Hmmm... the communication stops on the last challenge? What your switch
says in its log?
(I am lazy to decode the last EAP Message, hopefully your switch will
have the answer :)
On 11/5/2013, 12:25 PM, Thomas Tsai wrote:
> Jake, see below: Here's a dump of the radius -X output. Any ideas?
>
> rad_recv: Access-Request packet from host 10.10.1.115 port 1645, id=93,
> length=170
> User-Name = "DOMAIN\\USERNAME"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "50-3D-E5-0F-EF-B0"
> Calling-Station-Id = "B4-99-BA-EA-DF-3D"
> EAP-Message = 0x020100150143414e594f4e5c6a7573657231373436
> Message-Authenticator = 0xae761de749c1a55e1b4d05dded1d534f
> NAS-Port-Type = Ethernet
> NAS-Port = 50048
> NAS-Port-Id = "GigabitEthernet0/48"
> NAS-IP-Address = 10.10.1.115
> server packetfence {
> # Executing section authorize from file
> /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authorize {...}
> [suffix] No '@' in User-Name = "DOMAIN\USERNAME", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[preprocess] returns ok
> [eap] EAP packet type response id 1 length 21
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_perl: Added pair NAS-Port-Type = Ethernet
> rlm_perl: Added pair Service-Type = Framed-User
> rlm_perl: Added pair Calling-Station-Id = B4-99-BA-EA-DF-3D
> rlm_perl: Added pair Called-Station-Id = 50-3D-E5-0F-EF-B0
> rlm_perl: Added pair Message-Authenticator =
> 0xae761de749c1a55e1b4d05dded1d534f
> rlm_perl: Added pair User-Name = DOMAIN\\USERNAME
> rlm_perl: Added pair EAP-Message =
> 0x020100150143414e594f4e5c6a7573657231373436
> rlm_perl: Added pair EAP-Type = Identity
> rlm_perl: Added pair NAS-IP-Address = 10.10.1.115
> rlm_perl: Added pair NAS-Port = 50048
> rlm_perl: Added pair NAS-Port-Id = GigabitEthernet0/48
> rlm_perl: Added pair Framed-MTU = 1500
> rlm_perl: Added pair Auth-Type = EAP
> ++[packetfence] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type tls
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] returns handled
> } # server packetfence
> Sending Access-Challenge of id 93 to 10.10.1.115 port 1645
> EAP-Message = 0x010200061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xf2a98a36f2ab9394046cddc7cec88b34
> Finished request 46.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.10.1.115 port 1645, id=94,
> length=272
> User-Name = "DOMAIN\\USERNAME"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "50-3D-E5-0F-EF-B0"
> Calling-Station-Id = "B4-99-BA-EA-DF-3D"
> EAP-Message =
> 0x0202006919800000005f160301005a0100005603015274598d844ec695ca63a859f4bd1aedfe509ed07656d34cc45857068e02da92000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100
> Message-Authenticator = 0x05d7dbb67cf4f2d0e39f04809af67d5f
> NAS-Port-Type = Ethernet
> NAS-Port = 50048
> NAS-Port-Id = "GigabitEthernet0/48"
> State = 0xf2a98a36f2ab9394046cddc7cec88b34
> NAS-IP-Address = 10.10.1.115
> server packetfence {
> # Executing section authorize from file
> /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authorize {...}
> [suffix] No '@' in User-Name = "DOMAIN\USERNAME", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[preprocess] returns ok
> [eap] EAP packet type response id 2 length 105
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 95
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] (other): before/accept initialization
> [peap] TLS_accept: before/accept initialization
> [peap] <<< TLS 1.0 Handshake [length 005a], ClientHello
> [peap] TLS_accept: SSLv3 read client hello A
> [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
> [peap] TLS_accept: SSLv3 write server hello A
> [peap] >>> TLS 1.0 Handshake [length 049b], Certificate
> [peap] TLS_accept: SSLv3 write certificate A
> [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> [peap] TLS_accept: SSLv3 write server done A
> [peap] TLS_accept: SSLv3 flush data
