usedMar 9 18:05:38 debian auth[5605]: Need 5 more connections to reach 10 sparesMar 9 18:05:38 debian auth[5605]: rlm_sql (sql): Opening additional connection (5), 1 of 59 pending slots usedMar 9 18:05:38 debian auth[5605]: (3) rest: ERROR: Server returned:Mar 9 18:05:38 debian auth[5605]: (3) rest: ERROR: {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Authentication failed on PacketFence"}Mar 9 18:05:38 debian auth[5605]: Need 1 more connections to reach min connections (3)Mar 9 18:05:38 debian auth[5605]: rlm_rest (rest): Opening additional connection (2), 1 of 62 pending slots usedMar 9 18:05:38 debian auth[5605]: Need 5 more connections to reach 10 sparesMar 9 18:05:38 debian auth[5605]: rlm_sql (sql): Opening additional connection (5), 1 of 59 pending slots usedMar 9 18:05:38 debian auth[5605]: [mac:192.168.30.2] Rejected user: net-adminMar 9 18:05:38 debian auth[5605]: (3) Rejected in post-auth: [net-admin] (from client 192.168.30.6/32 <http://192.168.30.6/32> port 0 cli 192.168.30.2)Mar 9 18:05:38 debian auth[5605]: (3) Login incorrect (rest: Server returned:): [net-admin] (from client 192.168.30.6/32 <http://192.168.30.6/32> port 0 cli 192.168.30.2)Mar 9 18:05:38 debian auth[5605]: [mac:192.168.30.2] Rejected user: net-adminMar 9 18:05:38 debian auth[5605]: (3) Rejected in post-auth: [net-admin] (from client 192.168.30.6/32 <http://192.168.30.6/32> port 0 cli 192.168.30.2)Mar 9 18:05:38 debian auth[5605]: (3) Login incorrect (rest: Server returned:): [net-admin] (from client 192.168.30.6/32 <http://192.168.30.6/32> port 0 cli 192.168.30.2)*
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users