Re: [PacketFence-users] eduroam authentication
Hello Will,
it looks that the authentication fail in the chroot.
What you can try is the following:
chroot /chroots/RadiusAD
wbinfo -u
ntlm_auth --userbane=helpdesk --password=...
And let me know the result.
Regards
Fabrice
Le 2018-05-02 à 03:39, Will Halsall via PacketFence-users a écrit :
Hi Folks
I am still having problems with the eduroam authentication to our AD
domain. I am now getting rejected although the username and password
are correct
Below are the radius logs for the test and was wondering if anyone
could shed some light on my problem
Thanks
Will Halsall
ap: Finished EAP session with state 0xdecad538decdcfad
(7) eap: Previous EAP request found for state 0xdecad538decdcfad,
released from the list
(7) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(7) eap: Calling submodule eap_mschapv2 to process data
(7) eap_mschapv2: # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
(7) eap_mschapv2: Auth-Type MS-CHAP {
(7) packetfence: $RAD_REQUEST{'User-Name'} = :User-Name ->
'helpd...@farn-ct.ac.uk'
(7) packetfence: $RAD_REQUEST{'NAS-IP-Address'} =
:NAS-IP-Address -> '127.0.0.1'
(7) packetfence: $RAD_REQUEST{'Service-Type'} = :Service-Type
-> 'Authenticate-Only'
(7) packetfence: $RAD_REQUEST{'Framed-MTU'} = :Framed-MTU ->
'1400'
(7) packetfence: $RAD_REQUEST{'State'} = :State ->
'0xdecad538decdcfad2cf97d0726a24922'
(7) packetfence: $RAD_REQUEST{'Calling-Station-Id'} =
:Calling-Station-Id -> '02:00:00:00:00:01'
(7) packetfence: $RAD_REQUEST{'NAS-Identifier'} =
:NAS-Identifier -> 'eduroamUK-test'
(7) packetfence: $RAD_REQUEST{'NAS-Port-Type'} =
:NAS-Port-Type -> 'Wireless-802.11'
(7) packetfence: $RAD_REQUEST{'Event-Timestamp'} =
:Event-Timestamp -> 'May 2 2018 00:06:23 BST'
(7) packetfence: $RAD_REQUEST{'Connect-Info'} = :Connect-Info
-> 'eduroam UK test'
(7) packetfence: $RAD_REQUEST{'EAP-Message'} = :EAP-Message ->
'0x020700511a0207004c319f14a65ad77f1546d8aca5f2196626dbff9d32e6c1679c7f27c071374f109360595818fb0202de960068656c706465736b406661726e2d63742e61632e756b'
(7) packetfence: $RAD_REQUEST{'Operator-Name'} =
:Operator-Name -> '1eduroam.uk'
(7) packetfence: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} =
:FreeRADIUS-Proxied-To -> '127.0.0.1'
(7) packetfence: $RAD_REQUEST{'MS-CHAP-Challenge'} =
:MS-CHAP-Challenge -> '0xc7f5b2bc7fe7c7b528641a052426ae7a'
(7) packetfence: $RAD_REQUEST{'MS-CHAP2-Response'} =
:MS-CHAP2-Response ->
'0x07659f14a65ad77f1546d8aca5f2196626dbff9d32e6c1679c7f27c071374f109360595818fb0202de96'
(7) packetfence: $RAD_REQUEST{'EAP-Type'} = :EAP-Type ->
'MSCHAPv2'
(7) packetfence: $RAD_REQUEST{'Realm'} = :Realm -> 'farn-ct.ac.uk'
(7) packetfence: $RAD_REQUEST{'MS-CHAP-User-Name'} =
:MS-CHAP-User-Name -> 'helpd...@farn-ct.ac.uk'
(7) packetfence: $RAD_REQUEST{'PacketFence-Domain'} =
:PacketFence-Domain -> 'RadiusAD'
(7) packetfence: $RAD_CHECK{'Auth-Type'} = :Auth-Type -> 'eap'
(7) packetfence: $RAD_CHECK{'Proxy-To-Realm'} =
:Proxy-To-Realm -> 'LOCAL'
(7) packetfence: $RAD_CHECK{'Tmp-Integer-2'} = :Tmp-Integer-2
-> '0'
(7) packetfence: $RAD_CONFIG{'Auth-Type'} = :Auth-Type -> 'eap'
(7) packetfence: $RAD_CONFIG{'Proxy-To-Realm'} =
:Proxy-To-Realm -> 'LOCAL'
