Hi Louis, (the username "username" was searched and replaced)
I had created one domain and one realm, and associated that realm with the domain. When authenticating with a [email protected], things DO work, yes, you were right about that, thanks. But where do I specify a default realm? (I'm guessing you are not talking about krb5.conf) I'd like our users to be able to use just a username, as they can for everything. (and we have just one realm) Thanks! On 6/23/2015 19:22, Louis Munro wrote: > Hi Mourik, > > > Is your username really “username” or is that just the result of a > search and replace? > > [peap] Setting User-Name to username > > > > I believe the issue may be that you haven’t set a default realm/domain > See below: > > [suffix] No '@' in User-Name = "username", skipping NULL due to config. > ++[suffix] = noop > [ntdomain] No '\' in User-Name = "username", looking up realm NULL > [ntdomain] No such realm "NULL" > ++[ntdomain] = noop > Use of uninitialized value $RAD_REQUEST{"Realm"} in hash element at > /usr/local/pf/raddb/packetfence-multi-domain.pm line 59. > > > Which later results in : > > > [mschapv2] # Executing group from file > /usr/local/pf/raddb/sites-enabled/packetfence-tunnel > [mschapv2] +group MS-CHAP { > [mschapv2] ++? if (PacketFence-Domain) > *[mschapv2] ? Evaluating (PacketFence-Domain) -> FALSE* > *[mschapv2] ++? if (PacketFence-Domain) -> FALSE* > [mschapv2] ++else else { > [mschap] Creating challenge hash with username: username > [mschap] Client is using MS-CHAPv2 for username, we need NT-Password > [mschap] expand: %{Stripped-User-Name} -> > [mschap] ... expanding second conditional > [mschap] expand: %{mschap:User-Name:-None} -> username > [mschap] expand: > --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} -> > --username=username > [mschap] Creating challenge hash with username: username > [mschap] expand: --challenge=%{mschap:Challenge:-00} -> > --challenge=aec7eedeedd441f4 > [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> > --nt-response=0dd6671bcec5644934bb7c344ab6e3e006142ed1d763ac9a > Exec output: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) > Exec plaintext: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) > [mschap] Exec: program returned: 1 > [mschap] External script failed. > [mschap] FAILED: MS-CHAP2-Response is incorrect > +++[mschap] = reject > ++} # else else = reject > +} # group MS-CHAP = reject > [eap] Freeing handler > ++[eap] = reject > +} # group authenticate = reject > > > Since the domain is not set, and there is no default realm, your mschap > module is not calling the chrooted configuration. > Fix that and things should go much better. > > > > Regards, > -- > Louis Munro > [email protected] <mailto:[email protected]> :: www.inverse.ca > <http://www.inverse.ca> > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) > and PacketFence (www.packetfence.org <http://www.packetfence.org>) > > On Jun 23, 2015, at 12:58 , heupink <[email protected] > <mailto:[email protected]>> wrote: > >> here it is: >> >> http://paste.ubuntu.com/11763230/ >> >> a lot of text, I'm afraid... >> >> On 6/23/2015 18:51, Louis Munro wrote: >>> Please post the full output to radiusd -X. >>> >>> It’s hard to say without it. >>> >>> Regards, >>> -- >>> Louis Munro >>> [email protected] <mailto:[email protected]> :: www.inverse.ca >>> <http://www.inverse.ca> >>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 >>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) >>> and PacketFence (www.packetfence.org <http://www.packetfence.org>) >>> >>> On Jun 23, 2015, at 12:46 , heupink <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>>> When using 802.1x from the switch, and running freeradius in debug mode, >>>> we see: >>>> >>>>> Exec output: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) >>>>> Exec plaintext: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Monitor 25 network devices or servers for free with OpManager! >>> OpManager is web-based network management software that monitors >>> network devices and physical & virtual servers, alerts via email & sms >>> for fault. Monitor 25 devices for free with no restriction. Download now >>> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o >>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> ------------------------------------------------------------------------------ >> Monitor 25 network devices or servers for free with OpManager! >> OpManager is web-based network management software that monitors >> network devices and physical & virtual servers, alerts via email & sms >> for fault. Monitor 25 devices for free with no restriction. Download now >> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ------------------------------------------------------------------------------ > Monitor 25 network devices or servers for free with OpManager! > OpManager is web-based network management software that monitors > network devices and physical & virtual servers, alerts via email & sms > for fault. Monitor 25 devices for free with no restriction. Download now > http://ad.doubleclick.net/ddm/clk/292181274;119417398;o > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
