Hi Fabrice,
thanks for answering. Here is the output:
Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
(21571) Fri Apr 1 08:22:32 2022: Debug: authenticate {
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: Expiring EAP session with state
0xdd37fd22d8d7e4c8
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: Finished EAP session with state
0xdd37fd22d8d7e4c8
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: Previous EAP request found for
state 0xdd37fd22d8d7e4c8, released from the list
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: Peer sent packet with method EAP
PEAP (25)
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: Calling submodule eap_peap to
process data
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: (TLS) EAP Done initial
handshake
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Session established.
Decoding tunneled attributes
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: PEAP state WAITING FOR INNER
IDENTITY
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Identity - nijat
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Got inner identity 'nijat'
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Setting default EAP type for
tunneled EAP session
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Got tunneled request
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: EAP-Message =
0x02e0000a016e696a6174
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Setting User-Name to nijat
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Sending tunneled request to
packetfence-tunnel
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: EAP-Message =
0x02e0000a016e696a6174
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: FreeRADIUS-Proxied-To =
127.0.0.1
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: User-Name = "nijat"
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: NAS-IP-Address =
10.80.80.67
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: NAS-Identifier =
"7a4558c7885f"
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: NAS-Port-Type =
Wireless-802.11
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Service-Type = Framed-User
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Calling-Station-Id :=
"be:f1:bd:b6:40:a3"
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Connect-Info = "CONNECT
0Mbps 802.11a"
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Acct-Session-Id =
"A036F4CC8D711505"
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Acct-Multi-Session-Id =
"E87228BDB3EDFE41"
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: WLAN-Pairwise-Cipher =
1027076
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: WLAN-Group-Cipher = 1027076
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: WLAN-AKM-Suite = 1027073
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Framed-MTU = 1400
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: PacketFence-Radius-Ip :=
"10.80.80.143"
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: PacketFence-KeyBalanced :=
"b6125b7968479546eeef8c210c3176af"
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Called-Station-Id :=
"7a:45:58:c7:88:5f:pftest"
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Event-Timestamp = "Apr 1
2022 08:22:32 UTC"
(21571) Fri Apr 1 08:22:32 2022: Debug: Virtual server packetfence-tunnel
received request
(21571) Fri Apr 1 08:22:32 2022: Debug: EAP-Message = 0x02e0000a016e696a6174
(21571) Fri Apr 1 08:22:32 2022: Debug: FreeRADIUS-Proxied-To = 127.0.0.1
(21571) Fri Apr 1 08:22:32 2022: Debug: User-Name = "nijat"
(21571) Fri Apr 1 08:22:32 2022: Debug: NAS-IP-Address = 10.80.80.67
(21571) Fri Apr 1 08:22:32 2022: Debug: NAS-Identifier = "7a4558c7885f"
(21571) Fri Apr 1 08:22:32 2022: Debug: NAS-Port-Type = Wireless-802.11
(21571) Fri Apr 1 08:22:32 2022: Debug: Service-Type = Framed-User
(21571) Fri Apr 1 08:22:32 2022: Debug: Calling-Station-Id :=
"be:f1:bd:b6:40:a3"
(21571) Fri Apr 1 08:22:32 2022: Debug: Connect-Info = "CONNECT 0Mbps
802.11a"
(21571) Fri Apr 1 08:22:32 2022: Debug: Acct-Session-Id = "A036F4CC8D711505"
(21571) Fri Apr 1 08:22:32 2022: Debug: Acct-Multi-Session-Id =
"E87228BDB3EDFE41"
(21571) Fri Apr 1 08:22:32 2022: Debug: WLAN-Pairwise-Cipher = 1027076
(21571) Fri Apr 1 08:22:32 2022: Debug: WLAN-Group-Cipher = 1027076
(21571) Fri Apr 1 08:22:32 2022: Debug: WLAN-AKM-Suite = 1027073
(21571) Fri Apr 1 08:22:32 2022: Debug: Framed-MTU = 1400
(21571) Fri Apr 1 08:22:32 2022: Debug: PacketFence-Radius-Ip :=
"10.80.80.143"
(21571) Fri Apr 1 08:22:32 2022: Debug: PacketFence-KeyBalanced :=
"b6125b7968479546eeef8c210c3176af"
(21571) Fri Apr 1 08:22:32 2022: Debug: Called-Station-Id :=
"7a:45:58:c7:88:5f:pftest"
(21571) Fri Apr 1 08:22:32 2022: Debug: Event-Timestamp = "Apr 1 2022
08:22:32 UTC"
(21571) Fri Apr 1 08:22:32 2022: WARNING: Outer and inner identities are the
same. User privacy is compromised.
