Re: [PacketFence-users] Active Directory authentication

forbmsyn Tue, 19 Nov 2013 13:50:37 -0800

Hi Fabrice,

Now I can see the traffic when I hit login from captive portal.


Below is the output from packetfence.log

Jun 21 19:51:53 register.cgi(0) INFO: 192.168.2.22 - 00:02:b3:07:21:3b on
registration page
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
*Jun 21 19:51:53 register.cgi(0) WARN: No entries found (0) with filter
(sAMAccountName=testpf3) from CN=Users,DC=xxx,DC=com on 10.0.0.12:389
<http://10.0.0.12:389> for source qlad_spock
(pf::Authentication::Source::LDAPSource::authenticate)*


Below is the output from tcpdump on the PF server.

19:51:53.071347 IP 10.0.10.100.46548 > adserver.xxx.com.ldap: Flags [S],
seq 4039455947, win 14600, options [mss 1460,sackOK,TS val 64751659 ecr
0,nop,wscale 7], length 0
19:51:53.071690 IP adserver.xxx.com.ldap > 10.0.10.100.46548: Flags [S.],
seq 3217919342, ack 4039455948, win 17520, options [mss 1460,nop,wscale
0,nop,nop,TS val 0 ecr 0,nop,nop,sackOK], length 0
19:51:53.071708 IP 10.0.10.100.46548 > adserver.xxx.com.ldap: Flags [.],
ack 1, win 115, options [nop,nop,TS val 64751659 ecr 0], length 0
19:51:53.072767 IP 10.0.10.100.46548 > adserver.xxx.com.ldap: Flags [P.],
seq 1:15, ack 1, win 115, options [nop,nop,TS val 64751660 ecr 0], length 14
19:51:53.073192 IP adserver.xxx.com.ldap > 10.0.10.100.46548: Flags [P.],
seq 1:23, ack 15, win 17506, options [nop,nop,TS val 115097751 ecr
64751660], length 22
19:51:53.073234 IP 10.0.10.100.46548 > adserver.xxx.com.ldap: Flags [.],
ack 23, win 115, options [nop,nop,TS val 64751661 ecr 115097751], length 0
19:51:53.077929 IP 10.0.10.100.46548 > adserver.xxx.com.ldap: Flags [P.],
seq 15:99, ack 23, win 115, options [nop,nop,TS val 64751665 ecr
115097751], length 84
19:51:53.078661 IP adserver.xxx.com.ldap > 10.0.10.100.46548: Flags [P.],
seq 23:45, ack 99, win 17422, options [nop,nop,TS val 115097751 ecr
64751665], length 22
19:51:53.079062 IP 10.0.10.100.46548 > adserver.xxx.com.ldap: Flags [F.],
seq 99, ack 45, win 115, options [nop,nop,TS val 64751666 ecr 115097751],
length 0
19:51:53.079360 IP adserver.xxx.com.ldap > 10.0.10.100.46548: Flags [.],
ack 100, win 17422, options [nop,nop,TS val 115097751 ecr 64751666], length
0
19:51:53.079435 IP adserver.xxx.com.ldap > 10.0.10.100.46548: Flags [F.],
seq 45, ack 100, win 17422, options [nop,nop,TS val 115097751 ecr
64751666], length 0
19:51:53.079447 IP 10.0.10.100.46548 > adserver.xxx.com.ldap: Flags [.],
ack 46, win 115, options [nop,nop,TS val 64751667 ecr 115097751], length 0



To me it looks good. What else do I need to check? Can you see anything
wrong here? I have double checked that the account "testpf3" I am using
here was able to login to the domain. Thank you.

Regards,
Jacky





On Tue, Nov 19, 2013 at 11:12 AM, Fabrice DURAND <[email protected]> wrote:

