Hello Sean,
it will be better to join the server to the AD from the admin gui and
link the default realm to the domain you just create.
It will create a chroot for the domain and use the chroot to
authenticate the user.
Regards
Fabrice
Le 19-02-21 à 18 h 16, Sean Hunter via PacketFence-users a écrit :
Hello,
My PacketFence ZEN install seems to be having some trouble, or at
least I am. The background is that this is a fresh deployment for lab
purposes. Installation was completed following the installation guide.
Now, I'm trying to setup a basic wireless configuration to use a local
source for user authentication (not AD) to work with a Meraki AP. I
have a little experience configuring FreeRADIUS to work as the backend
for Meraki in such a setup, but have not run into this particular
issue before.
At this point, in the RADIUS audit logs there's a REJECT with this
reason: mschap: Program returned code (1) and output 'Reading winbind
reply failed! (0xc0000001)'
Cursory research suggests this is a permissions issue. Checking
permissions suggests that the pf user is a member of wbpriv and also
that wbpriv has read permissions on /var/lib/samba/winbindd_privileged/.
[root@PacketFence-ZEN ~]# lid pf
apache(gid=48)
wbpriv(gid=88)
pf(gid=989)
fingerbank(gid=988)
Because this is a lab, I went ahead and attempted to add permissions
to the folder to see if that resolved the error:
[root@PacketFence-ZEN ~]# chmod +r /var/lib/samba/winbindd_privileged/
[root@PacketFence-ZEN ~]# chmod +w /var/lib/samba/winbindd_privileged/
[root@PacketFence-ZEN ~]# chmod +x /var/lib/samba/winbindd_privileged/
[root@PacketFence-ZEN ~]# ls -l /var/lib/samba/
total 0
drwxrwxr-x. 2 root printadmin 6 Oct 30 22:32 drivers
drwxr-xr-x. 2 root root 6 Oct 30 22:32 lock
drwx------. 2 root root 6 Oct 30 22:32 private
drwxr-xr-x. 2 root wbpriv 6 Oct 30 22:32 winbindd_privileged
Curiously, it did not change the write permissions on the folder, but
did add read and execute for "other" users. The issue persists with
the same log entry, even after rebooting the server.
I'm quite stumped. I have configured an htpasswd file to act as the
back-end authentication source. I setup a profile to match on
Wireless-8021x-EAP. I configured matching RADIUS shared secrets on the
device and PF.
Anyway, any pointers or suggestions are much appreciated. Thank you
and have a great day, everyone!
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
