Your supplicant is not configured to attempt eap-tls.
It's trying PEAP, as you can see from the logs.
In additon, PEAP itself is not going to work because winbind is either not
running or misconfigured.
But try to fix one thing at a time.
Get the supplicant to authenticate using eap-tls.
Until it does no amount of changing the configuration will help.
Once you have the supplicant attempting eap-tls, run FreeRADIUS in debug mode :
# radiusd -d /usr/local/pf/raddb -n auth -X
It will tell you a lot more than just the logs.
> On Aug 9, 2016, at 4:05 PM, Vianney Amador <[email protected]> wrote:
>
> Hi guys,
>
> I've been struggling for a couple of days with this setup, but I haven't been
> able to make work, the PCs will not connect WiFi.
>
> radius.log
>
> Tue Aug 9 15:28:55 2016 : ERROR: (193) mschap: ERROR: Program returned code
> (1) and output 'Reading winbind reply failed! (0xc0000001)'
> Tue Aug 9 15:28:55 2016 : Auth: (193) Login incorrect (mschap: Program
> returned code (1) and output 'Reading winbind reply failed! (0xc0000001)'):
> [host/PC0001.INTRANET.local] (from client 192.168.1.28 port 1 cli
> f8:16:54:1a:14:13 via TLS tunnel)
> Tue Aug 9 15:28:55 2016 : Info: rlm_sql (sql): Closing connection (253): Hit
> idle_timeout, was idle for 101 seconds
> Tue Aug 9 15:28:55 2016 : Info: rlm_sql (sql): Closing connection (254): Hit
> idle_timeout, was idle for 101 seconds
> Tue Aug 9 15:28:55 2016 : Info: rlm_sql (sql): Opening additional connection
> (255), 1 of 64 pending slots used
> Tue Aug 9 15:28:55 2016 : Info: rlm_sql (sql): Need 2 more connections to
> reach 10 spares
> Tue Aug 9 15:28:55 2016 : Info: rlm_sql (sql): Opening additional connection
> (256), 1 of 63 pending slots used
> Tue Aug 9 15:28:55 2016 : Info: (194) eap_peap: The users session was
> previously rejected: returning reject (again.)
> Tue Aug 9 15:28:55 2016 : Info: (194) eap_peap: This means you need to
> read the PREVIOUS messages in the debug output
> Tue Aug 9 15:28:55 2016 : Info: (194) eap_peap: to find out the reason why
> the user was rejected
> Tue Aug 9 15:28:55 2016 : Info: (194) eap_peap: Look for "reject" or
> "fail". Those earlier messages will tell you
> Tue Aug 9 15:28:55 2016 : Info: (194) eap_peap: what went wrong, and how
> to fix the problem
> Tue Aug 9 15:28:55 2016 : Auth: (194) Login incorrect (eap: Failed
> continuing EAP PEAP (25) session. EAP sub-module failed):
> [host/PC0001.INTRANET.local] (from client 192.168.1.28 port 1 cli
> f8:16:54:1a:14:13)
> Tue Aug 9 15:28:55 2016 : [mac:f8:16:54:1a:14:13] Rejected user:
> host/PC0001.INTRANET.local
>
>
> Thank you for your help,
> Vianney
>
Best regards,
--
Louis Munro
[email protected] <mailto:[email protected]> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (www.packetfence.org <http://www.packetfence.org/>)
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
