> Question is, I do not know how I would go about configuring authentication > against an AD source for this… Would this be under > /usr/local/pf/conf/authentication/ldap.pm?
Did you follow the instructions for AD auth on the admin guide? Also, if you already did that could you post the full debug of your radiusd -X session? You can sanitize it if you want but we need to see the whole session so we can help you find the exact issue. Don't worry about how LONG the email will be with the full session output, we are used to it. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________ From: Thomas Tsai [[email protected]] Sent: Friday, October 25, 2013 8:15 PM To: <[email protected]> Subject: [PacketFence-users] PF 4.0.6 - wired 802.1x authentication failed Using PF 4.0.6, im trying to set up a basic 802.1x authentication using a cisco switch, and a windows 7 client. I believe that the issue is that I do not have a method of validating the windows credentials that packetfence has, and hence why I receive the “Failed to authenticate the user” message below in the radius –X output on the PF server. Question is, I do not know how I would go about configuring authentication against an AD source for this… Would this be under /usr/local/pf/conf/authentication/ldap.pm? [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [domain\\user] (from client 10.0.0.115 port 50048 cli B4-99-BA-XX-XX-XX) } # server packetfence ********************************************** Email Disclaimer: This email, including attachments, may contain proprietary, confidential or privileged information. If you are not the intended recipient, please (i) do not use, disclose, save or retransmit this message or any attachments, (ii) alert the sender by reply email and (iii) destroy or delete this message and any attachments. Delivery of this email to a person other than the intended recipient(s) shall not constitute a waiver of privilege or confidentiality. CP Investments, member FINRA and SIPC, serves as placement agent for investment products advised by Canyon Capital Advisors LLC. This email is not intended to be an offer to sell or a solicitation of an offer to buy any security in any jurisdiction. We review and retain electronic communications traveling through our network. ********************************************** ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
