Re: [PacketFence-users] (no subject)

Wed, 11 May 2016 13:41:01 -0700 

Good news I tried with a other user and It works I got an IP address for the 
registration vlan and I  have the web captive portal but I cant connect when I 
use the username and the password of the user but this is is my radius debug 
Hope it will help 
User-Name = "Anisha.kindo"(9)   Service-Type = Framed-User(9)   Framed-MTU = 
1500(9)   Called-Station-Id = "EC-44-76-87-F0-83"(9)   Calling-Station-Id = 
"00-40-D0-67-D0-B1"(9)   EAP-Message = 
0x020b002b1900170301002022c5d7f1d12476323a8432e284680d4acba3e8506518d4b0fd054ca8589a7631(9)
   Message-Authenticator = 0x72daab2cdbfc369a37bc5b0e9cd1a5ca(9)   Cisco-AVPair 
= "audit-session-id=C0A80105000000190041662F"(9)   NAS-Port-Type = Ethernet(9)  
 NAS-Port = 50003(9)   NAS-Port-Id = "FastEthernet0/3"(9)   State = 
0x2fafff6627a4e6d797c40734df780052(9)   NAS-IP-Address = 192.168.1.5(9) 
session-state: No cached attributes(9) # Executing section authorize from file 
/usr/local/pf/raddb//sites-enabled/packetfence(9)   authorize {(9)     update 
{(9)       EXPAND %{Packet-Src-IP-Address}(9)          --> 192.168.1.5(9)       
&request:FreeRADIUS-Client-IP-Address := 192.168.1.5(9)       
&control:PacketFence-RPC-Server = 127.0.0.1(9)       
&control:PacketFence-RPC-Port = 7070(9)       &control:PacketFence-RPC-User = 
(9)       &control:PacketFence-RPC-Pass = (9)       
&control:PacketFence-RPC-Proto = http(9)       EXPAND %l(9)          --> 
1462998161(9)       &control:Tmp-Integer-0 := 1462998161(9)       
&control:PacketFence-Request-Time := 0(9)     } # update = noop(9)     policy 
rewrite_calling_station_id {(9)       if (&Calling-Station-Id && 
(&Calling-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
 {(9)       if (&Calling-Station-Id && (&Calling-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
  -> TRUE(9)       if (&Calling-Station-Id && (&Calling-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
  {(9)         update request {(9)           EXPAND 
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}(9)              --> 
00:40:d0:67:d0:b1(9)           &Calling-Station-Id := 00:40:d0:67:d0:b1(9)      
   } # update request = noop(9)         [updated] = updated(9)       } # if 
(&Calling-Station-Id && (&Calling-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
  = updated(9)       ... skipping else for request 9: Preceding "if" was 
taken(9)     } # policy rewrite_calling_station_id = updated(9)     policy 
rewrite_called_station_id {(9)       if ((&Called-Station-Id) && 
(&Called-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
 {(9)       if ((&Called-Station-Id) && (&Called-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
  -> TRUE(9)       if ((&Called-Station-Id) && (&Called-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
  {(9)         update request {(9)           &Called-Station-Id !* ANY(9)       
    EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}(9)              --> 
ec:44:76:87:f0:83(9)           &Called-Station-Id := ec:44:76:87:f0:83(9)       
  } # update request = noop(9)         if ("%{8}") {(9)         EXPAND %{8}(9)  
          --> (9)         if ("%{8}")  -> FALSE(9)         elsif ( 
(Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {(9)         elsif 
( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i)  -> FALSE(9)     
    elsif (Aruba-Essid-Name) {(9)         elsif (Aruba-Essid-Name)  -> FALSE(9) 
        elsif ( (Cisco-AVPair)  && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {(9)    
     EXPAND %{Cisco-AVPair}(9)            --> 
audit-session-id=C0A80105000000190041662F(9)         elsif ( (Cisco-AVPair)  && 
"%{Cisco-AVPair}" =~ /^ssid=(.*)$/i)  -> FALSE(9)         [updated] = 
updated(9)       } # if ((&Called-Station-Id) && (&Called-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
  = updated(9)       ... skipping else for request 9: Preceding "if" was 
taken(9)     } # policy rewrite_called_station_id = updated(9)     policy 
filter_username {(9)       if (&User-Name) {(9)       if (&User-Name)  -> 
TRUE(9)       if (&User-Name)  {(9)         if (&User-Name =~ / /) {(9)         
if (&User-Name =~ / /)  -> FALSE(9)         if (&User-Name =~ /@[^@]*@/ ) {(9)  
       if (&User-Name =~ /@[^@]*@/ )  -> FALSE(9)         if (&User-Name =~ 
/\.\./ ) {(9)         if (&User-Name =~ /\.\./ )  -> FALSE(9)         if 
((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {(9)         if 
((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE(9)         
if (&User-Name =~ /\.$/)  {(9)         if (&User-Name =~ /\.$/)   -> FALSE(9)   
      if (&User-Name =~ /@\./)  {(9)         if (&User-Name =~ /@\./)   -> 
FALSE(9)       } # if (&User-Name)  = updated(9)     } # policy filter_username 
= updated(9)     policy filter_password {(9)       if (&User-Password &&     
(&User-Password != "%{string:User-Password}")) {(9)       if (&User-Password && 
    (&User-Password != "%{string:User-Password}"))  -> FALSE(9)     } # policy 
filter_password = updated(9)     [preprocess] = ok(9) suffix: Checking for 
suffix after "@"(9) suffix: No '@' in User-Name = "Anisha.kindo", skipping NULL 
due to config.(9)     [suffix] = noop(9) ntdomain: Checking for prefix before 
"\"(9) ntdomain: No '\' in User-Name = "Anisha.kindo", looking up realm NULL(9) 
ntdomain: No such realm "NULL"(9)     [ntdomain] = noop(9) eap: Peer sent EAP 
Response (code 2) ID 11 length 43(9) eap: Continuing tunnel setup(9)     [eap] 
= ok(9)   } # authorize = ok(9) Found Auth-Type = eap(9) # Executing group from 
file /usr/local/pf/raddb//sites-enabled/packetfence(9)   authenticate {(9) eap: 
Expiring EAP session with state 0x2fafff6627a4e6d7(9) eap: Finished EAP session 
with state 0x2fafff6627a4e6d7(9) eap: Previous EAP request found for state 
0x2fafff6627a4e6d7, released from the list(9) eap: Peer sent packet with method 
EAP PEAP (25)(9) eap: Calling submodule eap_peap to process data(9) eap_peap: 
Continuing EAP-TLS(9) eap_peap: [eaptls verify] = ok(9) eap_peap: Done initial 
handshake(9) eap_peap: [eaptls process] = ok(9) eap_peap: Session established.  
Decoding tunneled attributes(9) eap_peap: PEAP state send tlv success(9) 
eap_peap: Received EAP-TLV response(9) eap_peap: Success(9) eap_peap: Using 
saved attributes from the original Access-Accept(9) eap_peap:   User-Name = 
"Anisha.kindo"(9) eap_peap:   Tunnel-Type = VLAN(9) eap_peap:   
Tunnel-Private-Group-Id = "100"(9) eap_peap:   Filter-Id = "registration.in"(9) 
eap_peap:   Tunnel-Medium-Type = IEEE-802(9) eap: Sending EAP Success (code 3) 
ID 11 length 4(9) eap: Freeing handler(9)     [eap] = ok(9)   } # authenticate 
