subject:"\[PacketFence\-users\] 802.1x EAP\-TTLS PAP with Azure AD not working"

Re: [PacketFence-users] 802.1x EAP-TTLS PAP with Azure AD not working

2022-04-11 Thread Uda Irvan via PacketFence-users

Hi,

Thanks for the respon. First, I apologize for masking the domain name using
domain.edu. From now on I'll use the real domain name.
I run the eapol_test again, open the /us/local/pf/logs/packetfence.log and
/usr/local/pf/logs/radius.log.
Here's what I got.

/usr/local/pf/logs/packetfence.log:

Apr 11 10:06:29 packetfence packetfence[483956]: pfperl-api(432247) INFO:
Using 300 resolution threshold (pf::pfcron::task::cluster_check::run)
Apr 11 10:06:29 packetfence packetfence[483956]: pfperl-api(432247) INFO:
All cluster members are running the same configuration version
(pf::pfcron::task::cluster_check::run)
Apr 11 10:06:29 packetfence packetfence[483957]: pfperl-api(432247) INFO:
getting security_events triggers for accounting cleanup
(pf::accounting::acct_maintenance)
Apr 11 10:06:29 packetfence packetfence[483960]: pfperl-api(405077) INFO:
processed 0 security_events during security_event maintenance
(1649646389.11398 1649646389.12184)
 (pf::security_event::security_event_maintenance)
Apr 11 10:06:29 packetfence packetfence[483960]: pfperl-api(405077) INFO:
processed 0 security_events during security_event maintenance
(1649646389.12392 1649646389.12672)
 (pf::security_event::security_event_maintenance)
Apr 11 10:07:29 packetfence packetfence[484024]: pfperl-api(432247) INFO:
processed 0 security_events during security_event maintenance
(1649646449.0738 1649646449.08153)
 (pf::security_event::security_event_maintenance)
Apr 11 10:07:29 packetfence packetfence[484024]: pfperl-api(432247) INFO:
processed 0 security_events during security_event maintenance
(1649646449.08332 1649646449.0853)
 (pf::security_event::security_event_maintenance)
Apr 11 10:07:29 packetfence packetfence[484025]: pfperl-api(403770) INFO:
Using 300 resolution threshold (pf::pfcron::task::cluster_check::run)
Apr 11 10:07:29 packetfence packetfence[484025]: pfperl-api(403770) INFO:
All cluster members are running the same configuration version
(pf::pfcron::task::cluster_check::run)
Apr 11 10:07:29 packetfence packetfence[484026]: pfperl-api(414007) INFO:
getting security_events triggers for accounting cleanup
(pf::accounting::acct_maintenance)
Apr 11 10:08:29 packetfence packetfence[484109]: pfperl-api(403770) INFO:
getting security_events triggers for accounting cleanup
(pf::accounting::acct_maintenance)
Apr 11 10:08:29 packetfence packetfence[484108]: pfperl-api(405077) INFO:
Using 300 resolution threshold (pf::pfcron::task::cluster_check::run)
Apr 11 10:08:29 packetfence packetfence[484108]: pfperl-api(405077) INFO:
All cluster members are running the same configuration version
(pf::pfcron::task::cluster_check::run)
Apr 11 10:08:29 packetfence packetfence[484111]: pfperl-api(405077) INFO:
processed 0 security_events during security_event maintenance
(1649646509.10386 1649646509.11199)
 (pf::security_event::security_event_maintenance)
Apr 11 10:08:29 packetfence packetfence[484111]: pfperl-api(405077) INFO:
processed 0 security_events during security_event maintenance
(1649646509.11402 1649646509.1159)
 (pf::security_event::security_event_maintenance)


/usr/local/pf/logs/radius.log :

Apr 11 10:04:45 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu):
sync
Apr 11 10:05:07 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu):
died, sleeping for 100 seconds
Apr 11 10:06:47 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu):
sync
Apr 11 10:07:08 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu):
died, sleeping for 100 seconds
Apr 11 10:07:56 packetfence auth[33321]: (46117) Ignoring duplicate packet
from client pf port 57731 - ID: 6 due to unfinished request in component
authenticate module eap_ttls
Apr 11 10:08:02 packetfence auth[33321]: (46117) Ignoring duplicate packet
from client pf port 57731 - ID: 6 due to unfinished request in component
authenticate module eap_ttls
Apr 11 10:08:04 packetfence auth[33321]: Unresponsive child for request
46117, in component authenticate module eap_ttls
Apr 11 10:08:14 packetfence auth[33321]: (46119) eap: ERROR: rlm_eap (EAP):
No EAP session matching state 0x04996e9c01657bf4
Apr 11 10:08:14 packetfence auth[33321]: (46119) eap: ERROR: rlm_eap (EAP):
No EAP session matching state 0x04996e9c01657bf4
Apr 11 10:08:14 packetfence auth[33321]: [mac:02:00:00:00:00:01] Rejected
user: testing.netw...@binus.edu
Apr 11 10:08:14 packetfence auth[33321]: (46119) Login incorrect (eap:
rlm_eap (EAP): No EAP session matching state 0x04996e9c01657bf4): [
testing.netw...@binus.edu] (from client pf port 0 cli 02:00:00:00:00:01)
Apr 11 10:08:48 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu):
sync
Apr 11 10:09:08 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu):
died, sleeping for 100 seconds

Any help would be appreciated


Regards,
Irvan.


