[root@PacketFence-ZEN ~]# chroot /chroots/SAMBA/ ntlm_auth
--request-nt-key --domain=SAMBA.NAC --username=administra...@samba.nac
--password='Zaq!2wsx'
NT_STATUS_OK: Success (0x0)
[root@PacketFence-ZEN ~]# raddebug -f /usr/local/pf/var/run/radius.sock -t 3000
radmin: Failed connecting to /usr/local/pf/var/run/radius.sock: No
such file or directory
Perhaps you need to run the commands: cd /etc/raddb
ln -s sites-available/control-socket sites-enabled/control-socket
and then re-start the server?
Com os melhores cumprimentos.
Jeimerson Chaves
Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.
Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.
2018-04-18 13:23 GMT+01:00 Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>:
> Hello Jeimerson,
>
> can you run:
>
> raddebug -f /usr/local/pf/var/run/radius.sock -t 3000
>
> and paste the result when you try to connect.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit :
>> Hello everyone, I'm having problem with authentication, using Samba server 4.
>>
>> CLI authentication works. But, using the Cisco 2950 802.1x, does not
>> work according to the logs.
>>
>> ################################################################
>>
>> chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC
>> --username=nacad...@samba.nac --password='Zaq!2wsx'
>> NT_STATUS_OK: Success (0x0)
>>
>> #################################################
>> radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001000000000000000000000000000000000000000000000000509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> (0) No reply from server for ID 149 socket 3
>>
>>
>> What could it be?
>>
>> If you can help me.
>>
>> I created a testing environment with VMware ESXi 6.5.
>>
>> #############################################
>>
>>
>> MAC Address00:0c:29:75:9d:61
>> Auth StatusReject
>> Auth Typeeap
>> Auto Registrationno
>> Calling Station ID00:0c:29:75:9d:61
>> Computer nameN/A
>> EAP TypeMSCHAPv2
>> Event TypeRadius-Access-Request
>> IP Address
>> Is a Phoneno
>> Node statusN/A
>> DomainSAMBA
>> ProfileN/A
>> Realmsamba.nac
>> Reasonchrooted_mschap: Program returned code (1) and output 'Logon
>> failure (0xc000006d)'
>> RoleN/A
>> SourceN/A
>> Stripped User Namenacadmin
>> User namenacad...@samba.nac
>> Unique ID
>>
>> ########################################
>>
>> Switch IDN/A
>> Switch MACN/A
>> Switch IP AddressN/A
>> Called Station ID00:16:47:53:3e:08
>> Connection typeN/A
>> IfIndexN/A
>> NAS identifier
>> NAS IP Address10.190.90.24
>> NAS Port50008
>> NAS Port ID
>> NAS Port TypeEthernet
>> RADIUS Source IP Address10.190.90.24
>> Wi-Fi Network SSID
>>
>>
>> #####################################
>>
>> request_time0
>> RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User
>> Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id =
>> "00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24
>> FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type =
>> MSCHAPv2 NAS-IP-Address = 10.190.90.24 Calling-Station-Id =
>> "00:0c:29:75:9d:61" MS-CHAP-User-Name = "nacad...@samba.nac"
>> MS-CHAP-Challenge = 0x5c1c7d80053c06b835a6d60ed493985c
>> PacketFence-Domain = "SAMBA" User-Name = "nacad...@samba.nac"
>> Event-Timestamp = "Apr 11 2018 13:56:46 UTC" EAP-Message =
>> 0x0207004d1a0207004831ce8f7270555af5072eea462eb420f41e0000000000000000ceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e006e616361646d696e4073616d62612e6e6163
>> MS-CHAP2-Response =
>> 0x0761ce8f7270555af5072eea462eb420f41e0000000000000000ceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e
>> Stripped-User-Name = "nacadmin" NAS-Port = 50008 Framed-MTU = 1500
>> Module-Failure-Message = "chrooted_mschap: Program returned code (1)
>> and output 'Logon failure (0xc000006d)'" Module-Failure-Message =
>> "chrooted_mschap: External script says: Logon failure (0xc000006d)"
>> Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is
>> incorrect" User-Password = "******" Module-Failure-Message = "Failed
>> retrieving values required to evaluate condition" SQL-User-Name =
>> "nacad...@samba.nac"
>> RADIUS ReplyMS-CHAP-Error = "\007E=691 R=0
>> C=e8ad3e58bb3c49bc6dd841d883b40c8a V=3 M=Authentication failed"
>> EAP-Message = 0x04070004 Message-Authenticator =
>> 0x00000000000000000000000000000000
>>
>>
>>
>> Thank you.
>>
>> Com os melhores cumprimentos.
>>
>> Jeimerson Chaves
>>
>> Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
>> informáticos com ele transmitidos são confidenciais, podem conter
>> informação privilegiada e destinam-se ao conhecimento e uso exclusivo
>> da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
>> mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
>> queira informar de imediato o remetente e proceder à destruição da
>> mensagem e de eventuais cópias.
>>
>> Confidentiality Warning: This e-mail and any files transmitted with it
>> are confidential and may be privileged and are intended solely for the
>> use of the individual or entity to whom they are addressed. Their
>> contents may not be altered. lf you are not the intended recipient of
>> this communication please notify the sender and delete and destroy all
>> copies immediately.
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> --
> Fabrice Durand
> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
