Re: [PacketFence-users] eduroam authentication
Hello Will, it looks that the authentication fail in the chroot. What you can try is the following: chroot /chroots/RadiusAD wbinfo -u ntlm_auth --userbane=helpdesk --password=... And let me know the result. Regards Fabrice Le 2018-05-02 à 03:39, Will Halsall via PacketFence-users a écrit : Hi Folks I am still having problems with the eduroam authentication to our AD domain. I am now getting rejected although the username and password are correct Below are the radius logs for the test and was wondering if anyone could shed some light on my problem Thanks Will Halsall ap: Finished EAP session with state 0xdecad538decdcfad (7) eap: Previous EAP request found for state 0xdecad538decdcfad, released from the list (7) eap: Peer sent packet with method EAP MSCHAPv2 (26) (7) eap: Calling submodule eap_mschapv2 to process data (7) eap_mschapv2: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel (7) eap_mschapv2: Auth-Type MS-CHAP { (7) packetfence: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'helpd...@farn-ct.ac.uk' (7) packetfence: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '127.0.0.1' (7) packetfence: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Authenticate-Only' (7) packetfence: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (7) packetfence: $RAD_REQUEST{'State'} = &request:State -> '0xdecad538decdcfad2cf97d0726a24922' (7) packetfence: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '02:00:00:00:00:01' (7) packetfence: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'eduroamUK-test' (7) packetfence: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (7) packetfence: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'May 2 2018 00:06:23 BST' (7) packetfence: $RAD_REQUEST{'Connect-Info'} = &request:Connect-Info -> 'eduroam UK test' (7) packetfence: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020700511a0207004c319f14a65ad77f1546d8aca5f2196626dbff9d32e6c1679c7f27c071374f109360595818fb0202de960068656c706465736b406661726e2d63742e61632e756b' (7) packetfence: $RAD_REQUEST{'Operator-Name'} = &request:Operator-Name -> '1eduroam.uk' (7) packetfence: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1' (7) packetfence: $RAD_REQUEST{'MS-CHAP-Challenge'} = &request:MS-CHAP-Challenge -> '0xc7f5b2bc7fe7c7b528641a052426ae7a' (7) packetfence: $RAD_REQUEST{'MS-CHAP2-Response'} = &request:MS-CHAP2-Response -> '0x07659f14a65ad77f1546d8aca5f2196626dbff9d32e6c1679c7f27c071374f109360595818fb0202de96' (7) packetfence: $RAD_REQUEST{'EAP-Type'} = &request:EAP-Type -> 'MSCHAPv2' (7) packetfence: $RAD_REQUEST{'Realm'} = &request:Realm -> 'farn-ct.ac.uk' (7) packetfence: $RAD_REQUEST{'MS-CHAP-User-Name'} = &request:MS-CHAP-User-Name -> 'helpd...@farn-ct.ac.uk' (7) packetfence: $RAD_REQUEST{'PacketFence-Domain'} = &request:PacketFence-Domain -> 'RadiusAD' (7) packetfence: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'eap' (7) packetfence: $RAD_CHECK{'Proxy-To-Realm'} = &control:Proxy-To-Realm -> 'LOCAL' (7) packetfence: $RAD_CHECK{'Tmp-Integer-2'} = &control:Tmp-Integer-2 -> '0' (7) packetfence: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'eap' (7) packetfence: $RAD_CONFIG{'Proxy-To-Realm'} = &control:Proxy-To-Realm -> 'LOCAL' (7) packetfence: $RAD_CONFIG{'Tmp-Integer-2'} = &control:Tmp-Integer-2 -> '0' (7) packetfence: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (7) packetfence: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Authenticate-Only' (7) packetfence: &request:Operator-Name = $RAD_REQUEST{'Operator-Name'} -> '1eduroam.uk' (7) packetfence: &request:State = $RAD_REQUEST{'State'} -> '0xdecad538decdcfad2cf97d0726a24922' (7) packetfence: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1' (7) packetfence: &request:Connect-Info = $RAD_REQUEST{'Connect-Info'} -> 'eduroam UK test' (7) packetfence: &request:Realm = $RAD_REQUEST{'Realm'} -> 'farn-ct.ac.uk' (7) packetfence: &request:EAP-Type = $RAD_REQUEST{'EAP-Type'} -> 'MSCHAPv2' (7) packetfence: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '127.0.0.1' (7) packetfence: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '02:00:00:00:00:01' (7) packetfence: &request:MS-CHAP-User-Name = $RAD_REQUEST{'MS-CHAP-User-Name'} -> 'helpd...@farn-ct.ac.uk' (7) packetfence: &request:MS-CHAP-Challenge = $RAD_REQUEST{'MS-CHAP-Challenge'} -> '0xc7f5b2bc7fe7c7b528641a052426ae7a' (7) packetfence: &request:PacketFence-Domain = $RAD_REQUEST{'PacketFence-Domain'} -> 'RadiusAD' (7) packetfence: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'helpd...@farn-ct.ac.uk' (7) packetfence: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identif