> [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> } # server packetfence
> Sending Access-Challenge of id 94 to 10.10.1.115 port 1645
> EAP-Message =
> 0x0103040019c0000004df16030100310200002d03015274598d8c19ea774acdc02734086f42c6e576673b26c1fa247d511e9a1bb86200002f000005ff01000100160301049b0b0004970004940004913082048d30820375a003020102020900a7c50eace02f1471300d06092a864886f70d01010505003076310b3009060355040613024341310b30090603550408130251433111300f060355040713084d6f6e747265616c3110300e060355040a1307496e766572736531123010060355040313093132372e302e302e313121301f06092a864886f70d0109011612737570706f727440696e76657273652e6361301e170d3133303832323139323631
> EAP-Message =
> 0x385a170d3134303832323139323631385a3076310b3009060355040613024341310b30090603550408130251433111300f060355040713084d6f6e747265616c3110300e060355040a1307496e766572736531123010060355040313093132372e302e302e313121301f06092a864886f70d0109011612737570706f727440696e76657273652e636130820122300d06092a864886f70d01010105000382010f003082010a0282010100a22f62c1227853e3294b9ed3f5a548200b93bf44c8ed73046a2c4f01a30ed7f30c78f59ce1f4e8ad8fcef651020fa1f5a6e1c77aa11d072961570c5d55253577f892fa9cea6b9ac743a0492ed45958f3c45b57
> EAP-Message =
> 0xa0288f590f396b58ff5b22d20f8d213ab5f6bb740111b37499d26704ca1887a8b19f0a3ca7deac95aa4cdabbe45fa2a2bc97305f94de9533ad69d53a4e2bcfa5472dae08441089dee7aa0c9e48935bb3b495945d541c06cbee8b84fc7505303dc20b98177e48376d66d2651b70bc37469d167d0ebd2d4ee57644d5729710e66ce10dbe9388340537c91ccec4dad317d63d3fcca50506cd9f509dcbc805252a91d7ceda998ce6db7bb11796786f0203010001a382011c30820118301d0603551d0e0416041441ded5e9e0b620cc0dd9eb77a19206f566d56f863081a80603551d230481a030819d801441ded5e9e0b620cc0dd9eb77a19206f566d56f86
> EAP-Message =
> 0xa17aa4783076310b3009060355040613024341310b30090603550408130251433111300f060355040713084d6f6e747265616c3110300e060355040a1307496e766572736531123010060355040313093132372e302e302e313121301f06092a864886f70d0109011612737570706f727440696e76657273652e6361820900a7c50eace02f1471300c0603551d130101ff0402300030090603551d1204023000300b0603551d0f0404030205e030130603551d25040c300a06082b06010505070301301106096086480186f8420101040403020640300d06092a864886f70d010105050003820101009f3d83409c98c9bd50fea8921a867fd1b560232a
> EAP-Message = 0x9e1acdc8b0b6ff82075c7d72
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xf2a98a36f3aa9394046cddc7cec88b34
> Finished request 47.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.10.1.115 port 1645, id=95,
> length=173
> User-Name = "DOMAIN\\USERNAME"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "50-3D-E5-0F-EF-B0"
> Calling-Station-Id = "B4-99-BA-EA-DF-3D"
> EAP-Message = 0x020300061900
> Message-Authenticator = 0xfb0cf43f5ca90a44898b6ca744a8fbb2
> NAS-Port-Type = Ethernet
> NAS-Port = 50048
> NAS-Port-Id = "GigabitEthernet0/48"
> State = 0xf2a98a36f3aa9394046cddc7cec88b34
> NAS-IP-Address = 10.10.1.115
> server packetfence {
> # Executing section authorize from file
> /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authorize {...}
> [suffix] No '@' in User-Name = "DOMAIN\USERNAME", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[preprocess] returns ok
> [eap] EAP packet type response id 3 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake fragment handler
> [peap] eaptls_verify returned 1
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> } # server packetfence
> Sending Access-Challenge of id 95 to 10.10.1.115 port 1645
> EAP-Message =
> 0x010400ef19007478de62644b56fbb9e13e4924dcd1dfccef0d269562d5527172f22f088441182a8281e50ee6795d00e97f415465aa99a28d72a3acd047a5c248b96894d4aee7b5918da276ad88b5858853503e1b67f582f3b1a84c465eadfcb89ca3e2f442f585415901532fa9aa113084f308be1e8dd6ba3d920104622f99460c6b03994eb25cad48b9816a1632ba401e8e48d3f24c245d80d61c005382a3eb07f861525b55a4fe6897cc7b50742f147ec2c264f56df405e5df427e6bc2845044ea23363132679b3e5e1cf58c04b1748acfbf31394fc8a4b8f8d6645bdcbad08b0a7dc0b9ee16030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xf2a98a36f0ad9394046cddc7cec88b34