= ok(9) # Executing section post-auth from file 
/usr/local/pf/raddb//sites-enabled/packetfence(9)   post-auth {(9)     update 
{(9)       EXPAND %{Packet-Src-IP-Address}(9)          --> 192.168.1.5(9)       
&request:FreeRADIUS-Client-IP-Address := 192.168.1.5(9)       
&control:PacketFence-RPC-Server = 127.0.0.1(9)       
&control:PacketFence-RPC-Port = 7070(9)       &control:PacketFence-RPC-User = 
(9)       &control:PacketFence-RPC-Pass = (9)       
&control:PacketFence-RPC-Proto = http(9)     } # update = noop(9)     if (! 
EAP-Type || (EAP-Type != TTLS  && EAP-Type != PEAP) ) {(9)     if (! EAP-Type 
|| (EAP-Type != TTLS  && EAP-Type != PEAP) )  -> FALSE(9) 
attr_filter.packetfence_post_auth: EXPAND %{User-Name}(9) 
attr_filter.packetfence_post_auth:    --> Anisha.kindo(9) 
attr_filter.packetfence_post_auth: Matched entry DEFAULT at line 10(9)     
[attr_filter.packetfence_post_auth] = updated(9) linelog: EXPAND 
messages.%{%{reply:Packet-Type}:-default}(9) linelog:    --> 
messages.Access-Accept(9) linelog: EXPAND %t : [mac:%{Calling-Station-Id}] 
Accepted user: %{reply:User-Name} and returned VLAN 
%{reply:Tunnel-Private-Group-ID}(9) linelog:    --> Wed May 11 22:22:41 2016 : 
[mac:00:40:d0:67:d0:b1] Accepted user: Anisha.kindo and returned VLAN 100(9) 
linelog: EXPAND /usr/local/pf/logs/radius.log(9) linelog:    --> 
/usr/local/pf/logs/radius.log(9)     [linelog] = ok(9)   } # post-auth = 
updated(9) Login OK: [Anisha.kindo] (from client 192.168.1.5 port 50003 cli 
00:40:d0:67:d0:b1)(9) Sent Access-Accept Id 137 from 192.168.10.1:1812 to 
192.168.1.5:1645 length 0(9)   User-Name = "Anisha.kindo"(9)   Tunnel-Type = 
VLAN(9)   Tunnel-Private-Group-Id = "100"(9)   Filter-Id = "registration.in"(9) 
  Tunnel-Medium-Type = IEEE-802(9)   MS-MPPE-Recv-Key = 
0xcce61f8772c744cdfd538ca370986b88625a29194a7d85e953482a38c240dde1(9)   
MS-MPPE-Send-Key = 
0x7867072beffe2d9a69af3f6026b26041875a722cdab05e9e154d558ecb7fd64a(9)   
EAP-Message = 0x030b0004(9)   Message-Authenticator = 
0x00000000000000000000000000000000(9) Finished requestWaking up in 4.6 
seconds.(0) Cleaning up request packet ID 128 with timestamp +4(1) Cleaning up 
request packet ID 129 with timestamp +4(2) Cleaning up request packet ID 130 
with timestamp +4(3) Cleaning up request packet ID 131 with timestamp +4(4) 
Cleaning up request packet ID 132 with timestamp +4(5) Cleaning up request 
packet ID 133 with timestamp +4(6) Cleaning up request packet ID 134 with 
timestamp +4(7) Cleaning up request packet ID 135 with timestamp +4Waking up in 
0.1 seconds.(8) Cleaning up request packet ID 136 with timestamp +4(9) Cleaning 
up request packet ID 137 with timestamp +5Ready to process requests

 

    Le Mercredi 11 mai 2016 20h54, Louis Munro <[email protected]> a écrit :
 

 


On May 11, 2016, at 15:45 , TOURE Amidou Florian <[email protected]> 
wrote:
I got a logon failure and this is the output  [root@localhost toure]# ntlm_auth 
  --request-nt-key  --username=Administrateur  --challenge=c330d9e5a3d1ecdf 
--nt-response=fa1cb5436a574339be984a38670c37bd8554f4e5afe4a141 Logon failure 
(0xc000006d)

Then your username or password is incorrect.
--
Louis Munro
[email protected]  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users


  
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to