(21571) Fri Apr 1 08:22:32 2022: Debug: server packetfence-tunnel {
(21571) Fri Apr 1 08:22:32 2022: Debug: # Executing section authorize from
file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
(21571) Fri Apr 1 08:22:32 2022: Debug: authorize {
(21571) Fri Apr 1 08:22:32 2022: Debug: if ( outer.EAP-Type == TTLS) {
(21571) Fri Apr 1 08:22:32 2022: Debug: if ( outer.EAP-Type == TTLS) ->
FALSE
(21571) Fri Apr 1 08:22:32 2022: Debug: policy
packetfence-set-realm-if-machine {
(21571) Fri Apr 1 08:22:32 2022: Debug: if (User-Name =~
/host\/([a-z0-9_-]*)[\.](.*)/i) {
(21571) Fri Apr 1 08:22:32 2022: Debug: if (User-Name =~
/host\/([a-z0-9_-]*)[\.](.*)/i) -> FALSE
(21571) Fri Apr 1 08:22:32 2022: Debug: } # policy
packetfence-set-realm-if-machine = notfound
(21571) Fri Apr 1 08:22:32 2022: Debug: policy packetfence-set-tenant-id
{
(21571) Fri Apr 1 08:22:32 2022: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0"){
(21571) Fri Apr 1 08:22:32 2022: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0") -> FALSE
(21571) Fri Apr 1 08:22:32 2022: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(21571) Fri Apr 1 08:22:32 2022: Debug: EXPAND
%{%{control:PacketFence-Tenant-Id}:-0}
(21571) Fri Apr 1 08:22:32 2022: Debug: --> 0
(21571) Fri Apr 1 08:22:32 2022: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
(21571) Fri Apr 1 08:22:32 2022: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(21571) Fri Apr 1 08:22:32 2022: Debug: if
("%{request:Called-Station-Id}" =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})/i)
{
(21571) Fri Apr 1 08:22:32 2022: Debug: EXPAND
%{request:Called-Station-Id}
(21571) Fri Apr 1 08:22:32 2022: Debug: -->
7a:45:58:c7:88:5f:pftest
(21571) Fri Apr 1 08:22:32 2022: Debug: if
("%{request:Called-Station-Id}" =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})/i)
-> TRUE
(21571) Fri Apr 1 08:22:32 2022: Debug: if
("%{request:Called-Station-Id}" =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})/i)
{
(21571) Fri Apr 1 08:22:32 2022: Debug: update control {
(21571) Fri Apr 1 08:22:32 2022: Debug: EXPAND %{User-Name}
(21571) Fri Apr 1 08:22:32 2022: Debug: --> nijat
(21571) Fri Apr 1 08:22:32 2022: Debug: SQL-User-Name set to
'nijat'
(21571) Fri Apr 1 08:22:32 2022: Debug: Executing select query:
SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'7a:45:58:c7:88:5f'), 0)
(21571) Fri Apr 1 08:22:32 2022: Debug: EXPAND %{sql: SELECT
IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}'), 0)}
(21571) Fri Apr 1 08:22:32 2022: Debug: --> 0
(21571) Fri Apr 1 08:22:32 2022: Debug: } # update control = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: } # if
("%{request:Called-Station-Id}" =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})/i)
= noop
(21571) Fri Apr 1 08:22:32 2022: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(21571) Fri Apr 1 08:22:32 2022: Debug: EXPAND
%{%{control:PacketFence-Tenant-Id}:-0}
(21571) Fri Apr 1 08:22:32 2022: Debug: --> 0
(21571) Fri Apr 1 08:22:32 2022: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
(21571) Fri Apr 1 08:22:32 2022: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(21571) Fri Apr 1 08:22:32 2022: Debug: update control {
(21571) Fri Apr 1 08:22:32 2022: Debug: EXPAND %{User-Name}
(21571) Fri Apr 1 08:22:32 2022: Debug: --> nijat
(21571) Fri Apr 1 08:22:32 2022: Debug: SQL-User-Name set to
'nijat'
(21571) Fri Apr 1 08:22:32 2022: Debug: Executing select query:
SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '10.80.80.67'),
0)
(21571) Fri Apr 1 08:22:32 2022: Debug: EXPAND %{sql: SELECT
IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{NAS-IP-Address}'),
0)}
(21571) Fri Apr 1 08:22:32 2022: Debug: --> 1
(21571) Fri Apr 1 08:22:32 2022: Debug: } # update control = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: } # if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: } # if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) {
(21571) Fri Apr 1 08:22:32 2022: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) -> TRUE
(21571) Fri Apr 1 08:22:32 2022: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) {
(21571) Fri Apr 1 08:22:32 2022: Debug: update control {
(21571) Fri Apr 1 08:22:32 2022: Debug: EXPAND %{User-Name}
(21571) Fri Apr 1 08:22:32 2022: Debug: --> nijat
(21571) Fri Apr 1 08:22:32 2022: Debug: SQL-User-Name set to
'nijat'
(21571) Fri Apr 1 08:22:32 2022: Debug: Executing select query:
SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <=
INET_ATON('10.80.80.67') and INET_ATON('10.80.80.67') <= end_ip order by
range_length limit 1), 1)
(21571) Fri Apr 1 08:22:32 2022: Debug: EXPAND %{sql: SELECT
IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <=
INET_ATON('%{NAS-IP-Address}') and INET_ATON('%{NAS-IP-Address}') <= end_ip
order by range_length limit 1), 1)}
(21571) Fri Apr 1 08:22:32 2022: Debug: --> 1
(21571) Fri Apr 1 08:22:32 2022: Debug: } # update control = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: } # if (
&control:PacketFence-Tenant-Id == 0 ) = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: } # policy
packetfence-set-tenant-id = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: policy filter_username {
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name) {
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name) -> TRUE
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name) {
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name =~ / /) {
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name =~ / /) ->
FALSE
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name =~ /@[^@]*@/
) {
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name =~ /@[^@]*@/
) -> FALSE
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name =~ /\.\./ ) {
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name =~ /\.\./ )
-> FALSE
(21571) Fri Apr 1 08:22:32 2022: Debug: if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) {
(21571) Fri Apr 1 08:22:32 2022: Debug: if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name =~ /\.$/) {
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name =~ /\.$/)
-> FALSE
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name =~ /@\./) {
(21571) Fri Apr 1 08:22:32 2022: Debug: if (&User-Name =~ /@\./)
-> FALSE
(21571) Fri Apr 1 08:22:32 2022: Debug: } # if (&User-Name) = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: } # policy filter_username = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: update {
(21571) Fri Apr 1 08:22:32 2022: Debug: EXPAND
%{outer.request:User-Name}
(21571) Fri Apr 1 08:22:32 2022: Debug: --> nijat
(21571) Fri Apr 1 08:22:32 2022: Debug: } # update = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: [mschap] = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: suffix: Checking for suffix after "@"
(21571) Fri Apr 1 08:22:32 2022: Debug: suffix: No '@' in User-Name = "nijat",
skipping NULL due to config.