[PacketFence-users] eduroam authentication
Hi Folks I am still having problems with the eduroam authentication to our AD domain. I am now getting rejected although the username and password are correct Below are the radius logs for the test and was wondering if anyone could shed some light on my problem Thanks Will Halsall ap: Finished EAP session with state 0xdecad538decdcfad (7) eap: Previous EAP request found for state 0xdecad538decdcfad, released from the list (7) eap: Peer sent packet with method EAP MSCHAPv2 (26) (7) eap: Calling submodule eap_mschapv2 to process data (7) eap_mschapv2: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel (7) eap_mschapv2: Auth-Type MS-CHAP { (7) packetfence: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'helpd...@farn-ct.ac.uk' (7) packetfence: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '127.0.0.1' (7) packetfence: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Authenticate-Only' (7) packetfence: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (7) packetfence: $RAD_REQUEST{'State'} = &request:State -> '0xdecad538decdcfad2cf97d0726a24922' (7) packetfence: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '02:00:00:00:00:01' (7) packetfence: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'eduroamUK-test' (7) packetfence: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (7) packetfence: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'May 2 2018 00:06:23 BST' (7) packetfence: $RAD_REQUEST{'Connect-Info'} = &request:Connect-Info -> 'eduroam UK test' (7) packetfence: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020700511a0207004c319f14a65ad77f1546d8aca5f2196626dbff9d32e6c1679c7f27c071374f109360595818fb0202de960068656c706465736b406661726e2d63742e61632e756b' (7) packetfence: $RAD_REQUEST{'Operator-Name'} = &request:Operator-Name -> '1eduroam.uk' (7) packetfence: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1' (7) packetfence: $RAD_REQUEST{'MS-CHAP-Challenge'} = &request:MS-CHAP-Challenge -> '0xc7f5b2bc7fe7c7b528641a052426ae7a' (7) packetfence: $RAD_REQUEST{'MS-CHAP2-Response'} = &request:MS-CHAP2-Response -> '0x07659f14a65ad77f1546d8aca5f2196626dbff9d32e6c1679c7f27c071374f109360595818fb0202de96' (7) packetfence: $RAD_REQUEST{'EAP-Type'} = &request:EAP-Type -> 'MSCHAPv2' (7) packetfence: $RAD_REQUEST{'Realm'} = &request:Realm -> 'farn-ct.ac.uk' (7) packetfence: $RAD_REQUEST{'MS-CHAP-User-Name'} = &request:MS-CHAP-User-Name -> 'helpd...@farn-ct.ac.uk' (7) packetfence: $RAD_REQUEST{'PacketFence-Domain'} = &request:PacketFence-Domain -> 'RadiusAD' (7) packetfence: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'eap' (7) packetfence: $RAD_CHECK{'Proxy-To-Realm'} = &control:Proxy-To-Realm -> 'LOCAL' (7) packetfence: $RAD_CHECK{'Tmp-Integer-2'} = &control:Tmp-Integer-2 -> '0' (7) packetfence: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'eap' (7) packetfence: $RAD_CONFIG{'Proxy-To-Realm'} = &control:Proxy-To-Realm -> 'LOCAL' (7) packetfence: $RAD_CONFIG{'Tmp-Integer-2'} = &control:Tmp-Integer-2 -> '0' (7) packetfence: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (7) packetfence: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Authenticate-Only' (7) packetfence: &request:Operator-Name = $RAD_REQUEST{'Operator-Name'} -> '1eduroam.uk' (7) packetfence: &request:State = $RAD_REQUEST{'State'} -> '0xdecad538decdcfad2cf97d0726a24922' (7) packetfence: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1' (7) packetfence: &request:Connect-Info = $RAD_REQUEST{'Connect-Info'} -> 'eduroam UK test' (7) packetfence: &request:Realm = $RAD_REQUEST{'Realm'} -> 'farn-ct.ac.uk' (7) packetfence: &request:EAP-Type = $RAD_REQUEST{'EAP-Type'} -> 'MSCHAPv2' (7) packetfence: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '127.0.0.1' (7) packetfence: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '02:00:00:00:00:01' (7) packetfence: &request:MS-CHAP-User-Name = $RAD_REQUEST{'MS-CHAP-User-Name'} -> 'helpd...@farn-ct.ac.uk' (7) packetfence: &request:MS-CHAP-Challenge = $RAD_REQUEST{'MS-CHAP-Challenge'} -> '0xc7f5b2bc7fe7c7b528641a052426ae7a' (7) packetfence: &request:PacketFence-Domain = $RAD_REQUEST{'PacketFence-Domain'} -> 'RadiusAD' (7) packetfence: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'helpd...@farn-ct.ac.uk' (7) packetfence: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'eduroamUK-test' (7) packetfence: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'May 2 2018 00:06:23 BST' (7) packetfence: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020700511a0207004c319f14a65ad77f1546d8aca5f2196626dbff9d32e6c1679c7f27c071374f109360595818fb0202de960068656c706465736b4