Hi Dennis, Yes, I wanted to point you to this solution, and forgot. I'm sorry.
So for you things work also, now? Nice, it's just so strange that undocumented hacks are needed to get something (relatively common, i think..) to work. I had also hoped that this bugfix in packetfence 5.3.0: • Fixed incorrect RADIUS realm detection when using windows computer authentication would also solve that issue, but we still need the hack. Strange. MJ On 8/11/2015 14:01, Dennis Schulmeyer wrote: > Hi Louis, > > I’ve followed this hint > http://sourceforge.net/p/packetfence/mailman/message/34280896/ to get > machine accounts work properly.. > So my configuration is: > > realm.conf > > [TESTDOMAIN] > domain=TESTSERVER > options=strip > > [TESTDOMAIN.COM] > domain=TESTSERVER > options=strip > > [NULL] > domain=TESTSERVER > options=nostrip > > > domain.conf > > [TESTSERVER] > bind_pass= > dns_server=192.168.10.10 > bind_dn=administrator > workgroup=TESTDOMAIN > ad_server=testserver.testdomain.com > server_name=testserver > dns_name=testdomain.com > > > proxy.conf.inc > > # This file is generated from a template at > /usr/local/pf/conf/radiusd/proxy.conf.inc > # Any changes made to this file will be lost on restart > > realm TESTDOMAIN { > strip > } > > realm TESTDOMAIN.COM { > strip > } > > realm NULL { > nostrip > } > > > Thanks in advance! > > Dennis > > Von: Louis Munro > Antworten an: "[email protected] > <mailto:[email protected]>" > Datum: Mittwoch, 5. August 2015 17:49 > An: "[email protected] > <mailto:[email protected]>" > Betreff: Re: [PacketFence-users] Auth: Login incorrect (mschap: External > script says Reading winbind reply failed! (0xc0000001)) > > Looks to me like the domain is not correctly defined or you don’t have a > default domain. > > Can you post conf/realm.conf, conf/domain.conf and raddb/proxy.conf.inc? > > -- > Louis Munro > [email protected] <mailto:[email protected]> :: www.inverse.ca > <http://www.inverse.ca> > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) > and PacketFence (www.packetfence.org <http://www.packetfence.org>) > > On Aug 5, 2015, at 11:23 , Dennis Schulmeyer <[email protected] > <mailto:[email protected]>> wrote: > >> Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP/mschapv2 >> Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type mschapv2 >> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] # Executing group from >> file /usr/local/pf/raddb//sites-enabled/packetfence-tunnel >> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] +group MS-CHAP { >> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++? if (PacketFence-Domain) >> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ? Evaluating >> (PacketFence-Domain) -> FALSE >> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++? if >> (PacketFence-Domain) -> FALSE >> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++else else { >> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Creating challenge hash >> with username: host/PC001.testdomain.com <http://pc001.testdomain.com/> >> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Client is using MS-CHAPv2 >> for host/PC001.testdomain.com <http://pc001.testdomain.com/>, we need >> NT-Password >> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: %{Stripped-User-Name} -> >> Wed Aug 5 17:12:20 2015 : Debug: [mschap]... expanding second conditional >> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >> %{mschap:User-Name:-None} -> PC001$ >> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >> --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} -> >> --username=PC001$ >> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Creating challenge hash >> with username: host/PC001.testdomain.com <http://pc001.testdomain.com/> >> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >> --challenge=%{mschap:Challenge:-00} -> --challenge=008ed3fa50ed746a >> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >> --nt-response=%{mschap:NT-Response:-00} -> >> --nt-response=5ddae5e07d7a2dc1733531fce4eb8a772ad350309533952d >> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Exec: program returned: 1 >> Wed Aug 5 17:12:20 2015 : Debug: [mschap] External script failed. >> Wed Aug 5 17:12:20 2015 : Debug: [mschap] FAILED: MS-CHAP2-Response >> is incorrect > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