(7) packetfence: $RAD_CONFIG{'Tmp-Integer-2'} = :Tmp-Integer-2
-> '0'
(7) packetfence: :NAS-Port-Type =
$RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11'
(7) packetfence: :Service-Type = $RAD_REQUEST{'Service-Type'}
-> 'Authenticate-Only'
(7) packetfence: :Operator-Name =
$RAD_REQUEST{'Operator-Name'} -> '1eduroam.uk'
(7) packetfence: :State = $RAD_REQUEST{'State'} ->
'0xdecad538decdcfad2cf97d0726a24922'
(7) packetfence: :FreeRADIUS-Proxied-To =
$RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1'
(7) packetfence: :Connect-Info = $RAD_REQUEST{'Connect-Info'}
-> 'eduroam UK test'
(7) packetfence: :Realm = $RAD_REQUEST{'Realm'} -> 'farn-ct.ac.uk'
(7) packetfence: :EAP-Type = $RAD_REQUEST{'EAP-Type'} ->
'MSCHAPv2'
(7) packetfence: :NAS-IP-Address =
$RAD_REQUEST{'NAS-IP-Address'} -> '127.0.0.1'
(7) packetfence: :Calling-Station-Id =
$RAD_REQUEST{'Calling-Station-Id'} -> '02:00:00:00:00:01'
(7) packetfence: :MS-CHAP-User-Name =
$RAD_REQUEST{'MS-CHAP-User-Name'} -> 'helpd...@farn-ct.ac.uk'
(7) packetfence: :MS-CHAP-Challenge =
$RAD_REQUEST{'MS-CHAP-Challenge'} -> '0xc7f5b2bc7fe7c7b528641a052426ae7a'
(7) packetfence: :PacketFence-Domain =
$RAD_REQUEST{'PacketFence-Domain'} -> 'RadiusAD'
(7) packetfence: :User-Name = $RAD_REQUEST{'User-Name'} ->
'helpd...@farn-ct.ac.uk'
(7) packetfence: :NAS-Identifier =
$RAD_REQUEST{'NAS-Identifier'} -> 'eduroamUK-test'
(7) packetfence: :Event-Timestamp =
$RAD_REQUEST{'Event-Timestamp'} -> 'May 2 2018 00:06:23 BST'
(7) packetfence: :EAP-Message = $RAD_REQUEST{'EAP-Message'} ->
[PacketFence-users] eduroam authentication
Hi Folks
I am still having problems with the eduroam authentication to our AD domain. I
am now getting rejected although the username and password are correct
Below are the radius logs for the test and was wondering if anyone could shed
some light on my problem
Thanks
Will Halsall
ap: Finished EAP session with state 0xdecad538decdcfad
(7) eap: Previous EAP request found for state 0xdecad538decdcfad, released from
the list
(7) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(7) eap: Calling submodule eap_mschapv2 to process data
(7) eap_mschapv2: # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
(7) eap_mschapv2: Auth-Type MS-CHAP {
(7) packetfence: $RAD_REQUEST{'User-Name'} = :User-Name ->
'helpd...@farn-ct.ac.uk'
(7) packetfence: $RAD_REQUEST{'NAS-IP-Address'} = :NAS-IP-Address ->
'127.0.0.1'
(7) packetfence: $RAD_REQUEST{'Service-Type'} = :Service-Type ->
'Authenticate-Only'
(7) packetfence: $RAD_REQUEST{'Framed-MTU'} = :Framed-MTU -> '1400'
(7) packetfence: $RAD_REQUEST{'State'} = :State ->
'0xdecad538decdcfad2cf97d0726a24922'
(7) packetfence: $RAD_REQUEST{'Calling-Station-Id'} =
:Calling-Station-Id -> '02:00:00:00:00:01'
(7) packetfence: $RAD_REQUEST{'NAS-Identifier'} = :NAS-Identifier ->
'eduroamUK-test'
(7) packetfence: $RAD_REQUEST{'NAS-Port-Type'} = :NAS-Port-Type ->
'Wireless-802.11'
(7) packetfence: $RAD_REQUEST{'Event-Timestamp'} = :Event-Timestamp
-> 'May 2 2018 00:06:23 BST'
(7) packetfence: $RAD_REQUEST{'Connect-Info'} = :Connect-Info ->
'eduroam UK test'
(7) packetfence: $RAD_REQUEST{'EAP-Message'} = :EAP-Message ->
'0x020700511a0207004c319f14a65ad77f1546d8aca5f2196626dbff9d32e6c1679c7f27c071374f109360595818fb0202de960068656c706465736b406661726e2d63742e61632e756b'