> Finished request 48.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.10.1.115 port 1645, id=96,
> length=505
> User-Name = "DOMAIN\\USERNAME"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "50-3D-E5-0F-EF-B0"
> Calling-Station-Id = "B4-99-BA-EA-DF-3D"
> EAP-Message =
> 0x0204015019800000014616030101061000010201007e9481e22a1d020afd26935bdc1355a0dc048dfbc3c9ecb6b4fa09514046179b61afa3c252f4ebb06d0f917605a63101c6733bb6f1364521bdbc3fa403f94e60da6dc1e682ea9d51b563bb7464a53491ba6a8152ce9f71bf4f41dba4e36ab30b8271685150086326da9444751acbb8a219b8066bfdfa3e5983d39e51921efb849850a8baa339c6b9d58493b595878ed85ec74df32e15107ff68aa6b0264292a57685d0821e616c306a82e9febf8ab89f0bdc19548bfc6f09b51f920950905067056a7021cbcd9e412d6c9acbe78316592ac4708d171dfce95895750c4057d04535f203cd26bb99e7
> EAP-Message =
> 0x77ab76550694a52d50003ede6c511157c4e21e8163c86cf314030100010116030100303a5ee6ba796c0dd31709cc34b11ad709dfc05be7fa039e0eb346bec5bae1c255fd134a1383de604a89b62636d6bbc23c
> Message-Authenticator = 0x8a26e4ab679106ca7d6b9335fd892395
> NAS-Port-Type = Ethernet
> NAS-Port = 50048
> NAS-Port-Id = "GigabitEthernet0/48"
> State = 0xf2a98a36f0ad9394046cddc7cec88b34
> NAS-IP-Address = 10.10.1.115
> server packetfence {
> # Executing section authorize from file
> /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authorize {...}
> [suffix] No '@' in User-Name = "DOMAIN\USERNAME", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[preprocess] returns ok
> [eap] EAP packet type response id 4 length 253
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 326
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
> [peap] TLS_accept: SSLv3 read client key exchange A
> [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
> [peap] <<< TLS 1.0 Handshake [length 0010], Finished
> [peap] TLS_accept: SSLv3 read finished A
> [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
> [peap] TLS_accept: SSLv3 write change cipher spec A
> [peap] >>> TLS 1.0 Handshake [length 0010], Finished
> [peap] TLS_accept: SSLv3 write finished A
> [peap] TLS_accept: SSLv3 flush data
> [peap] (other): SSL negotiation finished successfully
> SSL Connection Established
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> } # server packetfence
> Sending Access-Challenge of id 96 to 10.10.1.115 port 1645
> EAP-Message =
> 0x0105004119001403010001011603010030480647625e74ac6f1f89f0c893847071099af84452637b40db643cf2d279322a8512dd85a721a3e2515a957e056430e7
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xf2a98a36f1ac9394046cddc7cec88b34
> Finished request 49.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.10.1.115 port 1645, id=97,
> length=173
> User-Name = "DOMAIN\\USERNAME"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "50-3D-E5-0F-EF-B0"
> Calling-Station-Id = "B4-99-BA-EA-DF-3D"
> EAP-Message = 0x020500061900
> Message-Authenticator = 0x645e8d772c5fc84bf5aacaad66a91a4c
> NAS-Port-Type = Ethernet
> NAS-Port = 50048
> NAS-Port-Id = "GigabitEthernet0/48"
> State = 0xf2a98a36f1ac9394046cddc7cec88b34
> NAS-IP-Address = 10.10.1.115
> server packetfence {
> # Executing section authorize from file
> /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authorize {...}
> [suffix] No '@' in User-Name = "DOMAIN\USERNAME", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[preprocess] returns ok
> [eap] EAP packet type response id 5 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake is finished
> [peap] eaptls_verify returned 3
> [peap] eaptls_process returned 3
> [peap] EAPTLS_SUCCESS
> [peap] Session established. Decoding tunneled attributes.
