Hi all, for me the configuration with both REALMS -> NULL (nostrip) and default (strip) works…
happy regards, Dennis > Am 11.08.2015 um 16:32 schrieb Dennis Schulmeyer <[email protected]>: > > Oh.. Sorry for the misunderstanding… > The hint http://sourceforge.net/p/packetfence/mailman/message/34280896/ > worked for packetfence 5.2.x. > -> Now, with 5.3.1 I have still the problem described below! > > So I didn’t change the configuration back to default after upgrading to 5.3.1 > .. > ..for now I can’t test it because my radiusd doesn’t come up after "yum > upgrade“ :/ .. But that’s another case.. > > > > > > Am [DATE] schrieb "heupink" <[ADDRESS]>: > >> Hi Dennis, >> >> Yes, I wanted to point you to this solution, and forgot. I'm sorry. >> >> So for you things work also, now? Nice, it's just so strange that >> undocumented hacks are needed to get something (relatively common, i >> think..) to work. >> >> I had also hoped that this bugfix in packetfence 5.3.0: >> • Fixed incorrect RADIUS realm detection when using windows computer >> authentication >> would also solve that issue, but we still need the hack. >> >> Strange. >> >> MJ >> >> >> On 8/11/2015 14:01, Dennis Schulmeyer wrote: >>> Hi Louis, >>> >>> I’ve followed this hint >>> http://sourceforge.net/p/packetfence/mailman/message/34280896/ to get >>> machine accounts work properly.. >>> So my configuration is: >>> >>> realm.conf >>> >>> [TESTDOMAIN] >>> domain=TESTSERVER >>> options=strip >>> >>> [TESTDOMAIN.COM] >>> domain=TESTSERVER >>> options=strip >>> >>> [NULL] >>> domain=TESTSERVER >>> options=nostrip >>> >>> >>> domain.conf >>> >>> [TESTSERVER] >>> bind_pass= >>> dns_server=192.168.10.10 >>> bind_dn=administrator >>> workgroup=TESTDOMAIN >>> ad_server=testserver.testdomain.com >>> server_name=testserver >>> dns_name=testdomain.com >>> >>> >>> proxy.conf.inc >>> >>> # This file is generated from a template at >>> /usr/local/pf/conf/radiusd/proxy.conf.inc >>> # Any changes made to this file will be lost on restart >>> >>> realm TESTDOMAIN { >>> strip >>> } >>> >>> realm TESTDOMAIN.COM { >>> strip >>> } >>> >>> realm NULL { >>> nostrip >>> } >>> >>> >>> Thanks in advance! >>> >>> Dennis >>> >>> Von: Louis Munro >>> Antworten an: "[email protected] >>> <mailto:[email protected]>" >>> Datum: Mittwoch, 5. August 2015 17:49 >>> An: "[email protected] >>> <mailto:[email protected]>" >>> Betreff: Re: [PacketFence-users] Auth: Login incorrect (mschap: External >>> script says Reading winbind reply failed! (0xc0000001)) >>> >>> Looks to me like the domain is not correctly defined or you don’t have a >>> default domain. >>> >>> Can you post conf/realm.conf, conf/domain.conf and raddb/proxy.conf.inc? >>> >>> -- >>> Louis Munro >>> [email protected] <mailto:[email protected]> :: www.inverse.ca >>> <http://www.inverse.ca> >>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 >>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) >>> and PacketFence (www.packetfence.org <http://www.packetfence.org>) >>> >>> On Aug 5, 2015, at 11:23 , Dennis Schulmeyer <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>>> Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP/mschapv2 >>>> Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type mschapv2 >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] # Executing group from >>>> file /usr/local/pf/raddb//sites-enabled/packetfence-tunnel >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] +group MS-CHAP { >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++? if (PacketFence-Domain) >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ? Evaluating >>>> (PacketFence-Domain) -> FALSE >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++? if >>>> (PacketFence-Domain) -> FALSE >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++else else { >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Creating challenge hash >>>> with username: host/PC001.testdomain.com <http://pc001.testdomain.com/> >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Client is using MS-CHAPv2 >>>> for host/PC001.testdomain.com <http://pc001.testdomain.com/>, we need >>>> NT-Password >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: %{Stripped-User-Name} -> >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]... expanding second conditional >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >>>> %{mschap:User-Name:-None} -> PC001$ >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >>>> --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} -> >>>> --username=PC001$ >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Creating challenge hash >>>> with username: host/PC001.testdomain.com <http://pc001.testdomain.com/> >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >>>> --challenge=%{mschap:Challenge:-00} -> --challenge=008ed3fa50ed746a >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >>>> --nt-response=%{mschap:NT-Response:-00} -> >>>> --nt-response=5ddae5e07d7a2dc1733531fce4eb8a772ad350309533952d >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Exec: program returned: 1 >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] External script failed. >>>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] FAILED: MS-CHAP2-Response >>>> is incorrect >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
