Hi Fabrice, yes I was checking the debug and I saw it. In the attached packetfence.log I can see ERROR: [mac:00:9c:02:92:ea:b0] Error binding 'Connection reset by peer' (pf::LDAP::bind) but the domain join is still working with wbinf -u for example.
Luca Inviato da Outlook<http://aka.ms/weboutlook> ________________________________ Da: Fabrice Durand <[email protected]> Inviato: lunedì 10 luglio 2017 15:06 A: luca comes; [email protected] Oggetto: Re: [PacketFence-users] Machine authentication The machine authentication is ok this time. Do you have the packetfence.log for this device ? Le 2017-07-10 à 08:58, luca comes a écrit : Hello Fabrice, attached you can find radius debug file of the transaction. Thanks Luca Inviato da Outlook<http://aka.ms/weboutlook> ________________________________ Da: Fabrice Durand <[email protected]><mailto:[email protected]> Inviato: lunedì 10 luglio 2017 14:48 A: luca comes; [email protected]<mailto:[email protected]> Oggetto: Re: [PacketFence-users] Machine authentication Hello Luca, you need to have the realm to use the correct domain join. Also what i need is the complete radius debug when you try machine authentication. Regards Fabrice Le 2017-07-10 à 08:45, luca comes a écrit : Hi Fabrice, in this manner the error is not shown in radius.log but machine authentication is still not working. Also as the preceding email the domain (DM) is correctly joined and tested with wbinfo. But if I try a radtest vs my domain I obtain an Access-Reject. Any suggestio on how to troubleshoot this problem? I would like to go in production but with those results I have to leave. Thanks Luca Inviato da Outlook<http://aka.ms/weboutlook> ________________________________ Da: Fabrice Durand via PacketFence-users <[email protected]><mailto:[email protected]> Inviato: lunedì 10 luglio 2017 14:23 A: [email protected]<mailto:[email protected]> Cc: Fabrice Durand Oggetto: Re: [PacketFence-users] Machine authentication Hello Luca, add a realm dm.loc and assign it to your domain and restart radius. Regards Fabrice Le 2017-07-10 à 05:58, luca comes via PacketFence-users a écrit : I've found this error in radius.log ERROR: mschap_machine: Program returned code (1) and output 'Reading winbind reply failed! (0xc00 00001)' But the domain is working fine, how can I solve this? Luca Inviato da Outlook<http://aka.ms/weboutlook> ________________________________ Da: luca comes via PacketFence-users <[email protected]><mailto:[email protected]> Inviato: lunedì 10 luglio 2017 11:42 A: [email protected]<mailto:[email protected]> Cc: luca comes Oggetto: Re: [PacketFence-users] Machine authentication Hi all, any suggestion? I don't know what check, domain is correctly configured the test are fine (wbinfo -u etc.). I added my domain to the LOCAL realm as per Antoine mail but is still doesn't work. Thanks for your help Luca Inviato da Outlook<http://aka.ms/weboutlook> ________________________________ Da: luca comes via PacketFence-users <[email protected]><mailto:[email protected]> Inviato: venerdì 7 luglio 2017 17:40 A: [email protected]<mailto:[email protected]> Cc: luca comes Oggetto: Re: [PacketFence-users] Machine authentication Hi Antoine, thank you for your answer, unfortunately it doesn't work. Same behavior as before, any other suggestion? Luca Inviato da Outlook<http://aka.ms/weboutlook> ________________________________ Da: Antoine Amacher via PacketFence-users <[email protected]><mailto:[email protected]> Inviato: venerdì 7 luglio 2017 17:20 A: [email protected]<mailto:[email protected]> Cc: Antoine Amacher Oggetto: Re: [PacketFence-users] Machine authentication Lucas, Map the domain on which they should authenticate with the REALM LOCAL. In configuration -> policies and access control -> realms Thanks On 07/07/2017 11:15 AM, luca comes via PacketFence-users wrote: Hi all, I'm trying to do machine authentication vs Windows AD but it doesn't work. I've created the domain and the realm but in the radius debug log I can see that it is not catching the correct realm: (20) Fri Jul 7 16:29:45 2017: Debug: Received Access-Request Id 103 from 10.10.10.4:1645 to 172.27.17.5:1812 length 226 (20) Fri Jul 7 16:29:45 2017: Debug: User-Name = "host/LAB3-NB.dm.loc" (20) Fri Jul 7 16:29:45 2017: Debug: Service-Type = Framed-User (20) Fri Jul 7 16:29:45 2017: Debug: Framed-MTU = 1500 (20) Fri Jul 7 16:29:45 2017: Debug: Called-Station-Id = "00-22-91-6F-B8-81" (20) Fri Jul 7 16:29:45 2017: Debug: Calling-Station-Id = "00-9C-02-92-EA-B0" (20) Fri Jul 7 16:29:45 2017: Debug: EAP-Message = 0x0201001801686f73742f4c4142332d4e422e646d2e6c6f63 (20) Fri Jul 7 16:29:45 2017: Debug: Message-Authenticator = 0xcf9553149f5c843907b87d3758e0b7d8 (20) Fri Jul 7 16:29:45 2017: Debug: Cisco-AVPair = "audit-session-id=0A0A0A04000000DEBBDF4BBE" (20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port-Type = Ethernet (20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port = 50101 (20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port-Id = "GigabitEthernet1/0/1" (20) Fri Jul 7 16:29:45 2017: Debug: NAS-IP-Address = 10.10.10.4 .... .... (20) Fri Jul 7 16:29:46 2017: Debug: suffix: Checking for suffix after "@" (20) Fri Jul 7 16:29:46 2017: Debug: suffix: No '@' in User-Name = "host/LAB3-NB.dm.loc", skipping NULL due to config. (20) Fri Jul 7 16:29:46 2017: Debug: [suffix] = noop (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Checking for prefix before "\" (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: No '\' in User-Name = "host/LAB3-NB.dm.loc", looking up realm NULL (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Found realm "null" (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Adding Stripped-User-Name = "host/LAB3-NB.dm.loc" (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Adding Realm = "null" (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Authentication realm is LOCAL (20) Fri Jul 7 16:29:46 2017: Debug: [ntdomain] = ok How can I solve this? Obviously the machine is correctly joined to the domain below the servicePrincipalName associated: TERMSRV/LAB3-NB.dm.loc TERMSRV/LAB3-NB RestrictedKrbHost/LAB3-NB HOST/LAB3-NB RestrictedKrbHost/LAB3-NB.dm.loc HOST/LAB3-NB.dm.loc Anyone that can suggest me what to check? Thank you in advance. Luca Inviato da Outlook<http://aka.ms/weboutlook> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Antoine Amacher [email protected]<mailto:[email protected]> :: www.inverse.ca<http://www.inverse.ca> +1.514.447.4918 x130 :: +1 (866) 353-6153 x130 Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- Fabrice Durand [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- Fabrice Durand [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
packetfence.log
Description: packetfence.log
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
