thank you very much! I achieved what was described by changing the base config. i Get* [mschap] = ok. * But I am now getting a different error! Could you see the file attachment?
(0) mschap: Found NT-Password (0) mschap: Client is using MS-CHAPv1 with NT-Password (0) mschap: adding MS-CHAPv1 MPPE keys *(0) [mschap] = ok* *......* (0) rest: Expanding URI components (0) rest: EXPAND http://containers-gateway.internal:7070 (0) rest: --> http://containers-gateway.internal:7070 (0) rest: EXPAND //radius/rest/authorize (0) rest: --> //radius/rest/authorize (0) rest: Sending HTTP POST to " http://containers-gateway.internal:7070//radius/rest/authorize"; (0) rest: Encoding attribute "User-Name" (0) rest: Encoding attribute "NAS-IP-Address" (0) rest: Encoding attribute "NAS-Port" (0) rest: Encoding attribute "Event-Timestamp" (0) rest: Encoding attribute "Message-Authenticator" (0) rest: Encoding attribute "MS-CHAP-Response" (0) rest: Encoding attribute "MS-CHAP-Challenge" (0) rest: Encoding attribute "Stripped-User-Name" (0) rest: Encoding attribute "Realm" (0) rest: Encoding attribute "Module-Failure-Message" (0) rest: Encoding attribute "FreeRADIUS-Client-IP-Address" (0) rest: Encoding attribute "PacketFence-UserNameAttribute" (0) rest: Encoding attribute "PacketFence-KeyBalanced" (0) rest: Encoding attribute "PacketFence-Radius-Ip" (0) rest: Encoding attribute "PacketFence-NTLMv2-Only" (0) rest: Processing response header *(0) rest: Status : 401 (Unauthorized)(0) rest: Type : json (application/json)(0) rest: Adding reply:REST-HTTP-Status-Code = "401"(0) rest: ERROR: Server returned:(0) rest: ERROR: {"control:PacketFence-Authorization-Status":"allow"}* rlm_rest (rest): Released connection (0) *......* пн, 31 окт. 2022 г. в 22:37, Fabrice Durand <oeufd...@gmail.com>: > Hello Alexander, > > the difference is on the default radius config, it calls the ldap module > in the authorize section. > > You can follow this logic in > https://github.com/inverse-inc/packetfence/tree/devel/addons/nthash_AD_attribute > (it´s based on freeradius 2 but the logic is there) > > ``` > > authorize { > > .... > suffix > ntdomain > .... > ldap > if (ok) { > update control { > MS-CHAP-Use-NTLM-Auth := No > } > } > > ``` > > Regards > > Fabrice > > > Le lun. 31 oct. 2022 à 13:25, Alexander via PacketFence-users < > packetfence-users@lists.sourceforge.net> a écrit : > >> Hello friends! I need help >> >> i am testing *local installed freeradius* configuration to work with >> freeipa (ldap) on nthash via mschap-v2 >> >> what did i do for this: >> >> 1) yum install freeradius-ldap >> 2) ln -s /etc/raddb/mods-available/ldap /etc/raddb/mods-enabled/ldap >> 3) change /etc/raddb/mods-available/ldap >> >> server = ''server.dmosk.local" >> identity = 'uid=services,cn=users,cn=accounts,dc=test,dc=com' >> password = my_password >> base_dn = 'cn=users,cn=accounts,dc=test,dc=com' >> update { >> ... >> control:NT-Password := 'ipaNTHash' >> ... >> 4)change /etc/raddb/mods-available/eap >> ... >> default_eap_type = mschapv2 >> ... >> 5) reload freeradius >> 6) TESTING: >> radtest -t mschap ldap_user test12345 localhost:1812 0 testing123 >> >> and get Received *Access-ACCEPT* >> >> *Question:* >> Can anyone tell me how to set up this configuration on packetfence? >> I tried to do this, but it didn't work for me: >> 1. Create authentication source - LDAP - define server, identity, >> password, base_dn, Username Attribute. And checked through the test button >> 2. add update control:NT-Password := 'ipaNTHash' to file >> /usr/local/pf/raddb/mods-enabled/ldap_packetfence >> 3. change default_eap_type = mschapv2 >> in /usr/local/pf/raddb/mods-enabled/eap >> 4. add to Standard Connection Profile sources ldap >> 5. tried adding default and null in tab stripping to Realms - ldap source >> 6. TESTING: >> radtest -t mschap ldap_user test12345 localhost:1812 0 testing123 >> and get: >> >> Received Access-Reject Id 247 from 127.0.0.1:1812 to 127.0.0.1:56955 >> length 61 >> MS-CHAP-Error = "\000E=691 R=0 C=1cef2a7d250330ff V=2" >> (0) -: Expected Access-Accept got Access-Reject >> >> I do not understand what the problem is. I also attached the logs of >> freeradius running in debug mode(/usr/sbin/freeradius -d >> /usr/local/pf/raddb -n auth -fxx -l stdout). See attachment. Pleae help me >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >
logs.rtf
Description: RTF file
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
