Hello Sinan, I don’t think we have ever done an error message so explicit in PF
"no role computed by any sources” Your user does not match any rule in any source available on the connection profile for that connection. Make sure to strip the user in the default realm and also to match a role: bin/pftest authentication myuser “” Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Sep 10, 2020, at 10:03 AM, Sinan Yosunkaya <[email protected]> wrote: > > Hello Ludovic, > Thanks for your reply. > Now I restart service and I try again, but now i see this error. > What could be the reason for this? > > RADIUS Reply > EAP-Message = 0x03090004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "mydomain\\myuser" > Reply-Message = "no role computed by any sources" > > Ludovic Zammit <[email protected] <mailto:[email protected]>>, 10 Eyl 2020 > Per, 16:01 tarihinde şunu yazdı: > Hello Sinan, > > Did you join your PF server to your domain ? If yes, did you restart your > radius services after the join? Did you configure the realms to forward the > ntlm authentication to the correct ? > > /usr/local/pf/bin/pfcmd service radiusd restart > > Thanks, > > Ludovic Zammit > [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: > www.inverse.ca <http://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > >> On Sep 10, 2020, at 4:48 AM, Sinan Yosunkaya via PacketFence-users >> <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hello brothers; >> I was installed packetfence with "Installation Guide". I used "zen" image. >> I was configured my hp procurve 2620 switch with "Network Devices >> Configuration Guide". >> Now when I connect my swicht ports and windows asked username and password. >> I write my username password with domain (domain\user) ; packetfence audits >> say "chrooted_mschap: Failed to read from child output" >> when I write my username password without domain (onlyusername); >> packetfence audits say "mschap: Program returned code (1) and output >> 'Reading winbind reply failed! (0xc0000001)'" >> I add detailed records below. >> >> Please! can someone guide me where i went wrong and what i can try? >> >> Try username with domain; >> RADIUS Request >> NAS-Port-Type = Ethernet >> PacketFence-Radius-Ip = "192.168.120.2" >> Called-Station-Id = "20:67:7c:85:f6:c0" >> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" >> Realm = "default" >> NAS-IP-Address = 192.168.120.6 >> MS-CHAP-User-Name = "mydomain\\myuser" >> Tunnel-Private-Group-Id:0 = "68" >> User-Name = "mydomain\\myuser" >> NAS-Identifier = "HP-2620-24" >> EAP-Message = >> 0x0208004a1a0208004531e8cce3c12867572f6c83592b4ce03de1000000000000000068dc994355a5b159fcb3b7c119c737d39404d87c2e6194d50067656b615c73796f73756e6b617961 >> MS-CHAP2-Response = >> 0x0865e8cce3c12867572f6c83592b4ce03de1000000000000000068dc994355a5b159fcb3b7c119c737d39404d87c2e6194d5 >> Framed-MTU = 1480 >> HP-Capability-Advert = 0x011a0000000b28 >> HP-Capability-Advert = 0x011a0000000b2e >> HP-Capability-Advert = 0x011a0000000b30 >> HP-Capability-Advert = 0x011a0000000b3d >> HP-Capability-Advert = 0x011a0000000b18 >> HP-Capability-Advert = 0x011a0000000b19 >> HP-Capability-Advert = 0x0138 >> HP-Capability-Advert = 0x013a >> HP-Capability-Advert = 0x0140 >> HP-Capability-Advert = 0x0141 >> HP-Capability-Advert = 0x0151 >> PacketFence-Outer-User = "mydomain\\myuser" >> MS-RAS-Vendor = 11 >> Service-Type = Framed-User >> State = 0xcc18b544cc10af2c364b7e9848efaff9 >> FreeRADIUS-Proxied-To = 127.0.0.1 >> Tunnel-Type:0 = VLAN >> EAP-Type = MSCHAPv2 >> NAS-Port-Id = "11" >> Tunnel-Medium-Type:0 = IEEE-802 >> PacketFence-NTLMv2-Only = "" >> Calling-Station-Id = "1c:c1:de:98:50:8e" >> MS-CHAP-Challenge = 0x948c8d81099e6283216af2f952c2aecc >> PacketFence-KeyBalanced = "0b6194eeda6f27090f846bfc88357fac" >> Framed-Protocol = PPP >> PacketFence-Domain = "mydomain" >> Event-Timestamp = "Sep 10 2020 11:31:56 +03" >> NAS-Port = 11 >> Stripped-User-Name = "myuser" >> Module-Failure-Message = "chrooted_mschap: Failed to read from child output" >> Module-Failure-Message = "chrooted_mschap: External script says: " >> Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is incorrect" >> User-Password = "******" >> SQL-User-Name = "mydomain\\\\myuser" >> RADIUS Reply >> MS-CHAP-Error = "\010E=691 R=0 C=1858f237e4a982211d083b77c540aeca V=3 >> M=Authentication rejected" >> EAP-Message = 0x04080004 >> Message-Authenticator = 0x00000000000000000000000000000000 >> >> Try username without domain >> RADIUS Request >> NAS-Port-Type = Ethernet >> PacketFence-Radius-Ip = "192.168.120.2" >> Called-Station-Id = "20:67:7c:85:f6:c0" >> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" >> Realm = "null" >> NAS-IP-Address = 192.168.120.6 >> MS-CHAP-User-Name = "myuser" >> Tunnel-Private-Group-Id:0 = "68" >> User-Name = "myuser" >> NAS-Identifier = "HP-2620-24" >> EAP-Message = >> 0x020800451a0208004031e70199ab83237b8b5615a8c54adfba53000000000000000026efd53fc094c1c0333eec0ab98c657fd233b40d32af71280073796f73756e6b617961 >> MS-CHAP2-Response = >> 0x0879e70199ab83237b8b5615a8c54adfba53000000000000000026efd53fc094c1c0333eec0ab98c657fd233b40d32af7128 >> Framed-MTU = 1480 >> HP-Capability-Advert = 0x011a0000000b28 >> HP-Capability-Advert = 0x011a0000000b2e >> HP-Capability-Advert = 0x011a0000000b30 >> HP-Capability-Advert = 0x011a0000000b3d >> HP-Capability-Advert = 0x011a0000000b18 >> HP-Capability-Advert = 0x011a0000000b19 >> HP-Capability-Advert = 0x0138 >> HP-Capability-Advert = 0x013a >> HP-Capability-Advert = 0x0140 >> HP-Capability-Advert = 0x0141 >> HP-Capability-Advert = 0x0151 >> PacketFence-Outer-User = "myuser" >> MS-RAS-Vendor = 11 >> Service-Type = Framed-User >> State = 0x75f20d6275fa17155a004a0010522e06 >> FreeRADIUS-Proxied-To = 127.0.0.1 >> Tunnel-Type:0 = VLAN >> EAP-Type = MSCHAPv2 >> NAS-Port-Id = "11" >> Tunnel-Medium-Type:0 = IEEE-802 >> PacketFence-NTLMv2-Only = "" >> Calling-Station-Id = "1c:c1:de:98:50:8e" >> MS-CHAP-Challenge = 0xdb537c393d70e8cede2dccc5cb8bbcb1 >> PacketFence-KeyBalanced = "7a9b9fff43732738302cd341eb1a1bab" >> Framed-Protocol = PPP >> Event-Timestamp = "Sep 10 2020 11:13:12 +03" >> NAS-Port = 11 >> Stripped-User-Name = "myuser" >> Module-Failure-Message = "mschap: Program returned code (1) and output >> 'Reading winbind reply failed! (0xc0000001)'" >> Module-Failure-Message = "mschap: Reading winbind reply failed! (0xc0000001)" >> User-Password = "******" >> SQL-User-Name = "myuser" >> RADIUS Reply >> MS-CHAP-Error = "\010E=691 R=0 C=58f40246af72174800e59e5101288336 V=3 >> M=Authentication failed" >> EAP-Message = 0x04080004 >> Message-Authenticator = 0x00000000000000000000000000000000 >> -- >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> > > > > -- > Sinan Yosunkaya
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
