Your issue is with the DM_Machine_Auth_PDC source.
Verify that you are able to bind with this source.
Also you can use pftest.
Le 2017-07-10 à 09:24, luca comes a écrit :
>
> Hi Fabrice,
>
> yes I was checking the debug and I saw it. In the attached
> packetfence.log I can see ERROR: [mac:00:9c:02:92:ea:b0] Error binding
> 'Connection reset by peer' (pf::LDAP::bind) but the domain join is
> still working with wbinf -u for example.
>
>
> Luca
>
>
> Inviato da Outlook <http://aka.ms/weboutlook>
>
>
>
> ------------------------------------------------------------------------
> *Da:* Fabrice Durand <fdur...@inverse.ca>
> *Inviato:* lunedì 10 luglio 2017 15:06
> *A:* luca comes; packetfence-users@lists.sourceforge.net
> *Oggetto:* Re: [PacketFence-users] Machine authentication
>
>
> The machine authentication is ok this time.
>
> Do you have the packetfence.log for this device ?
>
>
>
> Le 2017-07-10 à 08:58, luca comes a écrit :
>>
>> Hello Fabrice,
>>
>> attached you can find radius debug file of the transaction.
>>
>>
>> Thanks
>>
>>
>> Luca
>>
>>
>> Inviato da Outlook <http://aka.ms/weboutlook>
>>
>>
>>
>> ------------------------------------------------------------------------
>> *Da:* Fabrice Durand <fdur...@inverse.ca>
>> *Inviato:* lunedì 10 luglio 2017 14:48
>> *A:* luca comes; packetfence-users@lists.sourceforge.net
>> *Oggetto:* Re: [PacketFence-users] Machine authentication
>>
>>
>> Hello Luca,
>>
>> you need to have the realm to use the correct domain join.
>>
>>
>> Also what i need is the complete radius debug when you try machine
>> authentication.
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2017-07-10 à 08:45, luca comes a écrit :
>>>
>>> Hi Fabrice,
>>>
>>> in this manner the error is not shown in radius.log but machine
>>> authentication is still not working. Also as the preceding email the
>>> domain (DM) is correctly joined and tested with wbinfo. But if I try
>>> a radtest vs my domain I obtain an Access-Reject. Any suggestio on
>>> how to troubleshoot this problem? I would like to go in production
>>> but with those results I have to leave.
>>>
>>>
>>> Thanks
>>>
>>>
>>> Luca
>>>
>>>
>>> Inviato da Outlook <http://aka.ms/weboutlook>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>> *Da:* Fabrice Durand via PacketFence-users
>>> <packetfence-users@lists.sourceforge.net>
>>> *Inviato:* lunedì 10 luglio 2017 14:23
>>> *A:* packetfence-users@lists.sourceforge.net
>>> *Cc:* Fabrice Durand
>>> *Oggetto:* Re: [PacketFence-users] Machine authentication
>>>
>>>
>>> Hello Luca,
>>>
>>> add a realm dm.loc and assign it to your domain and restart radius.
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>> Le 2017-07-10 à 05:58, luca comes via PacketFence-users a écrit :
>>>>
>>>> I've found this error in radius.log
>>>>
>>>>
>>>> ERROR: mschap_machine: Program returned code (1) and output
>>>> 'Reading winbind reply failed! (0xc00
>>>> 00001)'
>>>>
>>>>
>>>> But the domain is working fine, how can I solve this?
>>>>
>>>>
>>>> Luca
>>>>
>>>>
>>>> Inviato da Outlook <http://aka.ms/weboutlook>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>> *Da:* luca comes via PacketFence-users
>>>> <packetfence-users@lists.sourceforge.net>
>>>> *Inviato:* lunedì 10 luglio 2017 11:42
>>>> *A:* packetfence-users@lists.sourceforge.net
>>>> *Cc:* luca comes
>>>> *Oggetto:* Re: [PacketFence-users] Machine authentication
>>>>
>>>>
>>>> Hi all,
>>>>
>>>> any suggestion? I don't know what check, domain is correctly
>>>> configured the test are fine (wbinfo -u etc.). I added my domain to
>>>> the LOCAL realm as per Antoine mail but is still doesn't work.
>>>>
>>>>
>>>> Thanks for your help
>>>>
>>>>
>>>> Luca
>>>>
>>>>
>>>> Inviato da Outlook <http://aka.ms/weboutlook>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>> *Da:* luca comes via PacketFence-users
>>>> <packetfence-users@lists.sourceforge.net>
>>>> *Inviato:* venerdì 7 luglio 2017 17:40
>>>> *A:* packetfence-users@lists.sourceforge.net
>>>> *Cc:* luca comes
>>>> *Oggetto:* Re: [PacketFence-users] Machine authentication
>>>>
>>>>
>>>> Hi Antoine,
>>>>
>>>> thank you for your answer, unfortunately it doesn't work. Same
>>>> behavior as before, any other suggestion?
