Re: [PacketFence-users] RADIUS auth via AD issues

Wed, 24 Jun 2015 08:32:30 -0700 


From: Rhoads, Robert W.
Sent: Wednesday, June 24, 2015 8:56 AM
To: '[email protected]'
Subject: RE: [PacketFence-users] RADIUS auth via AD issues



From: Louis Munro [mailto:[email protected]]
Sent: Tuesday, June 23, 2015 4:16 PM
To: 
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] RADIUS auth via AD issues



On Jun 23, 2015, at 16:07 , Rhoads, Robert W. 
<[email protected]<mailto:[email protected]>> wrote:

Your assumption is correct.  The result for net ads testjoin: Join is OK

Result for ntlm_auth -username=DOMAIN\\testuser -password=password :  
NT_STATUS_OK: Success (0x0)

Which file contents would you like to see? :)

Try this first:


# ntlm_auth --request-nt-key  --username=DOMAIN\\testuser 
--challenge=7ab7634b9bcb90f6 
--nt-response=a99a0a0cad4f55ceb7938ea9b2ee55a245b29063967c5ca7

Replace DOMAIN\\testuser accordingly and see if this works.
If it does not then the client is not sending the correct challenge response 
(probably a wrong password or misconfiguration).


Regards,
--
Louis Munro
[email protected]<mailto:[email protected]>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)


It appears to have worked for me (with the correct domain/username 
substitutions) as the result to the command ntlm_auth --request-nt-key  
--username=DOMAIN\\testuser --challenge=7ab7634b9bcb90f6 
--nt-response=a99a0a0cad4f55ceb7938ea9b2ee55a245b29063967c5ca7 was: NT_KEY: 
7377D608B4A5F16E556C5231CDE19E42



Where next sir?  I really appreciate your help!


Respectfully,

Robert Rhoads
Network Systems Engineer
[email protected]<mailto:[email protected]>
(434)-773-8223 opt 3
VoIP 2090




Actually, I solved my own issue.  It was in fact the Domain being sent from the 
Windows Client what was the issue.  The Realm wasn't set correctly in 
proxy.conf.inc.  I figured out what I needed to do (go through the GUI and set 
the realm, and leave the domain part blank as that is being handled 
"externally").  My login is now handled seamlessly as a single sign on as I had 
originally intended.

Thank you for all your help, you did in fact help me spot and fix a couple 
errors.  Thank you!


Respectfully,

Robert Rhoads
Network Systems Engineer
[email protected]<mailto:[email protected]>
(434)-773-8223 opt 3
VoIP 2090






------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to