I've found this error in radius.log
ERROR: mschap_machine: Program returned code (1) and output 'Reading winbind
reply failed! (0xc00
00001)'
But the domain is working fine, how can I solve this?
Luca
Inviato da Outlook<http://aka.ms/weboutlook>
________________________________
Da: luca comes via PacketFence-users <[email protected]>
Inviato: lunedì 10 luglio 2017 11:42
A: [email protected]
Cc: luca comes
Oggetto: Re: [PacketFence-users] Machine authentication
Hi all,
any suggestion? I don't know what check, domain is correctly configured the
test are fine (wbinfo -u etc.). I added my domain to the LOCAL realm as per
Antoine mail but is still doesn't work.
Thanks for your help
Luca
Inviato da Outlook<http://aka.ms/weboutlook>
________________________________
Da: luca comes via PacketFence-users <[email protected]>
Inviato: venerdì 7 luglio 2017 17:40
A: [email protected]
Cc: luca comes
Oggetto: Re: [PacketFence-users] Machine authentication
Hi Antoine,
thank you for your answer, unfortunately it doesn't work. Same behavior as
before, any other suggestion?
Luca
Inviato da Outlook<http://aka.ms/weboutlook>
________________________________
Da: Antoine Amacher via PacketFence-users
<[email protected]>
Inviato: venerdì 7 luglio 2017 17:20
A: [email protected]
Cc: Antoine Amacher
Oggetto: Re: [PacketFence-users] Machine authentication
Lucas,
Map the domain on which they should authenticate with the REALM LOCAL.
In configuration -> policies and access control -> realms
Thanks
On 07/07/2017 11:15 AM, luca comes via PacketFence-users wrote:
Hi all,
I'm trying to do machine authentication vs Windows AD but it doesn't work. I've
created the domain and the realm but in the radius debug log I can see that it
is not catching the correct realm:
(20) Fri Jul 7 16:29:45 2017: Debug: Received Access-Request Id 103 from
10.10.10.4:1645 to 172.27.17.5:1812 length 226
(20) Fri Jul 7 16:29:45 2017: Debug: User-Name = "host/LAB3-NB.dm.loc"
(20) Fri Jul 7 16:29:45 2017: Debug: Service-Type = Framed-User
(20) Fri Jul 7 16:29:45 2017: Debug: Framed-MTU = 1500
(20) Fri Jul 7 16:29:45 2017: Debug: Called-Station-Id = "00-22-91-6F-B8-81"
(20) Fri Jul 7 16:29:45 2017: Debug: Calling-Station-Id = "00-9C-02-92-EA-B0"
(20) Fri Jul 7 16:29:45 2017: Debug: EAP-Message =
0x0201001801686f73742f4c4142332d4e422e646d2e6c6f63
(20) Fri Jul 7 16:29:45 2017: Debug: Message-Authenticator =
0xcf9553149f5c843907b87d3758e0b7d8
(20) Fri Jul 7 16:29:45 2017: Debug: Cisco-AVPair =
"audit-session-id=0A0A0A04000000DEBBDF4BBE"
(20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port-Type = Ethernet
(20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port = 50101
(20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port-Id = "GigabitEthernet1/0/1"
(20) Fri Jul 7 16:29:45 2017: Debug: NAS-IP-Address = 10.10.10.4
....
....
(20) Fri Jul 7 16:29:46 2017: Debug: suffix: Checking for suffix after "@"
(20) Fri Jul 7 16:29:46 2017: Debug: suffix: No '@' in User-Name =
"host/LAB3-NB.dm.loc", skipping NULL due to config.
(20) Fri Jul 7 16:29:46 2017: Debug: [suffix] = noop
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Checking for prefix before "\"
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: No '\' in User-Name =
"host/LAB3-NB.dm.loc", looking up realm NULL
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Found realm "null"
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Adding Stripped-User-Name =
"host/LAB3-NB.dm.loc"
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Adding Realm = "null"
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Authentication realm is LOCAL
(20) Fri Jul 7 16:29:46 2017: Debug: [ntdomain] = ok
How can I solve this? Obviously the machine is correctly joined to the domain
below the servicePrincipalName associated:
TERMSRV/LAB3-NB.dm.loc
TERMSRV/LAB3-NB
RestrictedKrbHost/LAB3-NB
HOST/LAB3-NB
RestrictedKrbHost/LAB3-NB.dm.loc
HOST/LAB3-NB.dm.loc
Anyone that can suggest me what to check?
Thank you in advance.
Luca
Inviato da Outlook<http://aka.ms/weboutlook>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Antoine Amacher
[email protected]<mailto:[email protected]> ::
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x130 :: +1 (866) 353-6153 x130
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
