On 9/7/16 15:36, Louis Munro wrote: > Also, check that you have enabled local auth by uncommenting line 98 in > conf/radiusd/packetfence-tunnel.
Ah, well.. That wasn't set properly.. Is that in the documentation somewhere and I overlooked it? I already owe you beer from that last time we did this dance. We're definitely going to have to meet up at some point so I can settle my debt.. :P >> It's trying to use winbind for authentication. >> Assuming you want to use locally defined users, it should not do that. >> >> Can you send the output to >> >> # radiusd -d /usr/local/pf/raddb -n auth -X >> >> Please? >> >> It should tell us why it's doing that. Ok, so the windbind error seems to have gone away. I'm still rejected, but now with a slightly different error : Wed Sep 7 16:14:39 2016 : Auth: (8) Login incorrect (mschap: MS-CHAP2-Response is incorrect): [testuser] (from client 192.168.10.10 port 50101 cli xx:xx:xx:xx:xx:xx via TLS tunnel) Wed Sep 7 16:14:39 2016 : Info: (9) eap_peap: The users session was previously rejected: returning reject (again.) Wed Sep 7 16:14:39 2016 : Info: (9) eap_peap: This means you need to read the PREVIOUS messages in the debug output Wed Sep 7 16:14:39 2016 : Info: (9) eap_peap: to find out the reason why the user was rejected Wed Sep 7 16:14:39 2016 : Info: (9) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you Wed Sep 7 16:14:39 2016 : Info: (9) eap_peap: what went wrong, and how to fix the problem Wed Sep 7 16:14:39 2016 : Auth: (9) Login incorrect (eap: Failed continuing EAP PEAP (25) session. EAP sub-module failed): [testuser] (from client 192.168.10.10 port 50101 cli xx:xx:xx:xx:xx:xx) Before we go too much farther, I haven't changes the sources configuration at all. Is there anything in there I need to add/change? The radiusd output is rather long.. The above error is in the radiusd output as well, so that's likely what you're looking for.. -- --------------------------- Jason 'XenoPhage' Frisvold [email protected] --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - Niven's Inverse of Clarke's Third Law
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