>  Yes, but you have to look inside the ldap traffic, like is the filter is
> ok, is the answer is ok ...
>
> Regards
> Fabrice
>
> Le 2013-11-18 14:43, forbmsyn a écrit :
>
>  When I hit test on web UI I did see traffic like below, by using tcpdump
> on the PF box,  and the test was successful.
>
>  14:37:00.635141 ARP, Request who-has adserver.xxx.com tell 10.0.10.100,
> length 28
> 14:37:00.635638 ARP, Reply adserver.xxx.com is-at 00:50:56:b0:38:31 (oui
> Unknown), length 46
> 14:37:00.635644 IP 10.0.10.100.43303 > adserver.xxx.com.ldap: Flags [S],
> seq 645803100, win 14600, options [mss 1460,sackOK,TS val 3602191 ecr
> 0,nop,wscale 7], length 0
> 14:37:00.636043 IP adserver.xxx.com.ldap > 10.0.10.100.43303: Flags [S.],
> seq 1271602926, ack 645803101, win 17520, options [mss 1460,nop,wscale
> 0,nop,nop,TS val 0 ecr 0,nop,nop,sackOK], length 0
> 14:37:00.636062 IP 10.0.10.100.43303 > adserver.xxx.com.ldap: Flags [.],
> ack 1, win 115, options [nop,nop,TS val 3602192 ecr 0], length 0
> 14:37:00.637204 IP 10.0.10.100.43303 > adserver.xxx.com.ldap: Flags [P.],
> seq 1:15, ack 1, win 115, options [nop,nop,TS val 3602194 ecr 0], length 14
> 14:37:00.637728 IP adserver.xxx.com.ldap > 10.0.10.100.43303: Flags [P.],
> seq 1:23, ack 15, win 17506, options [nop,nop,TS val 114324408 ecr
> 3602194], length 22
> 14:37:00.637757 IP 10.0.10.100.43303 > adserver.xxx.com.ldap: Flags [.],
> ack 23, win 115, options [nop,nop,TS val 3602194 ecr 114324408], length 0
> 14:37:00.642313 IP 10.0.10.100.43303 > adserver.xxx.com.ldap: Flags [P.],
> seq 15:103, ack 23, win 115, options [nop,nop,TS val 3602199 ecr
> 114324408], length 88
> 14:37:00.643487 IP adserver.xxx.com.ldap > 10.0.10.100.43303: Flags [P.],
> seq 23:45, ack 103, win 17418, options [nop,nop,TS val 114324408 ecr
> 3602199], length 22
> 14:37:00.643691 IP 10.0.10.100.43303 > adserver.xxx.com.ldap: Flags [F.],
> seq 103, ack 45, win 115, options [nop,nop,TS val 3602200 ecr 114324408],
> length 0
> 14:37:00.644032 IP adserver.xxx.com.ldap > 10.0.10.100.43303: Flags [.],
> ack 104, win 17418, options [nop,nop,TS val 114324408 ecr 3602200], length 0
> 14:37:00.644139 IP adserver.xxx.com.ldap > 10.0.10.100.43303: Flags [F.],
> seq 45, ack 104, win 17418, options [nop,nop,TS val 114324408 ecr 3602200],
> length 0
> 14:37:00.644146 IP 10.0.10.100.43303 > adserver.xxx.com.ldap: Flags [.],
> ack 46, win 115, options [nop,nop,TS val 3602201 ecr 114324408], length 0
>
>
>  But when I tried to login from captive portal there is not traffic can
> be seen from the PF box.
>
>  Regards,
> Jacky
>
>
>
> On Fri, Nov 15, 2013 at 9:09 PM, Fabrice DURAND <[email protected]>wrote:
>
>>  Yes of course there is traffic, but what inside ?
>> Do you took a pcap file and check if ldap traffic was normal ?
>>
>> Regards
>> Fabrice
>>
>>
>>
>> Le 2013-11-15 17:46, forbmsyn a écrit :
>>
>>  Hi Fabrice,
>>
>>  Changing the scope didn't help. And there is ldap traffic when I login
>> from portal.
>>
>>  Regards,
>> Jacky
>>
>>
>>
>> On Fri, Nov 15, 2013 at 3:26 PM, Fabrice DURAND <[email protected]>wrote:
>>
>>>  Hello Jacky,
>>>
>>> try scope=sub and maybe use tcpdump on the port 389 to see the ldap
>>> traffic.
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>>
>>
>>   
>> ------------------------------------------------------------------------------
>> DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
>> OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
>> Free app hosting. Or install the open source package on any LAMP server.
>> Sign up and see examples for AngularJS, jQuery, Sencha Touch and 
>> Native!http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing 
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> --
>> Fabrice [email protected] ::  +1.514.447.4918 (x135) ::  
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>> (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
>> OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
>> Free app hosting. Or install the open source package on any LAMP server.
>> Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up now. 
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> PacketFence-users mailing 
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Fabrice [email protected] ::  +1.514.447.4918 (x135) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up
> now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>

------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Active Directory authentication

Reply via email to