Issue was in understanding. Secret to use is the one in the
/usr/local/pf/raddb/clients.conf, and account in AD needs to have access
enabled on dial-in tab. then test works.
Peter
On 06/19/2017 11:43 AM, Peter Reilly wrote:
> Hi,
>
> I'm trying to configure and validate radius under the
> PacketFence_Administration_Guide.asciidoc section:
>
> Option 1b: Authentication against Active Directory (AD) in a cluster
>
> ntlm_auth test works fine.
>
> Radtest fails:
> radtest -t mschap -x username password localhost:18120 12 secret
>
> It looks like I'm not having any packets leaving the host destined to
> a AD controller when using radtest. tcpdump shows no connections
> attempted to a domain controller.
>
> The log shows:
> Jun 19 11:08:49 o-pf01-tdv auth[19671]: Dropping packet without
> response because of error: Received packet from 127.0.0.1 with invalid
> Message-Authenticator! (Shared secret is incorrect.)
>
> Is the file /usr/local/pf/raddb/clients.conf supposed to be modified?
> I don't see a step in the documentation for that.
>
> How can I best troubleshoot this?
>
> Thanks,
>
> Peter
>
>
>
> --
>
> Peter Reilly
> Wycliffe Bible Translators
> [email protected]
--
Peter Reilly
Wycliffe Bible Translators
[email protected]
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