(21571) Fri Apr 1 08:22:32 2022: Debug: [suffix] = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: ntdomain: Checking for prefix before
"\"
(21571) Fri Apr 1 08:22:32 2022: Debug: ntdomain: No '\' in User-Name =
"nijat", looking up realm NULL
(21571) Fri Apr 1 08:22:32 2022: Debug: ntdomain: Found realm "null"
(21571) Fri Apr 1 08:22:32 2022: Debug: ntdomain: Adding Stripped-User-Name =
"nijat"
(21571) Fri Apr 1 08:22:32 2022: Debug: ntdomain: Adding Realm = "null"
(21571) Fri Apr 1 08:22:32 2022: Debug: ntdomain: Authentication realm is LOCAL
(21571) Fri Apr 1 08:22:32 2022: Debug: [ntdomain] = ok
(21571) Fri Apr 1 08:22:32 2022: Debug: update control {
(21571) Fri Apr 1 08:22:32 2022: Debug: } # update control = noop
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: Peer sent EAP Response (code 2)
ID 224 length 10
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: EAP-Identity reply, returning
'ok' so we can short-circuit the rest of authorize
(21571) Fri Apr 1 08:22:32 2022: Debug: [eap] = ok
(21571) Fri Apr 1 08:22:32 2022: Debug: } # authorize = ok
(21571) Fri Apr 1 08:22:32 2022: WARNING: You set Proxy-To-Realm = local,
but it is a LOCAL realm! Cancelling proxy request.
(21571) Fri Apr 1 08:22:32 2022: Debug: Found Auth-Type = eap
(21571) Fri Apr 1 08:22:32 2022: Debug: # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
(21571) Fri Apr 1 08:22:32 2022: Debug: authenticate {
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: Peer sent packet with method EAP
Identity (1)
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: Calling submodule eap_mschapv2 to
process data
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_mschapv2: Issuing Challenge
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: Sending EAP Request (code 1) ID
225 length 43
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: EAP session adding &reply:State =
0xc0015143c0e04be0
(21571) Fri Apr 1 08:22:32 2022: Debug: [eap] = handled
(21571) Fri Apr 1 08:22:32 2022: Debug: } # authenticate = handled
(21571) Fri Apr 1 08:22:32 2022: Debug: } # server packetfence-tunnel
(21571) Fri Apr 1 08:22:32 2022: Debug: Virtual server sending reply
(21571) Fri Apr 1 08:22:32 2022: Debug: EAP-Message =
0x01e1002b1a01e10026108dd189798549a3fa2b743ff85850de1e667265657261646975732d332e302e3235
(21571) Fri Apr 1 08:22:32 2022: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(21571) Fri Apr 1 08:22:32 2022: Debug: State =
0xc0015143c0e04be05026e3704434a669
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Got tunneled reply code 11
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: EAP-Message =
0x01e1002b1a01e10026108dd189798549a3fa2b743ff85850de1e667265657261646975732d332e302e3235
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Message-Authenticator =
0x00000000000000000000000000000000
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: State =
0xc0015143c0e04be05026e3704434a669
(21571) Fri Apr 1 08:22:32 2022: Debug: eap_peap: Got tunneled Access-Challenge
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: Sending EAP Request (code 1) ID
225 length 74
(21571) Fri Apr 1 08:22:32 2022: Debug: eap: EAP session adding &reply:State =
0xdd37fd22dbd6e4c8
(21571) Fri Apr 1 08:22:32 2022: Debug: [eap] = handled
(21571) Fri Apr 1 08:22:32 2022: Debug: } # authenticate = handled
(21571) Fri Apr 1 08:22:32 2022: Debug: Using Post-Auth-Type Challenge
(21571) Fri Apr 1 08:22:32 2022: Debug: Post-Auth-Type sub-section not found.
Ignoring.