(7) packetfence: $RAD_REQUEST{'Operator-Name'} = :Operator-Name ->
'1eduroam.uk'
(7) packetfence: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} =
:FreeRADIUS-Proxied-To -> '127.0.0.1'
(7) packetfence: $RAD_REQUEST{'MS-CHAP-Challenge'} =
:MS-CHAP-Challenge -> '0xc7f5b2bc7fe7c7b528641a052426ae7a'
(7) packetfence: $RAD_REQUEST{'MS-CHAP2-Response'} =
:MS-CHAP2-Response ->
'0x07659f14a65ad77f1546d8aca5f2196626dbff9d32e6c1679c7f27c071374f109360595818fb0202de96'
(7) packetfence: $RAD_REQUEST{'EAP-Type'} = :EAP-Type -> 'MSCHAPv2'
(7) packetfence: $RAD_REQUEST{'Realm'} = :Realm -> 'farn-ct.ac.uk'
(7) packetfence: $RAD_REQUEST{'MS-CHAP-User-Name'} =
:MS-CHAP-User-Name -> 'helpd...@farn-ct.ac.uk'
(7) packetfence: $RAD_REQUEST{'PacketFence-Domain'} =
:PacketFence-Domain -> 'RadiusAD'
(7) packetfence: $RAD_CHECK{'Auth-Type'} = :Auth-Type -> 'eap'
(7) packetfence: $RAD_CHECK{'Proxy-To-Realm'} = :Proxy-To-Realm ->
'LOCAL'
(7) packetfence: $RAD_CHECK{'Tmp-Integer-2'} = :Tmp-Integer-2 -> '0'
(7) packetfence: $RAD_CONFIG{'Auth-Type'} = :Auth-Type -> 'eap'
(7) packetfence: $RAD_CONFIG{'Proxy-To-Realm'} = :Proxy-To-Realm ->
'LOCAL'
(7) packetfence: $RAD_CONFIG{'Tmp-Integer-2'} = :Tmp-Integer-2 -> '0'
(7) packetfence: :NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} ->
'Wireless-802.11'
(7) packetfence: :Service-Type = $RAD_REQUEST{'Service-Type'} ->
'Authenticate-Only'
(7) packetfence: :Operator-Name = $RAD_REQUEST{'Operator-Name'} ->
'1eduroam.uk'
(7) packetfence: :State = $RAD_REQUEST{'State'} ->
'0xdecad538decdcfad2cf97d0726a24922'
(7) packetfence: :FreeRADIUS-Proxied-To =
$RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1'
(7) packetfence: :Connect-Info = $RAD_REQUEST{'Connect-Info'} ->
'eduroam UK test'
(7) packetfence: :Realm = $RAD_REQUEST{'Realm'} -> 'farn-ct.ac.uk'
(7) packetfence: :EAP-Type = $RAD_REQUEST{'EAP-Type'} -> 'MSCHAPv2'
(7) packetfence: :NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} ->
'127.0.0.1'
(7) packetfence: :Calling-Station-Id =
$RAD_REQUEST{'Calling-Station-Id'} -> '02:00:00:00:00:01'
(7) packetfence: :MS-CHAP-User-Name = $RAD_REQUEST{'MS-CHAP-User-Name'}
-> 'helpd...@farn-ct.ac.uk'
(7) packetfence: :MS-CHAP-Challenge = $RAD_REQUEST{'MS-CHAP-Challenge'}
-> '0xc7f5b2bc7fe7c7b528641a052426ae7a'
(7) packetfence: :PacketFence-Domain =
$RAD_REQUEST{'PacketFence-Domain'} -> 'RadiusAD'
(7) packetfence: :User-Name = $RAD_REQUEST{'User-Name'} ->
'helpd...@farn-ct.ac.uk'
(7) packetfence: :NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} ->
'eduroamUK-test'
(7) packetfence: :Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} ->
'May 2 2018 00:06:23 BST'
(7) packetfence: :EAP-Message = $RAD_REQUEST{'EAP-Message'} ->
'0x020700511a0207004c319f14a65ad77f1546d8aca5f2196626dbff9d32e6c1679c7f27c071374f109360595818fb0202de960068656c706465736b406661726e2d63742e61632e756b'
(7) packetfence: :MS-CHAP2-Response = $RAD_REQUEST{'MS-CHAP2-Response'}
->
'0x07659f14a65ad77f1546d8aca5f2196626dbff9d32e6c1679c7f27c071374f109360595818fb0202de96'
(7) packetfence: :Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400'
(7) packetfence: :Auth-Type = $RAD_CHECK{'Auth-Type'} ->
