Hi Fabrice,
in this manner the error is not shown in radius.log but machine authentication
is still not working. Also as the preceding email the domain (DM) is correctly
joined and tested with wbinfo. But if I try a radtest vs my domain I obtain an
Access-Reject. Any suggestio on how to troubleshoot this problem? I would like
to go in production but with those results I have to leave.
Thanks
Luca
Inviato da Outlook<http://aka.ms/weboutlook>
________________________________
Da: Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>
Inviato: lunedì 10 luglio 2017 14:23
A: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Oggetto: Re: [PacketFence-users] Machine authentication
Hello Luca,
add a realm dm.loc and assign it to your domain and restart radius.
Regards
Fabrice
Le 2017-07-10 à 05:58, luca comes via PacketFence-users a écrit :
I've found this error in radius.log
ERROR: mschap_machine: Program returned code (1) and output 'Reading winbind
reply failed! (0xc00
00001)'
But the domain is working fine, how can I solve this?
Luca
Inviato da Outlook<http://aka.ms/weboutlook>
________________________________
Da: luca comes via PacketFence-users
<packetfence-users@lists.sourceforge.net><mailto:packetfence-users@lists.sourceforge.net>
Inviato: lunedì 10 luglio 2017 11:42
A:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: luca comes
Oggetto: Re: [PacketFence-users] Machine authentication
Hi all,
any suggestion? I don't know what check, domain is correctly configured the
test are fine (wbinfo -u etc.). I added my domain to the LOCAL realm as per
Antoine mail but is still doesn't work.
Thanks for your help
Luca
Inviato da Outlook<http://aka.ms/weboutlook>
________________________________
Da: luca comes via PacketFence-users
<packetfence-users@lists.sourceforge.net><mailto:packetfence-users@lists.sourceforge.net>
Inviato: venerdì 7 luglio 2017 17:40
A:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: luca comes
Oggetto: Re: [PacketFence-users] Machine authentication
Hi Antoine,
thank you for your answer, unfortunately it doesn't work. Same behavior as
before, any other suggestion?
Luca
Inviato da Outlook<http://aka.ms/weboutlook>
________________________________
Da: Antoine Amacher via PacketFence-users
<packetfence-users@lists.sourceforge.net><mailto:packetfence-users@lists.sourceforge.net>
Inviato: venerdì 7 luglio 2017 17:20
A:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Antoine Amacher
Oggetto: Re: [PacketFence-users] Machine authentication
Lucas,
Map the domain on which they should authenticate with the REALM LOCAL.
In configuration -> policies and access control -> realms
Thanks
On 07/07/2017 11:15 AM, luca comes via PacketFence-users wrote:
Hi all,
I'm trying to do machine authentication vs Windows AD but it doesn't work. I've
created the domain and the realm but in the radius debug log I can see that it
is not catching the correct realm:
(20) Fri Jul 7 16:29:45 2017: Debug: Received Access-Request Id 103 from
10.10.10.4:1645 to 172.27.17.5:1812 length 226
(20) Fri Jul 7 16:29:45 2017: Debug: User-Name = "host/LAB3-NB.dm.loc"
(20) Fri Jul 7 16:29:45 2017: Debug: Service-Type = Framed-User
(20) Fri Jul 7 16:29:45 2017: Debug: Framed-MTU = 1500
(20) Fri Jul 7 16:29:45 2017: Debug: Called-Station-Id = "00-22-91-6F-B8-81"
(20) Fri Jul 7 16:29:45 2017: Debug: Calling-Station-Id = "00-9C-02-92-EA-B0"
(20) Fri Jul 7 16:29:45 2017: Debug: EAP-Message =
0x0201001801686f73742f4c4142332d4e422e646d2e6c6f63
(20) Fri Jul 7 16:29:45 2017: Debug: Message-Authenticator =
0xcf9553149f5c843907b87d3758e0b7d8
(20) Fri Jul 7 16:29:45 2017: Debug: Cisco-AVPair =
"audit-session-id=0A0A0A04000000DEBBDF4BBE"
(20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port-Type = Ethernet
(20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port = 50101
(20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port-Id = "GigabitEthernet1/0/1"
(20) Fri Jul 7 16:29:45 2017: Debug: NAS-IP-Address = 10.10.10.4
....
....
(20) Fri Jul 7 16:29:46 2017: Debug: suffix: Checking for suffix after "@"
(20) Fri Jul 7 16:29:46 2017: Debug: suffix: No '@' in User-Name =
"host/LAB3-NB.dm.loc", skipping NULL due to config.
(20) Fri Jul 7 16:29:46 2017: Debug: [suffix] = noop
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Checking for prefix before "\"
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: No '\' in User-Name =
"host/LAB3-NB.dm.loc", looking up realm NULL
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Found realm "null"
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Adding Stripped-User-Name =
"host/LAB3-NB.dm.loc"
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Adding Realm = "null"
(20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Authentication realm is LOCAL
(20) Fri Jul 7 16:29:46 2017: Debug: [ntdomain] = ok
How can I solve this? Obviously the machine is correctly joined to the domain
below the servicePrincipalName associated:
TERMSRV/LAB3-NB.dm.loc
TERMSRV/LAB3-NB
RestrictedKrbHost/LAB3-NB
HOST/LAB3-NB
RestrictedKrbHost/LAB3-NB.dm.loc
HOST/LAB3-NB.dm.loc
Anyone that can suggest me what to check?
Thank you in advance.
Luca
Inviato da Outlook<http://aka.ms/weboutlook>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Antoine Amacher
aamac...@inverse.ca<mailto:aamac...@inverse.ca> ::
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x130 :: +1 (866) 353-6153 x130
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users