(21571) Fri Apr 1 08:22:32 2022: Debug: # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence
(21571) Fri Apr 1 08:22:32 2022: Debug: session-state: Saving cached attributes
(21571) Fri Apr 1 08:22:32 2022: Debug: Framed-MTU = 994
(21571) Fri Apr 1 08:22:32 2022: Debug: TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(21571) Fri Apr 1 08:22:32 2022: Debug: TLS-Session-Version = "TLS 1.2"
(21571) Fri Apr 1 08:22:32 2022: Debug: Sent Access-Challenge Id 61 from
10.80.80.143:1812 to 10.80.80.67:55172 length 132
(21571) Fri Apr 1 08:22:32 2022: Debug: EAP-Message =
0x01e1004a1900170303003fbc37259a75552b7546e8809ad730f61488803c5cb18a964c9b9dfe084e6f398a089c714940ceaf8acd15902edc1a07ada1f6e6271d0192e283e9cb6b5cfe15
(21571) Fri Apr 1 08:22:32 2022: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(21571) Fri Apr 1 08:22:32 2022: Debug: State =
0xdd37fd22dbd6e4c89ecf933de8c2fe04
(21571) Fri Apr 1 08:22:32 2022: Debug: Finished request
Hello Nicat, can you run this command and try to connect ? raddebug -f
/usr/local/pf/var/run/radiusd.sock -t 300 Then paste the output. RegardsFabrice
Le mer. 30 mars 2022 à 08:54, Nijat Sultanov via PacketFence-users
<packetfence-users@lists.sourceforge.net> a écrit :Hi there,
I was looking for a support from packetfence and tried the mailing list.
Somehow I'm not able to make a topic in the packetfence section on
sourceforge.net.
Maybe you can help me now.
I'm trying to run packetfence with my unify AP, but struggle to make a
successful authentification with my user. Previously I used a Switch and the
authentification worked fine. Now, I'm trying to make a wireless
authentification but somehow I'm getting rejected everytime with the reason:
mschap: MS-CHAP2-Response is incorrect.
He is the RADIUS Auditing Log:
Request Time
0RADIUS Request
User-Name = "nijat" Event-Timestamp = "Mar 28 2022 14:54:48 UTC"
Calling-Station-Id = "be:f1:bd:b6:40:a3" WLAN-AKM-Suite = 1027073
MS-CHAP-User-Name = "nijat" PacketFence-Outer-User = "nijat" Realm = "null"
MS-CHAP2-Response =
0x6e69e18213141ad3c9c9de0c32d6cedd713f0000000000000000dec8317a42db25f2e4ce62cf8b49d5727646a3cdbc15b035
Acct-Multi-Session-Id = "723AF7C45EAA7B4C" NAS-IP-Address = 10.80.80.67
Service-Type = Framed-User PacketFence-Radius-Ip = "10.80.80.143"
PacketFence-KeyBalanced = "b6125b7968479546eeef8c210c3176af" WLAN-Group-Cipher
= 1027076 NAS-Identifier = "7a4558c7885f" Called-Station-Id =
"7a:45:58:c7:88:5f:pftest" EAP-Type = MSCHAPv2 EAP-Message =
0x026e00401a026e003b31e18213141ad3c9c9de0c32d6cedd713f0000000000000000dec8317a42db25f2e4ce62cf8b49d5727646a3cdbc15b035006e696a6174
Framed-MTU = 1400 WLAN-Pairwise-Cipher = 1027076 Stripped-User-Name = "nijat"
Acct-Session-Id = "9C80BE880B7D623E" FreeRADIUS-Proxied-To = 127.0.0.1 State =
0xeeed1a94ee8300284b8988160fb70984 Called-Station-SSID = "pftest" NAS-Port-Type
= Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11a" MS-CHAP-Challenge =
0x573a1544f904d394d0a45b27858fcedf Module-Failure-Message = "mschap:
MS-CHAP2-Response is incorrect" User-Password = "******" SQL-User-Name =
"nijat"RADIUS Reply
MS-CHAP-Error = "nE=691 R=0 C=59ed45f1aa35086ebe0c808a8ff4e84b V=3
M=Authentication rejected" EAP-Message = 0x046e0004 Message-Authenticator =
0x00000000000000000000000000000000
-- Nicat Sultan
Trainee Systemintegration
Lucas Beier Moritz Maus Fusion2go IT GbR +49 2253 - 609 89 47
4info@fusion2go.dehttps://fusion2go.deTriftweg 9, 53902 Bad Münstereifel
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
-- Nicat Sultan
Trainee Systemintegration
Lucas Beier Moritz Maus Fusion2go IT GbR +49 2253 - 609 89 47
4info@fusion2go.dehttps://fusion2go.deTriftweg 9, 53902 Bad Münstereifel
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
