Hello Ludovic, I suspect it has to do with the message-authenticator. Windows RADIUS sends the message-authenticator attribute in the access-accept packet, which means that packetfence can no longer properly evaluate the response.
How do I have to configure packetfence so that it can handle message-authenticator? best regards mit besten Grüßen Ronald Zestermann -----Ursprüngliche Nachricht----- Von: Zammit, Ludovic <luza...@akamai.com> Gesendet: Mittwoch, 16. Oktober 2024 23:03 An: PacketFence-users <packetfence-users@lists.sourceforge.net> Cc: Zestermann, Ronald <ronald.zesterm...@landratsamt-pirna.de> Betreff: Re: [PacketFence-users] CaptivePortal - Unable to validate credentials at the moment SecureMail Gateway des Freistaates Sachsen Informationen zum Status dieser E-Mail: - Die ganze Nachricht wurde unterschrieben von "luzammi" <luza...@akamai.com> AkamaiClientCA Digitale Unterschrift nicht prüfbar - Nachrichteninhalt unverfälscht - Zertifikat nicht prüfbar Hello Ronald, Check the LDAP bind account provided, it probably have rights issue. Thanks, Ludovic Zammit Product Support Engineer Principal Lead <https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x45.png> Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> On Oct 9, 2024, at 1:46 AM, Zestermann, Ronald via PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: !-------------------------------------------------------------------| This Message Is From an External Sender This message came from outside your organization. |-------------------------------------------------------------------! Hi community, we use PackageFence version 11 and authenticate to the CaptivePortal against RADIUS on a Windows Server 2016 (AD). Everything worked fine and we have not made any changes. Since about 1 week the login to the Captive Portal is no longer possible. After logging in, the user gets this message: "Unable to validate credentials at the moment" On the RADUIS server, the login attempt appears in the log and is also approved there. I have analyzed the network traffic with Wireshark and everything works fine: 18 23.041211 1xx.xxx.xxx.2 1xx.xxx.xxx.13 RADIUS 98 Access-Request id=157 19 23.047808 1xx.xxx.xxx.13 1xx.xxx.xxx.2 RADIUS 162 Access-Accept id=157 At the PacketFence I used /usr/local/pf/bin/pftest authentication KNOWN_USER KNOWN_PASS and the correct authentication source is also resolved, but the same error message appears: Authenticating against 'RADIUS_PIR-DC01' in context 'portal' Authentication FAILED against RADIUS_PIR-DC01 (Unable to validate credentials at the moment) <--- same error as on WebUI Matched against RADIUS_PIR-DC01 for 'authentication' rule Default_Settings set_role : default set_access_duration : 12h Did not match against RADIUS_PIR-DC01 for 'administration' rules How can I solve the problem or better narrow it down? Does anyone have a good idea? best regards mit besten Grüßen Ronald Zestermann _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!UMIrcjZpYdWPa73w33xQH1JRSBg_aSxXAAAAxKwAalNoEyLl0yYc4btOCjd7SH0BFrjdBSGJ1JjafRgmH953nPhbHqLI2OOFjNkADg$ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
