Hi Mourik,
Is your username really “username” or is that just the result of a search and
replace?
[peap] Setting User-Name to username
I believe the issue may be that you haven’t set a default realm/domain
See below:
[suffix] No '@' in User-Name = "username", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "username", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] = noop
Use of uninitialized value $RAD_REQUEST{"Realm"} in hash element at
/usr/local/pf/raddb/packetfence-multi-domain.pm line 59.
Which later results in :
[mschapv2] # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
[mschapv2] +group MS-CHAP {
[mschapv2] ++? if (PacketFence-Domain)
[mschapv2] ? Evaluating (PacketFence-Domain) -> FALSE
[mschapv2] ++? if (PacketFence-Domain) -> FALSE
[mschapv2] ++else else {
[mschap] Creating challenge hash with username: username
[mschap] Client is using MS-CHAPv2 for username, we need NT-Password
[mschap] expand: %{Stripped-User-Name} ->
[mschap] ... expanding second conditional
[mschap] expand: %{mschap:User-Name:-None} -> username
[mschap] expand:
--username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} ->
--username=username
[mschap] Creating challenge hash with username: username
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=aec7eedeedd441f4
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=0dd6671bcec5644934bb7c344ab6e3e006142ed1d763ac9a
Exec output: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Exec plaintext: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
[mschap] Exec: program returned: 1
[mschap] External script failed.
[mschap] FAILED: MS-CHAP2-Response is incorrect
+++[mschap] = reject
++} # else else = reject
+} # group MS-CHAP = reject
[eap] Freeing handler
++[eap] = reject
+} # group authenticate = reject
Since the domain is not set, and there is no default realm, your mschap module
is not calling the chrooted configuration.
Fix that and things should go much better.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On Jun 23, 2015, at 12:58 , heupink <[email protected]> wrote:
> here it is:
>
> http://paste.ubuntu.com/11763230/
>
> a lot of text, I'm afraid...
>
> On 6/23/2015 18:51, Louis Munro wrote:
>> Please post the full output to radiusd -X.
>>
>> It’s hard to say without it.
>>
>> Regards,
>> --
>> Louis Munro
>> [email protected] <mailto:[email protected]> :: www.inverse.ca
>> <http://www.inverse.ca>
>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>)
>> and PacketFence (www.packetfence.org <http://www.packetfence.org>)
>>
>> On Jun 23, 2015, at 12:46 , heupink <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>>> When using 802.1x from the switch, and running freeradius in debug mode,
>>> we see:
>>>
>>>> Exec output: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
>>>> Exec plaintext: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Monitor 25 network devices or servers for free with OpManager!
>> OpManager is web-based network management software that monitors
>> network devices and physical & virtual servers, alerts via email & sms
>> for fault. Monitor 25 devices for free with no restriction. Download now
>> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
> ------------------------------------------------------------------------------
> Monitor 25 network devices or servers for free with OpManager!
> OpManager is web-based network management software that monitors
> network devices and physical & virtual servers, alerts via email & sms
> for fault. Monitor 25 devices for free with no restriction. Download now
> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