>>>>
>>>>
>>>> Luca
>>>>
>>>>
>>>> Inviato da Outlook <http://aka.ms/weboutlook>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>> *Da:* Antoine Amacher via PacketFence-users
>>>> <packetfence-users@lists.sourceforge.net>
>>>> *Inviato:* venerdì 7 luglio 2017 17:20
>>>> *A:* packetfence-users@lists.sourceforge.net
>>>> *Cc:* Antoine Amacher
>>>> *Oggetto:* Re: [PacketFence-users] Machine authentication
>>>>
>>>>
>>>> Lucas,
>>>>
>>>>
>>>> Map the domain on which they should authenticate with the REALM LOCAL.
>>>>
>>>>
>>>> In configuration -> policies and access control -> realms
>>>>
>>>>
>>>> Thanks
>>>>
>>>>
>>>> On 07/07/2017 11:15 AM, luca comes via PacketFence-users wrote:
>>>>>
>>>>> Hi all,
>>>>>
>>>>> I'm trying to do machine authentication vs Windows AD but it
>>>>> doesn't work. I've created the domain and the realm but in the
>>>>> radius debug log I can see that it is not catching the correct realm:
>>>>>
>>>>>
>>>>>
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: Received Access-Request Id
>>>>> 103 from 10.10.10.4:1645 to 172.27.17.5:1812 length 226
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: User-Name =
>>>>> "host/LAB3-NB.dm.loc"
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: Service-Type = Framed-User
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: Framed-MTU = 1500
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: Called-Station-Id =
>>>>> "00-22-91-6F-B8-81"
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: Calling-Station-Id =
>>>>> "00-9C-02-92-EA-B0"
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: EAP-Message =
>>>>> 0x0201001801686f73742f4c4142332d4e422e646d2e6c6f63
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: Message-Authenticator =
>>>>> 0xcf9553149f5c843907b87d3758e0b7d8
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: Cisco-AVPair =
>>>>> "audit-session-id=0A0A0A04000000DEBBDF4BBE"
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port-Type = Ethernet
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port = 50101
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: NAS-Port-Id =
>>>>> "GigabitEthernet1/0/1"
>>>>> (20) Fri Jul 7 16:29:45 2017: Debug: NAS-IP-Address = 10.10.10.4
>>>>> ....
>>>>>
>>>>> ....
>>>>>
>>>>> (20) Fri Jul 7 16:29:46 2017: Debug: suffix: Checking for suffix
>>>>> after "@"
>>>>> (20) Fri Jul 7 16:29:46 2017: Debug: suffix: No '@' in User-Name
>>>>> = "host/LAB3-NB.dm.loc", skipping NULL due to config.
>>>>> (20) Fri Jul 7 16:29:46 2017: Debug: [suffix] = noop
>>>>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Checking for
>>>>> prefix before "\"
>>>>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: No '\' in
>>>>> User-Name = "host/LAB3-NB.dm.loc", looking up realm NULL
>>>>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Found realm "null"
>>>>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Adding
>>>>> Stripped-User-Name = "host/LAB3-NB.dm.loc"
>>>>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Adding Realm = "null"
>>>>> (20) Fri Jul 7 16:29:46 2017: Debug: ntdomain: Authentication
>>>>> realm is LOCAL
>>>>> (20) Fri Jul 7 16:29:46 2017: Debug: [ntdomain] = ok
>>>>>
>>>>>
>>>>> How can I solve this? Obviously the machine is correctly joined to
>>>>> the domain below the servicePrincipalName associated:
>>>>>
>>>>>
>>>>> TERMSRV/LAB3-NB.dm.loc
>>>>> TERMSRV/LAB3-NB
>>>>> RestrictedKrbHost/LAB3-NB
>>>>> HOST/LAB3-NB
>>>>> RestrictedKrbHost/LAB3-NB.dm.loc
>>>>> HOST/LAB3-NB.dm.loc
>>>>>
>>>>>
>>>>> Anyone that can suggest me what to check?
>>>>>
>>>>>
>>>>> Thank you in advance.
>>>>>
>>>>>
>>>>> Luca
>>>>>
>>>>>
>>>>> Inviato da Outlook <http://aka.ms/weboutlook>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Check out the vibrant tech community on one of the world's most
>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> PacketFence-users@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>> --
>>>> Antoine Amacher
>>>> aamac...@inverse.ca :: www.inverse.ca
>>>> +1.514.447.4918 x130 :: +1 (866) 353-6153 x130
>>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>>>> (www.packetfence.org)
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>
>>>>
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> PacketFence-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>> --
>>> Fabrice Durand
>>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>> (http://packetfence.org)
>>
>> --
>> Fabrice Durand
>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>
> --
> Fabrice Durand
> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
