Hi all,
Since yesterday my PF server has stopped authenticating users. The only things
that I can think may be related are:
- A week or so back I added a new DNS server into the PF development
network, and changed all the relevant entries that I could think of in the PF
config. This morning was possibly the first time the PF server had rebooted
since this new DNS server was in place.
- Yesterday I mounted a windows share on the PF server so that I could
transfer some company logos etc onto the box, I managed to do this successfully
via CIFS.
To troubleshoot I attempted a radtest dd9999 Abcd1234 localhost 12 testing123
and a kinit connection and they both failed, with some sort of unknown server
message (sorry I didn't write it down), but this led me to realise that I
hadn't declared the PF server in the new DNS server, nor the AD server. After
adding these entries into DNS I rebooted the PF server and can now successfully
run both tests.
However I'm still unable to authenticate via radius and am seeing this in the
debug log:
# Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/etc/raddb/sites-enabled/packetfence-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: sm18818
[mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password
[mschap] expand: %{Stripped-User-Name} ->
[mschap] ... expanding second conditional
[mschap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[mschap] expand: %{User-Name:-None} -> sm18818
[mschap] expand: --username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
-> --username=sm18818
[mschap] mschap2: 0f
[mschap] Creating challenge hash with username: sm18818
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=dfa962c4782b9582
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=54452218a438818444dd851749894003ab9926896ac14877
Exec-Program output: No logon servers (0xc000005e)
Exec-Program-Wait: plaintext: No logon servers (0xc000005e)
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
"No logon servers" seems to be a samba related error from what I can find, but
I can't think of where else I will need to look in order to get this vital
service back up and running again.
Cheers,
Andi
________________________________
>From 1st November 2011 UWIC changed its title to Cardiff Metropolitan
>University. From the 6th December, as part of this change, all email addresses
>which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent
>from Cardiff Metropolitan University will now be sent from the new
>@cardiffmet.ac.uk address. Please could you ensure that all of your contact
>records and databases are updated to reflect this change. Further information
>can be found on the website
>here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
