Re: [PacketFence-users] Auth: Login incorrect (mschap: External script says Reading winbind reply failed! (0xc0000001))

Thu, 13 Aug 2015 02:15:28 -0700 

Yes, for me as well. (on 5.3.1)

But please correct me if I'm wrong, this is not according to the docs,
is it?

MJ

On 08/13/2015 11:04 AM, Dennis Schulmeyer wrote:
> Hi all,
> 
> for me the configuration with both REALMS  -> NULL (nostrip) and default 
> (strip) works…
> 
> happy regards,
> Dennis
> 
> 
>> Am 11.08.2015 um 16:32 schrieb Dennis Schulmeyer <[email protected]>:
>>
>> Oh.. Sorry for the misunderstanding…
>> The hint http://sourceforge.net/p/packetfence/mailman/message/34280896/
>> worked for packetfence 5.2.x.
>> -> Now, with 5.3.1 I have still the problem described below!
>>
>> So I didn’t change the configuration back to default after upgrading to 
>> 5.3.1 ..
>> ..for now I can’t test it because my radiusd doesn’t come up after "yum 
>> upgrade“ :/ .. But that’s another case.. 
>>
>>
>>
>>
>>
>> Am [DATE] schrieb "heupink" <[ADDRESS]>:
>>
>>> Hi Dennis,
>>>
>>> Yes, I wanted to point you to this solution, and forgot. I'm sorry.
>>>
>>> So for you things work also, now? Nice, it's just so strange that 
>>> undocumented hacks are needed to get something (relatively common, i 
>>> think..) to work.
>>>
>>> I had also hoped that this bugfix in packetfence 5.3.0:
>>> • Fixed incorrect RADIUS realm detection when using windows computer 
>>> authentication
>>> would also solve that issue, but we still need the hack.
>>>
>>> Strange.
>>>
>>> MJ
>>>
>>>
>>> On 8/11/2015 14:01, Dennis Schulmeyer wrote:
>>>> Hi Louis,
>>>>
>>>> I’ve followed this hint
>>>> http://sourceforge.net/p/packetfence/mailman/message/34280896/ to get
>>>> machine accounts work properly..
>>>> So my configuration is:
>>>>
>>>> realm.conf
>>>>
>>>> [TESTDOMAIN]
>>>> domain=TESTSERVER
>>>> options=strip
>>>>
>>>> [TESTDOMAIN.COM]
>>>> domain=TESTSERVER
>>>> options=strip
>>>>
>>>> [NULL]
>>>> domain=TESTSERVER
>>>> options=nostrip
>>>>
>>>>
>>>> domain.conf
>>>>
>>>> [TESTSERVER]
>>>> bind_pass=
>>>> dns_server=192.168.10.10
>>>> bind_dn=administrator
>>>> workgroup=TESTDOMAIN
>>>> ad_server=testserver.testdomain.com
>>>> server_name=testserver
>>>> dns_name=testdomain.com
>>>>
>>>>
>>>> proxy.conf.inc
>>>>
>>>> # This file is generated from a template at
>>>> /usr/local/pf/conf/radiusd/proxy.conf.inc
>>>> # Any changes made to this file will be lost on restart
>>>>
>>>> realm TESTDOMAIN {
>>>> strip
>>>> }
>>>>
>>>> realm TESTDOMAIN.COM {
>>>> strip
>>>> }
>>>>
>>>> realm NULL {
>>>> nostrip
>>>> }
>>>>
>>>>
>>>> Thanks in advance!
>>>>
>>>> Dennis
>>>>
>>>> Von: Louis Munro
>>>> Antworten an: "[email protected]
>>>> <mailto:[email protected]>"
>>>> Datum: Mittwoch, 5. August 2015 17:49
>>>> An: "[email protected]
>>>> <mailto:[email protected]>"
>>>> Betreff: Re: [PacketFence-users] Auth: Login incorrect (mschap: External
>>>> script says Reading winbind reply failed! (0xc0000001))
>>>>
>>>> Looks to me like the domain is not correctly defined or you don’t have a
>>>> default domain.
>>>>
>>>> Can you post conf/realm.conf, conf/domain.conf and raddb/proxy.conf.inc?
>>>>
>>>> --
>>>> Louis Munro
>>>> [email protected] <mailto:[email protected]>  :: www.inverse.ca
>>>> <http://www.inverse.ca>
>>>> +1.514.447.4918 x125  :: +1 (866) 353-6153 x125
>>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>)
>>>> and PacketFence (www.packetfence.org <http://www.packetfence.org>)
>>>>
>>>> On Aug 5, 2015, at 11:23 , Dennis Schulmeyer <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [eap] EAP/mschapv2
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [eap] processing type mschapv2
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschapv2] # Executing group from
>>>>> file /usr/local/pf/raddb//sites-enabled/packetfence-tunnel
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschapv2] +group MS-CHAP {
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschapv2] ++? if (PacketFence-Domain)
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschapv2] ? Evaluating
>>>>> (PacketFence-Domain) -> FALSE
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschapv2] ++? if
>>>>> (PacketFence-Domain) -> FALSE
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschapv2] ++else else {
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap] Creating challenge hash
>>>>> with username: host/PC001.testdomain.com <http://pc001.testdomain.com/>
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap] Client is using MS-CHAPv2
>>>>> for host/PC001.testdomain.com <http://pc001.testdomain.com/>, we need
>>>>> NT-Password
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap]expand: %{Stripped-User-Name} ->
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap]... expanding second conditional
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap]expand:
>>>>> %{mschap:User-Name:-None} -> PC001$
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap]expand:
>>>>> --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} ->
>>>>> --username=PC001$
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap] Creating challenge hash
>>>>> with username: host/PC001.testdomain.com <http://pc001.testdomain.com/>
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap]expand:
>>>>> --challenge=%{mschap:Challenge:-00} -> --challenge=008ed3fa50ed746a
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap]expand:
>>>>> --nt-response=%{mschap:NT-Response:-00} ->
>>>>> --nt-response=5ddae5e07d7a2dc1733531fce4eb8a772ad350309533952d
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap] Exec: program returned: 1
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap] External script failed.
>>>>> Wed Aug  5 17:12:20 2015 : Debug: [mschap] FAILED: MS-CHAP2-Response
>>>>> is incorrect
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> 

------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to