Re: [PacketFence-users] MSCHAPv2 Reject only on one access point?

Thu, 21 Feb 2019 18:42:46 -0800 


Le 19-02-20 à 08 h 45, Christian McDonald a écrit :

Fabrice,
I can't see anything immediately obvious from the logs. I should mention that I'm using a single user account in Active Directory that is shared on multiple Chromebooks. All the Chromebooks are configured identically. However, some connect just fine and others don't...chrooted_mschap: Program returned code (1) and output 'The attempted logon is invalid. 
It's why we need to compare a successful authentication versus a failed one.
Does Active Directory place limits on NTLM authentication? Some sort of rate-limiting? 


No there is no rate limiting.
On Tue, Feb 19, 2019 at 8:52 PM Durand fabrice via PacketFence-users <[email protected] <mailto:[email protected]>> wrote: 

    Hello Christian,

    what you can do is to run radius in debug mode:

    raddebug -r /usr/local/pf/var/run/radiusd.sock > /root/radius.debug


    Then try the bogus AP and try with another one and check the debug
    and search for the line where freeradius call ntlm_auth and see if
    the output is the same. (chrooted_mschap: Executing: /usr/bin/sudo
    /usr/sbin/chroot /chroots/...)

    Regards

    Fabrice


    Le 19-02-19 à 11 h 46, Christian McDonald via PacketFence-users a
    écrit :

    Greetings,

    I have one access point that keeps rejecting clients with:

    chrooted_mschap: Program returned code (1) and output 'The
    attempted logon is invalid. This is either due to a bad username
    or authentication information. (0xc000006d)'

    However, the same client on a different AP with the same
    credentials works fine.

    All APs are members of the same "switch" group and have identical
    configuration both in PacketFence and my controller (UniFi)
-- *R. Christian McDonald * 
    M: (616) 856-9291
    E: [email protected] <mailto:[email protected]>


    _______________________________________________
    PacketFence-users mailing list
    [email protected]  
<mailto:[email protected]>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users

    _______________________________________________
    PacketFence-users mailing list
    [email protected]
    <mailto:[email protected]>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
R. Christian McDonald
/Director of Technology/
Grand Rapids Adventist Academy
C: (616) 856-9291


_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to