On Sat, Apr 9, 2022 at 3:19 AM Zammit, Ludovic  wrote:

> Hello there,
>
> The reject in post auth means that it’s PF that rejects you.
>
> Check into the /usr/local/pf/logs/packetfence.log to see the exact

Re: [PacketFence-users] 802.1x EAP-TTLS PAP with Azure AD not working

2022-04-08 Thread Zammit, Ludovic via PacketFence-users

Hello there,

The reject in post auth means that it’s PF that rejects you.

Check into the /usr/local/pf/logs/packetfence.log to see the exact error.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 2, 2022, at 4:31 AM, z3r0byt3 via PacketFence-users 
>  wrote:
> 
> Hi all,
> 
> I tried to setup 802.1x  with Azure AD using this guide 
> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_azure_ad_integration
>  
> 
> I did user authentication test using  /usr/local/pf/bin/pftest. The auth test 
> succeeded.
> 
> But when I tried to test using eapol_test using this config file
> network={
> ssid="Test"
> key_mgmt=WPA-EAP
> eap=TTLS
> identity="testing.netw...@domain.edu 
> "
> anonymous_identity="anonymous"
> password="hLVrK8bWt6QseUfF"
> phase2="auth=PAP"
> #
> #  Uncomment the following to perform server certificate
> #  validation.
> #   ca_cert="/etc/raddb/certs/ca.der"
> }
> 
> eapol_test -c ttls-pap.conf -s MTg3ODIzNTc2MGM0MTg3Mzc4MmYzZjhj -A 
> 172.30.172.87 -a 172.30.172.87
> 
> It failed.
> 
> The radius log output is like this
> 
> EAP-Type = TTLS
> PacketFence-NTLMv2-Only = ""
> Service-Type = Framed-User
> PacketFence-KeyBalanced = "7b5e66fcfb47d73ddafbadd1eb0ddb70"
> NAS-Port-Type = Wireless-802.11
> Connect-Info = "CONNECT 11Mbps 802.11b"
> User-Name = "testing.netw...@domain.edu "
> PacketFence-Outer-User = "anonymous"
> PacketFence-Radius-Ip = "172.30.172.87"
> Calling-Station-Id = "02:00:00:00:00:01"
> FreeRADIUS-Proxied-To = 127.0.0.1
> Framed-MTU = 1400
> NAS-IP-Address = 127.0.0.1
> Event-Timestamp = "Apr  2 2022 08:28:17 UTC"
> Realm = "domain.edu 
> "
> User-Password = "**"
> Stripped-User-Name = "testing.network"
> Module-Failure-Message = "No Auth-Type found: rejecting the user via 
> Post-Auth-Type = Reject" 
> SQL-User-Name = "testing.netw...@domain.edu 
> " 
> 
> Any idea what did I miss?
> 
> Regards,
> Irvan
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!F8kp8NqJgkQN7_IOHHkpwk5HPOPBNwBFZ6V2ny1F3nYVjp9CAcv6AHbNm_Zwwepq$
>  



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] 802.1x EAP-TTLS PAP with Azure AD not working

2022-04-08 Thread z3r0byt3 via PacketFence-users

Hi all,

I tried to setup 802.1x  with Azure AD using this guide
https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_azure_ad_integration
I did user authentication test using  /usr/local/pf/bin/pftest. The auth
test succeeded.

But when I tried to test using eapol_test using this config file
network={
ssid="Test"
key_mgmt=WPA-EAP
eap=TTLS
identity="testing.netw...@domain.edu"
anonymous_identity="anonymous"
password="hLVrK8bWt6QseUfF"
phase2="auth=PAP"
#
#  Uncomment the following to perform server certificate
#  validation.
#   ca_cert="/etc/raddb/certs/ca.der"
}

eapol_test -c ttls-pap.conf -s MTg3ODIzNTc2MGM0MTg3Mzc4MmYzZjhj -A
172.30.172.87 -a 172.30.172.87

It failed.

The radius log output is like this

EAP-Type = TTLS PacketFence-NTLMv2-Only = "" Service-Type = Framed-User
PacketFence-KeyBalanced = "7b5e66fcfb47d73ddafbadd1eb0ddb70" NAS-Port-Type
= Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" User-Name = "
testing.netw...@domain.edu" PacketFence-Outer-User = "anonymous"
PacketFence-Radius-Ip = "172.30.172.87" Calling-Station-Id =
"02:00:00:00:00:01" FreeRADIUS-Proxied-To = 127.0.0.1 Framed-MTU = 1400
NAS-IP-Address = 127.0.0.1 Event-Timestamp = "Apr 2 2022 08:28:17 UTC"
Realm = "domain.edu" User-Password = "**" Stripped-User-Name =
"testing.network" Module-Failure-Message = "No Auth-Type found: rejecting
the user via Post-Auth-Type = Reject"
SQL-User-Name = "testing.netw...@domain.edu"

Any idea what did I miss?

Regards,
Irvan
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.1x EAP-TTLS PAP with Azure AD not working

Re: [PacketFence-users] 802.1x EAP-TTLS PAP with Azure AD not working

[PacketFence-users] 802.1x EAP-TTLS PAP with Azure AD not working

3 matches

Site Navigation

Mail list logo

Footer information