[PacketFence-users] 802.1x EAP-TTLS PAP with Azure AD not working
Hi all,
I tried to setup 802.1x with Azure AD using this guide
https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_azure_ad_integration
I did user authentication test using /usr/local/pf/bin/pftest. The auth
test succeeded.
But when I tried to test using eapol_test using this config file
network={
ssid="Test"
key_mgmt=WPA-EAP
eap=TTLS
identity="testing.netw...@domain.edu"
anonymous_identity="anonymous"
password="hLVrK8bWt6QseUfF"
phase2="auth=PAP"
#
# Uncomment the following to perform server certificate
# validation.
# ca_cert="/etc/raddb/certs/ca.der"
}
eapol_test -c ttls-pap.conf -s MTg3ODIzNTc2MGM0MTg3Mzc4MmYzZjhj -A
172.30.172.87 -a 172.30.172.87
It failed.
The radius log output is like this
EAP-Type = TTLS PacketFence-NTLMv2-Only = "" Service-Type = Framed-User
PacketFence-KeyBalanced = "7b5e66fcfb47d73ddafbadd1eb0ddb70" NAS-Port-Type
= Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" User-Name = "
testing.netw...@domain.edu" PacketFence-Outer-User = "anonymous"
PacketFence-Radius-Ip = "172.30.172.87" Calling-Station-Id =
"02:00:00:00:00:01" FreeRADIUS-Proxied-To = 127.0.0.1 Framed-MTU = 1400
NAS-IP-Address = 127.0.0.1 Event-Timestamp = "Apr 2 2022 08:28:17 UTC"
Realm = "domain.edu" User-Password = "**" Stripped-User-Name =
"testing.network" Module-Failure-Message = "No Auth-Type found: rejecting
the user via Post-Auth-Type = Reject"
SQL-User-Name = "testing.netw...@domain.edu"
Any idea what did I miss?
Regards,
Irvan
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Azure AD user group in the authentication source
Hello Ludovic, I have Azure AD only. Regards, Irvan On Fri, Nov 12, 2021, 20:52 Zammit, Ludovic wrote: > Hello Irvan, > > Do you have Azure AD only or it’s synced from a Active Directory ? > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Nov 10, 2021, at 8:15 PM, z3r0byt3 via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > Hello, > > I have a similar question from the previous thread. But in my condition I > use Azure AD. > What is the correct way to create a condition in the authentication source > based on Azure AD to verify the user specific group membership? > In traditional AD I used memberOf equals "full DN of Group" > What should I use for Azure AD? > > > Regards, > Irvan > > -- > Software is just like parachute, > it doesn't work if it is not open.. > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!ED9oCQaSfU6Bbnw-zvDpqlwSNLusJ7bS8eB-RHUiduNFoNkqECN1Cm2zXuBuvfTK$ > > > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Azure AD user group in the authentication source
Hello, I have a similar question from the previous thread. But in my condition I use Azure AD. What is the correct way to create a condition in the authentication source based on Azure AD to verify the user specific group membership? In traditional AD I used memberOf equals "full DN of Group" What should I use for Azure AD? Regards, Irvan -- Software is just like parachute, it doesn't work if it is not open.. ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
