Rejoin the machine to the domain and it should fix it.
On 12-01-27 8:54 AM, Morris, Andi wrote:
> Hi all,
>
> Since yesterday my PF server has stopped authenticating users. The only
> things that I can think may be related are:
>
> -A week or so back I added a new DNS server into the PF development
> network, and changed all the relevant entries that I could think of in
> the PF config. This morning was possibly the first time the PF server
> had rebooted since this new DNS server was in place.
>
> -Yesterday I mounted a windows share on the PF server so that I could
> transfer some company logos etc onto the box, I managed to do this
> successfully via CIFS.
>
> To troubleshoot I attempted a radtest dd9999 Abcd1234 localhost 12
> testing123 and a kinit connection and they both failed, with some sort
> of unknown server message (sorry I didn’t write it down), but this led
> me to realise that I hadn’t declared the PF server in the new DNS
> server, nor the AD server. After adding these entries into DNS I
> rebooted the PF server and can now successfully run both tests.
>
> However I’m still unable to authenticate via radius and am seeing this
> in the debug log:
>
> /# Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel/
>
> /+- entering group authenticate {...}/
>
> /[eap] Request found, released from the list/
>
> /[eap] EAP/mschapv2/
>
> /[eap] processing type mschapv2/
>
> /[mschapv2] # Executing group from file
> /etc/raddb/sites-enabled/packetfence-tunnel/
>
> /[mschapv2] +- entering group MS-CHAP {...}/
>
> /[mschap] Creating challenge hash with username: sm18818/
>
> /[mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password/
>
> /[mschap] expand: %{Stripped-User-Name} ->/
>
> /[mschap] ... expanding second conditional/
>
> /[mschap] WARNING: Deprecated conditional expansion ":-". See "man
> unlang" for details/
>
> /[mschap] expand: %{User-Name:-None} -> sm18818/
>
> /[mschap] expand:
> --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} ->
> --username=sm18818/
>
> /[mschap] mschap2: 0f/
>
> /[mschap] Creating challenge hash with username: sm18818/
>
> /[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
> --challenge=dfa962c4782b9582/
>
> /[mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
> --nt-response=54452218a438818444dd851749894003ab9926896ac14877/
>
> /Exec-Program output: No logon servers (0xc000005e)/
>
> /Exec-Program-Wait: plaintext: No logon servers (0xc000005e)/
>
> /Exec-Program: returned: 1/
>
> /[mschap] External script failed./
>
> /[mschap] FAILED: MS-CHAP2-Response is incorrect/
>
> /++[mschap] returns reject/
>
> /[eap] Freeing handler/
>
> /++[eap] returns reject/
>
> /Failed to authenticate the user./
>
> “No logon servers” seems to be a samba related error from what I can
> find, but I can’t think of where else I will need to look in order to
> get this vital service back up and running again.
>
> Cheers,
>
> Andi
>
> ------------------------------------------------------------------------
>
> >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan
> University. From the 6th December, as part of this change, all email
> addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk.
> All emails sent from Cardiff Metropolitan University will now be sent
> from the new @cardiffmet.ac.uk address. *Please could you ensure that
> all of your contact records and databases are updated to reflect this
> change.* Further information can be found on the website here.
> <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
>
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
>
>
>
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
