Hi Fabrice I have done what you said me.I got this on radius debug and the user
was not be able to authenticateThanks
+++ ... skipping else for request 3: Preceding "if" was taken++} # policy
set.called_station_ssid = updated[suffix] No '@' in User-Name =
"Administrateur", skipping NULL due to config.++[suffix] = noop[ntdomain] No
'\' in User-Name = "Administrateur", looking up realm NULL[ntdomain] No such
realm "NULL"++[ntdomain] = noop++[preprocess] = ok[eap] EAP packet type
response id 3 length 6[eap] Continuing tunnel setup.++[eap] = ok+} # group
authorize = okFound Auth-Type = EAP# Executing group from file
/usr/local/pf/raddb//sites-enabled/packetfence+group authenticate {[eap]
Request found, released from the list[eap] EAP/peap[eap] processing type
peap[peap] processing EAP-TLS[peap] Received TLS ACK[peap] ACK handshake
fragment handler[peap] eaptls_verify returned 1 [peap] eaptls_process returned
13 [peap] EAPTLS_HANDLED++[eap] = handled+} # group authenticate = handled} #
server packetfenceSending Access-Challenge of id 16 to 192.168.1.5 port 1812
EAP-Message = 0x010400061900 Message-Authenticator =
0x00000000000000000000000000000000 State =
0x2086177523820e5bbecd243628d2f57bFinished request 3.Going to the next
requestWaking up in 4.9 seconds.Cleaning up request 0 ID 13 with timestamp
+21Cleaning up request 1 ID 14 with timestamp +21Cleaning up request 2 ID 15
with timestamp +21Cleaning up request 3 ID 16 with timestamp +22WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING:
!! EAP session for state 0x2086177523820e5b did not finish!WARNING: !! Please
read http://wiki.freeradius.org/guide/Certificate_CompatibilityWARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Ready to
process requests.
Le Mercredi 13 avril 2016 15h20, Fabrice DURAND <[email protected]> a
écrit :
Ok i need the radius debug.
So do:
pkill radiusd
/usr/sbin/radiusd -d /usr/local/pf/raddb/ -n auth -X
retry the authentication and paste the debug of radiusd.
Fabrice
Le 2016-04-12 15:02, TOURE Amidou Florian a écrit :
I have this when I do wbinfo -u:
[root@localhost toure]# wbinfo -u administrateur invité toure amidou krbtgt
anisha.kindo [root@localhost toure]#
Le Mardi 12 avril 2016 20h50, Durand fabrice <[email protected]> a écrit
:
What about : wbinfo -u
Regards
Fabrice
Le 2016-04-12 14:36, TOURE Amidou Florian a écrit :
Hi Fabrice you had probably right.It doesn't work. But It works for this
user : Anisha.kindo and ntlm_auth works fine so I configure my comptuer with
these informations and I got this error on radius.log Tue Apr
12 11:29:45 2016 : Error: Discarding duplicate request from client
192.168.1.5/255.255.255.0 port 1812 - ID: 171 due to unfinished request 134 in
co$ Tue Apr 12 11:29:46 2016 : Info: Child PID 12820
(/usr/local/pf/bin/ntlm_auth_wrapper) is taking too much time: forcing failure
and killing child. Tue Apr 12 11:29:46 2016 : Auth: Login incorrect (mschap:
External script says ): [Anisha.kindo] (from client 192.168.1.5/255.255.255.0
port 50002 cli 00:40$ Tue Apr 12 11:29:46 2016 : Auth: Login incorrect:
[Anisha.kindo] (from client 192.168.1.5/255.255.255.0 port 50002 cli
00:40:d0:67:d0:b1)
And radius audit log I have this : RADIUS Request NAS-Port-Type = Ethernet
Service-Type = Framed-User Called-Station-Id = "00:18:ba:9b:e7:82"
Cisco-NAS-Port = "FastEthernet0/2" State = 0x5c8132e05c87282050d3f340cc152619
FreeRADIUS-Proxied-To = 127.0.0.1 EAP-Type = MS-CHAP-V2 NAS-IP-Address =
192.168.4.1 Calling-Station-Id = "00:40:d0:67:d0:b1" MS-CHAP-Challenge =
0x41de41bea1842561117591bc4eef86cf MS-CHAP-User-Name = "Anisha.kindo"
User-Name = "Anisha.kindo" EAP-Message
=0x020600471a02060042317e0befde4c7d250ae9c705be78100eee0000000000000000784e15dd191beb5cec55888bdb056de42a37addfc9a1d90300416e697368612e6b696e646f
MS-CHAP2-Response
=0x066e7e0befde4c7d250ae9c705be78100eee0000000000000000784e15dd191beb5cec55888bdb056de42a37addfc9a1d903
NAS-Port = 50002 Framed-MTU = 1500 Module-Failure-Message = "mschap:
External script says " SQL-User-Name = "Anisha.kindo" RADIUS Reply
MS-CHAP-Error = "06E=691 R=0" EAP-Message = 0x04060004 Message-Authenticator
= 0x00000000000000000000000000000000
I don't realy know how I can find an issue on my problem. Need help again.
Thanks
Le Mardi 12 avril 2016 16h21, Durand fabrice <[email protected]> a écrit
:
Are yous sure ntlm_auth with this username works : host/Administrateur ?
Regards
Fabrice
Le 2016-04-11 15:42, TOURE Amidou Florian a écrit :
Hi all , I have again a problem to authenticate my users. I have done
ntlm_auth and It works fine I added my Packetefence IP address on clients.conf
and tried to authenticate my users nothing. I have configured my computer with
the same info on the ntlm_auth command and I was not be able to authenticate
the user. I also remarked that the NAS IP address of my server is 192.168.4.1
which is the IP address of my Mac detection vlan,is that the error? The main
error I got when trying to authenticate a user is this and I really don't
know how to solve it : RADIUS Request NAS-Port-Type = Ethernet Service-Type =
Framed-User Called-Station-Id = "00:18:ba:9b:e7:82" Cisco-NAS-Port =
"FastEthernet0/2" State = 0x8e1f2ea08e19341841560f18f300b1ec
FreeRADIUS-Proxied-To = 127.0.0.1 EAP-Type = MS-CHAP-V2 NAS-IP-Address =
192.168.4.1 Calling-Station-Id = "00:40:d0:67:d0:b1" MS-CHAP-Challenge =
0x93b8965b16bc2fea673cd9751d3c4008 MS-CHAP-User-Name = "host/Administrateur"
User-Name = "host/Administrateur" EAP-Message
=0x0206004e1a0206004931860d2b7eb7f4237134dac34b640b1102000000000000000000000000000000000000000000000000000000000000000000686f73742f41646d696e697374726174657572
MS-CHAP2-Response
=0x066f860d2b7eb7f4237134dac34b640b11020000000000000000000000000000000000000000000000000000000000000000
NAS-Port = 50002 Framed-MTU = 1500 Module-Failure-Message = "mschap:
External script says Logon failure (0xc000006d)" SQL-User-Name =
"host/Administrateur" RADIUS Reply MS-CHAP-Error = "06E=691 R=0" EAP-Message
= 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