> [peap] Peap state TUNNEL ESTABLISHED
> ++[eap] returns handled
> } # server packetfence
> Sending Access-Challenge of id 97 to 10.10.1.115 port 1645
> EAP-Message =
> 0x0106002b19001703010020be40ea759bceb63342ef620237e0585126b5fba7450c30d6a0a33164faf44aeb
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xf2a98a36f6af9394046cddc7cec88b34
> Finished request 50.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.10.1.115 port 1645, id=98,
> length=226
> User-Name = "DOMAIN\\USERNAME"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "50-3D-E5-0F-EF-B0"
> Calling-Station-Id = "B4-99-BA-EA-DF-3D"
> EAP-Message =
> 0x0206003b19001703010030804b7f8c93ea32931eb0a69921bea546567f5be7bd79b9f429b5c455e87e7e3d74afb1ae52205a216dd323fdef4e9558
> Message-Authenticator = 0xe6339d171a3e1ef02a218ee95f329ebf
> NAS-Port-Type = Ethernet
> NAS-Port = 50048
> NAS-Port-Id = "GigabitEthernet0/48"
> State = 0xf2a98a36f6af9394046cddc7cec88b34
> NAS-IP-Address = 10.10.1.115
> server packetfence {
> # Executing section authorize from file
> /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authorize {...}
> [suffix] No '@' in User-Name = "DOMAIN\USERNAME", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[preprocess] returns ok
> [eap] EAP packet type response id 6 length 59
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established. Decoding tunneled attributes.
> [peap] Peap state WAITING FOR INNER IDENTITY
> [peap] Identity - DOMAIN\USERNAME
> [peap] Got inner identity 'DOMAIN\USERNAME'
> [peap] Setting default EAP type for tunneled EAP session.
> [peap] Got tunneled request
> EAP-Message = 0x020600150143414e594f4e5c6a7573657231373436
> server packetfence {
> [peap] Setting User-Name to DOMAIN\USERNAME
> Sending tunneled request
> EAP-Message = 0x020600150143414e594f4e5c6a7573657231373436
> FreeRADIUS-Proxied-To = 127.0.0.1
> User-Name = "DOMAIN\\USERNAME"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "50-3D-E5-0F-EF-B0"
> Calling-Station-Id = "B4-99-BA-EA-DF-3D"
> NAS-Port-Type = Ethernet
> NAS-Port = 50048
> NAS-Port-Id = "GigabitEthernet0/48"
> NAS-IP-Address = 10.10.1.115
> server packetfence-tunnel {
> # Executing section authorize from file
> /usr/local/pf/raddb//sites-enabled/packetfence-tunnel
> +- entering group authorize {...}
> [suffix] No '@' in User-Name = "DOMAIN\USERNAME", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [ntdomain] Looking up realm "DOMAIN" for User-Name = "DOMAIN\USERNAME"
> [ntdomain] No such realm "DOMAIN"
> ++[ntdomain] returns noop
> [eap] EAP packet type response id 6 length 21
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> Found Auth-Type = EAP
> # Executing group from file
> /usr/local/pf/raddb//sites-enabled/packetfence-tunnel
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type mschapv2
> rlm_eap_mschapv2: Issuing Challenge
> ++[eap] returns handled
> } # server packetfence-tunnel
> [peap] Got tunneled reply code 11
> EAP-Message =
> 0x0107002a1a01070025107736675c549aad626fc16fdec6846cde43414e594f4e5c6a7573657231373436
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x47e8768047ef6cc41bd42c0e5212d6bf
> [peap] Got tunneled reply RADIUS code 11
> EAP-Message =
> 0x0107002a1a01070025107736675c549aad626fc16fdec6846cde43414e594f4e5c6a7573657231373436
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x47e8768047ef6cc41bd42c0e5212d6bf
> [peap] Got tunneled Access-Challenge
> ++[eap] returns handled
> } # server packetfence
> Sending Access-Challenge of id 98 to 10.10.1.115 port 1645
> EAP-Message =
> 0x0107004b1900170301004018bbdbc9fc3683406a120b5fa612b9d56a2cca7d18f3a4cc337217a0c7d31dc1c2d9ca06551938ef04231c07995d1407ceb1c425887551eac349a68a61051682
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xf2a98a36f7ae9394046cddc7cec88b34
> Finished request 51.
