Hello mailing list,
Running Packetfence 6.4.0-1 on Centos 7.3.1611
Test switch is Cisco 2960 running 15.0(1)SE3
I have joined the server to our AD domain
net ads testjoin returns "Join is OK"
I have enabled winbind, and ntlm_auth successfully authenticates domain
users.
I have issued a certificate from our AD PKI to the PF server, and also
copied the CA cert into a separate eap-tls folder as suggested, then
updated eap.conf - radiusd seems to be happy with it.
I am trying to get dot1x *wired* machine authentication working for
domain-joined machines.
When I connect a domain-joined computer to a dot1x port the radiusd log
shows:
mschap: Program returned code (1) and output 'Logon failure (0xc000006d)'
I have seen elsewhere in the mailing lists a few responses by Louis Munro
around troubleshooting this with ntlm_auth, and certainly running ntlm_auth
with the challenge and response shown in the log is giving me the same
error.
Not sure to go with this - I think I probably don't understand my options
on machine authentication
in terms of certificate vs machine account/password, and therefore have an
incomplete config.
Would anyone be able to nudge me a little further along? I think I would
like authentication by certificate for domain-joined machines to work,
unless you can recommend otherwise.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
