Hi,
yesterday I successfully included our own CA Certificates on PacketFence
(thank you very much for helping me so fast :) )
Know I stuck at the Active Directory Auth (user and machine account)
What I have done:
1) Added an AD Source (sAMAccountName as Username, I also
tried ServicePrincipalName for machine accounts)
2) Added Radios Domain (join was Successfully)
3) Check Bind: "chroot /chroots/BS/ ntlm_auth --username=fritob" this works
as expected
4) added to realm: BS.firma.de and BS and as Source my user source and when
I tried to auth machine accounts my machine account source (configured like
in the documentation)
5) Configured 802.1x PEAP on Windows 7
6) Try to authenticate against Packetfence
As radius result I got the following error message (AD-User auth) :
chrooted_mschap: External script says NT_KEY:
B002F4642C1050FB999F6AF5B3502F9F
For debugging I startet raddebug -f /usr/local/pf/var/run/radiusd.sock and
got the following error:
+group authenticate {
Tue Mar 22 12:41:05 2016 : Debug: [eap] Request found, released from the
list
Tue Mar 22 12:41:05 2016 : Debug: [eap] EAP/mschapv2
Tue Mar 22 12:41:05 2016 : Debug: [eap] processing type mschapv2
Tue Mar 22 12:41:05 2016 : Debug: [mschapv2] # Executing group from file
/usr/local/pf/raddb//sites-enabled/packetfence-tunnel
Tue Mar 22 12:41:05 2016 : Debug: [mschapv2] +group MS-CHAP {
Tue Mar 22 12:41:05 2016 : Debug: ++[packetfence] = noop
Tue Mar 22 12:41:05 2016 : Debug: ++? if (PacketFence-Domain)
Tue Mar 22 12:41:05 2016 : Debug: ? Evaluating (PacketFence-Domain) -> TRUE
Tue Mar 22 12:41:05 2016 : Debug: ++? if (PacketFence-Domain) -> TRUE
Tue Mar 22 12:41:05 2016 : Debug: ++if (PacketFence-Domain) {
Tue Mar 22 12:41:05 2016 : Debug: [chrooted_mschap] Creating challenge hash
with username: fritob
Tue Mar 22 12:41:05 2016 : Debug: [chrooted_mschap] Client is using
MS-CHAPv2 for fritob, we need NT-Password
Tue Mar 22 12:41:05 2016 : Debug: [chrooted_mschap] expand:
/chroots/%{PacketFence-Domain} -> /chroots/BS
Tue Mar 22 12:41:05 2016 : Debug: [chrooted_mschap] expand:
--username=%{mschap:User-Name:-None} -> --username=fritob
Tue Mar 22 12:41:05 2016 : Debug: [chrooted_mschap] Creating challenge hash
with username: fritob
Tue Mar 22 12:41:05 2016 : Debug: [chrooted_mschap] expand:
--challenge=%{mschap:Challenge:-00} -> --challenge=14324b2eb43c63a4
Tue Mar 22 12:41:05 2016 : Debug: [chrooted_mschap] expand:
--nt-response=%{mschap:NT-Response:-00} ->
--nt-response=3887c019f4e3f2e3c00262aa73060926bbff08f8bce2e2b1
Tue Mar 22 12:41:05 2016 : Debug: [chrooted_mschap] Exec: program returned:
139
Tue Mar 22 12:41:05 2016 : Debug: [chrooted_mschap] External script failed.
Tue Mar 22 12:41:05 2016 : Debug: [chrooted_mschap] FAILED:
MS-CHAP2-Response is incorrect
Tue Mar 22 12:41:05 2016 : Debug: +++[chrooted_mschap] = reject
When I tried to auth against the machine account, I got the error message
that realm null is not found on the Server, so I created a third realm with
identifier NULL and as source my AD and as Domain my Domain. After that i
got the same error message like if i try to auth with an user account:
Tue Mar 22 13:27:55 2016 : Debug: [chrooted_mschap] Creating challenge hash
with username: host/50-054.bs.firma.de
Tue Mar 22 13:27:55 2016 : Debug: [chrooted_mschap] Client is using
MS-CHAPv2 for host/50-054.bs.firma.de, we need NT-Password
Tue Mar 22 13:27:55 2016 : Debug: [chrooted_mschap] expand:
/chroots/%{PacketFence-Domain} -> /chroots/BS
Tue Mar 22 13:27:55 2016 : Debug: [chrooted_mschap] expand:
--username=%{mschap:User-Name:-None} -> --username=50-054$
Tue Mar 22 13:27:55 2016 : Debug: [chrooted_mschap] Creating challenge hash
with username: host/50-054.bs.firma.de
Tue Mar 22 13:27:55 2016 : Debug: [chrooted_mschap] expand:
--challenge=%{mschap:Challenge:-00} -> --challenge=bdc5c224cf471a88
Tue Mar 22 13:27:55 2016 : Debug: [chrooted_mschap] expand:
--nt-response=%{mschap:NT-Response:-00} ->
--nt-response=b40a7d6be6d0d05292de52356df5e5590238293b3acba4cc
Tue Mar 22 13:27:55 2016 : Debug: [chrooted_mschap] Exec: program returned:
139
Tue Mar 22 13:27:55 2016 : Debug: [chrooted_mschap] External script failed.
Tue Mar 22 13:27:55 2016 : Debug: [chrooted_mschap] FAILED:
MS-CHAP2-Response is incorrect
What's going wrong there :/ I would be very thankful if someone can give me
a hint :)
If you need the full log, I can send it but it's very very long (1303 rows)
:D
Greeting,
Tobias
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