> Going to the next request
> Waking up in 4.9 seconds.
>
> -----Original Message-----
> From: Sallee, Stephen (Jake) [mailto:[email protected]]
> Sent: Monday, October 28, 2013 6:46 AM
> To: [email protected]
> Subject: Re: [PacketFence-users] PF 4.0.6 - wired 802.1x authentication failed
>
>> Question is, I do not know how I would go about configuring authentication
>> against an AD source for this... Would this be under
>> /usr/local/pf/conf/authentication/ldap.pm?
> Did you follow the instructions for AD auth on the admin guide?
>
> Also, if you already did that could you post the full debug of your radiusd
> -X session? You can sanitize it if you want but we need to see the whole
> session so we can help you find the exact issue.
>
> Don't worry about how LONG the email will be with the full session output, we
> are used to it.
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
> ________________________________
> From: Thomas Tsai [[email protected]]
> Sent: Friday, October 25, 2013 8:15 PM
> To: <[email protected]>
> Subject: [PacketFence-users] PF 4.0.6 - wired 802.1x authentication failed
>
>
> Using PF 4.0.6, im trying to set up a basic 802.1x authentication using a
> cisco switch, and a windows 7 client.
>
>
>
> I believe that the issue is that I do not have a method of validating the
> windows credentials that packetfence has, and hence why I receive the "Failed
> to authenticate the user" message below in the radius -X output on the PF
> server.
>
>
>
> Question is, I do not know how I would go about configuring authentication
> against an AD source for this... Would this be under
> /usr/local/pf/conf/authentication/ldap.pm?
>
>
>
>
>
> [eap] Request found, released from the list
>
> [eap] EAP/peap
>
> [eap] processing type peap
>
> [peap] processing EAP-TLS
>
> [peap] eaptls_verify returned 7
>
> [peap] Done initial handshake
>
> [peap] eaptls_process returned 7
>
> [peap] EAPTLS_OK
>
> [peap] Session established. Decoding tunneled attributes.
>
> [peap] Peap state send tlv failure
>
> [peap] Received EAP-TLV response.
>
> [peap] The users session was previously rejected: returning reject (again.)
>
> [peap] *** This means you need to read the PREVIOUS messages in the debug
> output
>
> [peap] *** to find out the reason why the user was rejected.
>
> [peap] *** Look for "reject" or "fail". Those earlier messages will tell
> you.
>
> [peap] *** what went wrong, and how to fix the problem.
>
> [eap] Handler failed in EAP/peap
>
> [eap] Failed in EAP select
>
> ++[eap] returns invalid
>
> Failed to authenticate the user.
>
> Login incorrect: [domain\\user] (from client 10.0.0.115 port 50048 cli
> B4-99-BA-XX-XX-XX)
>
> } # server packetfence
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> **********************************************
> Email Disclaimer:
>
> This email, including attachments, may contain
> proprietary, confidential or privileged information. If you
> are not the intended recipient, please (i) do not use,
> disclose, save or retransmit this message or any
> attachments, (ii) alert the sender by reply email and (iii)
> destroy or delete this message and any attachments.
> Delivery of this email to a person other than the intended
> recipient(s) shall not constitute a waiver of privilege or
> confidentiality.
>
> CP Investments, member FINRA and SIPC, serves as
> placement agent for investment products advised by
> Canyon Capital Advisors LLC. This email is not intended to
> be an offer to sell or a solicitation of an offer to buy any
> security in any jurisdiction. We review and retain
> electronic communications traveling through our network.
>
> **********************************************
>
> ------------------------------------------------------------------------------
> November Webinars for C, C++, Fortran Developers
> Accelerate application performance with scalable programming models. Explore
> techniques for threading, error checking, porting, and tuning. Get the most
> from the latest Intel processors and coprocessors. See abstracts and register
> http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Francois Gaudreault
Architecte de Solution Cloud | Cloud Solutions Architect
[email protected]
514-629-6775
- - -
CloudOps
420 rue Guy
Montréal QC H3J 1S6
www.cloudops.com
@CloudOps_
------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
