Hello Luca,
add a realm dm.loc and assign it to your domain and restart radius.
Regards
Fabrice
Le 2017-07-10 à 05:58, luca comes via PacketFence-users a écrit :
>
> I've found this error in radius.log
>
>
> ERROR: mschap_machine: Program returned code (1) and output 'Reading
> winbind reply failed! (0xc00
> 00001)'
>
>
> But the domain is working fine, how can I solve this?
>
>
> Luca
>
>
> Inviato da Outlook <http://aka.ms/weboutlook>
>
>
>
> ------------------------------------------------------------------------
> *Da:* luca comes via PacketFence-users
> <packetfence-users@lists.sourceforge.net>
> *Inviato:* lunedì 10 luglio 2017 11:42
> *A:* packetfence-users@lists.sourceforge.net
> *Cc:* luca comes
> *Oggetto:* Re: [PacketFence-users] Machine authentication
>
>
> Hi all,
>
> any suggestion? I don't know what check, domain is correctly
> configured the test are fine (wbinfo -u etc.). I added my domain to
> the LOCAL realm as per Antoine mail but is still doesn't work.
>
>
> Thanks for your help
>
>
> Luca
>
>
> Inviato da Outlook <http://aka.ms/weboutlook>
>
>
>
> ------------------------------------------------------------------------
> *Da:* luca comes via PacketFence-users
> <packetfence-users@lists.sourceforge.net>
> *Inviato:* venerdì 7 luglio 2017 17:40
> *A:* packetfence-users@lists.sourceforge.net
> *Cc:* luca comes
> *Oggetto:* Re: [PacketFence-users] Machine authentication
>
>
> Hi Antoine,
>
> thank you for your answer, unfortunately it doesn't work. Same
> behavior as before, any other suggestion?
>
>
> Luca
>
>
> Inviato da Outlook <http://aka.ms/weboutlook>
>
>
>
> ------------------------------------------------------------------------
> *Da:* Antoine Amacher via PacketFence-users
> <packetfence-users@lists.sourceforge.net>
> *Inviato:* venerdì 7 luglio 2017 17:20
> *A:* packetfence-users@lists.sourceforge.net
> *Cc:* Antoine Amacher
> *Oggetto:* Re: [PacketFence-users] Machine authentication
>
>
> Lucas,
>
>
> Map the domain on which they should authenticate with the REALM LOCAL.
>
>
> In configuration -> policies and access control -> realms
>
>
> Thanks
>
>
> On 07/07/2017 11:15 AM, luca comes via PacketFence-users wrote:
>>
>> Hi all,
>>
>> I'm trying to do machine authentication vs Windows AD but it doesn't
>> work. I've created the domain and the realm but in the radius debug
>> log I can see that it is not catching the correct realm:
>>
>>
>>
>> (20) Fri Jul 7 16:29:45 2017: Debug: Received Access-Request Id 103
>> from 10.10.10.4:1645 to 172.27.17.5:1812 length 226
>> (20) Fri Jul 7 16:29:45 2017: Debug: User-Name = "host/LAB3-NB.dm.loc"
>> (20) Fri Jul 7 16:29:45 2017: Debug: Service-Type = Framed-User
>> (20) Fri Jul 7 16:29:45 2017: Debug: Framed-MTU = 1500
>> (20) Fri Jul 7 16:29:45 2017: Debug: Called-Station-Id =
>> "00-22-91-6F-B8-81"
>> (20) Fri Jul 7 16:29:45 2017: Debug: Calling-Station-Id =
>> "00-9C-02-92-EA-B0"
>> (20) Fri Jul 7 16:29:45 2017: Debug: EAP-Message =
>> 0x0201001801686f73742f4c4142332d4e422e646d2e6c6f63
>> (20) Fri Jul 7 16:29:45 2017: Debug: Message-Authenticator =
>> 0xcf9553149f5c843907b87d3758e0b7d8
>> (20) Fri Jul 7 16:29:45 2017: Debug: Cisco-AVPair =
>> "audit-session-id=0A0A0A04000000DEBBDF4BBE"
>> (20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port-Type = Ethernet
>> (20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port = 50101
>> (20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port-Id =
>> "GigabitEthernet1/0/1"
>> (20) Fri Jul 7 16:29:45 2017: Debug: NAS-IP-Address = 10.10.10.4
>> ....
>>
>> ....
>>
>> (20) Fri Jul 7 16:29:46 2017: Debug: suffix: Checking for suffix
>> after "@"
>> (20) Fri Jul 7 16:29:46 2017: Debug: suffix: No '@' in User-Name =
>> "host/LAB3-NB.dm.loc", skipping NULL due to config.
>> (20) Fri Jul 7 16:29:46 2017: Debug: [suffix] = noop
>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Checking for prefix
>> before "\"
>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: No '\' in User-Name =
>> "host/LAB3-NB.dm.loc", looking up realm NULL
>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Found realm "null"
>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Adding
>> Stripped-User-Name = "host/LAB3-NB.dm.loc"
>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Adding Realm = "null"
>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Authentication realm
>> is LOCAL
>> (20) Fri Jul 7 16:29:46 2017: Debug: [ntdomain] = ok
>>
>>
>> How can I solve this? Obviously the machine is correctly joined to
>> the domain below the servicePrincipalName associated:
>>
>>
>> TERMSRV/LAB3-NB.dm.loc
>> TERMSRV/LAB3-NB
>> RestrictedKrbHost/LAB3-NB
>> HOST/LAB3-NB
>> RestrictedKrbHost/LAB3-NB.dm.loc
>> HOST/LAB3-NB.dm.loc
>>
>>
>> Anyone that can suggest me what to check?
>>
>>
>> Thank you in advance.
>>
>>
>> Luca
>>
>>
>> Inviato da Outlook <http://aka.ms/weboutlook>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> --
> Antoine Amacher
> aamac...@inverse.ca :: www.inverse.ca
> +1.514.447.4918 x130 :: +1 (866) 353-6153 x130
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
