Hi,I'm trying to configure packetfence and I want to use openldap for
authentication.
I Used Zen version(centos 7) and I followed the standard doc of pf but
I got this error ( tail -f /usr/local/pf/logs/radius.log ):
Apr 18 09:43:55 packetfence auth[8226]: Adding client
172.30.201.221/32Apr 18 09:43:55 packetfence auth[8226]: (6174)
mschap_machine: ERROR: Program returned code (1) and output 'Reading
winbind reply failed! (0xc0000001)'Apr 18 09:43:55 packetfence
auth[8226]: (6174) Login incorrect (mschap_machine: Program returned
code (1) and output 'Reading winbind reply failed! (0xc0000001)'):
[host/Part-Ideapad-network] (from client 172.30.201.221/32 port 50113
cli 50:3e:aa:5b:60:b6 via TLS tunnel)Apr 18 09:43:55 packetfence
auth[8226]: [mac:50:3e:aa:5b:60:b6] Rejected user:
host/Part-Ideapad-networkApr 18 09:43:55 packetfence auth[8226]:
(6175) Login incorrect (eap_peap: The users session was previously
rejected: returning reject (again.)): [host/Part-Ideapad-network]
(from client 172.30.201.221/32 port 50113 cli 50:3e:aa:5b:60:b6)Apr 18
09:44:49 packetfence auth[8226]: (6187) mschap: ERROR: Program
returned code (1) and output 'Reading winbind reply failed!
(0xc0000001)'Apr 18 09:44:49 packetfence auth[8226]: (6187) Login
incorrect (mschap: Program returned code (1) and output 'Reading
winbind reply failed! (0xc0000001)'): [test1] (from client
172.30.201.221/32 port 50113 cli 50:3e:aa:5b:60:b6 via TLS tunnel)Apr
18 09:44:49 packetfence auth[8226]: [mac:50:3e:aa:5b:60:b6] Rejected
user: test1Apr 18 09:44:49 packetfence auth[8226]: (6188) Login
incorrect (eap_peap: The users session was previously rejected:
returning reject (again.)): [test1] (from client 172.30.201.221/32
port 50113 cli 50:3e:aa:5b:60:b6)Apr 18 09:44:50 packetfence
auth[8226]: (6189) rest: ERROR: Server returned:Apr 18 09:44:50
packetfence auth[8226]: (6189) rest: ERROR:
{"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Switch
is not managed by
PacketFence","control:PacketFence-Request-Time":1618722890}Apr 18
09:44:50 packetfence auth[8226]: [mac:50:3e:aa:5b:60:b6] Rejected
user: 503eaa5b60b6Apr 18 09:44:50 packetfence auth[8226]: (6189)
Rejected in post-auth: [503eaa5b60b6] (from client 172.30.201.221/32
port 50113 cli 50:3e:aa:5b:60:b6)Apr 18 09:44:50 packetfence
auth[8226]: (6189) Login incorrect (rest: Server returned:):
[503eaa5b60b6] (from client 172.30.201.221/32 port 50113 cli
50:3e:aa:5b:60:b6)Apr 18 09:45:50 packetfence auth[8226]: (6201)
mschap: ERROR: Program returned code (1) and output 'Reading winbind
reply failed! (0xc0000001)'Apr 18 09:45:50 packetfence auth[8226]:
(6201) Login incorrect (mschap: Program returned code (1) and output
'Reading winbind reply failed! (0xc0000001)'): [test1] (from client
172.30.201.221/32 port 50113 cli 50:3e:aa:5b:60:b6 via TLS tunnel)Apr
18 09:45:50 packetfence auth[8226]: [mac:50:3e:aa:5b:60:b6] Rejected
user: test1Apr 18 09:45:50 packetfence auth[8226]: (6202) Login
incorrect (eap_peap: The users session was previously rejected:
returning reject (again.)): [test1] (from client 172.30.201.221/32
port 50113 cli 50:3e:aa:5b:60:b6)Apr 18 09:45:51 packetfence
auth[8226]: (6203) rest: ERROR: Server returned:Apr 18 09:45:51
packetfence auth[8226]: (6203) rest: ERROR:
{"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Switch
is not managed by
PacketFence","control:PacketFence-Request-Time":1618722951}Apr 18
09:45:51 packetfence auth[8226]: [mac:50:3e:aa:5b:60:b6] Rejected
user: 503eaa5b60b6Apr 18 09:45:51 packetfence auth[8226]: (6203)
Rejected in post-auth: [503eaa5b60b6] (from client 172.30.201.221/32
port 50113 cli 50:3e:aa:5b:60:b6)Apr 18 09:45:51 packetfence
auth[8226]: (6203) Login incorrect (rest: Server returned:):
[503eaa5b60b6] (from client 172.30.201.221/32 port 50113 cli
50:3e:aa:5b:60:b6)
Pftest shows matching on authentication and rules
But as you see in logs, I got a user rejected error.
I use this doc to config ldap module:
https://www.packetfence.org/doc/10.0.0/PacketFence_Installation_Guide.html#_eap_authentication_against_openldap
it says: change configuration of this file
/usr/local/pf/raddb/modules/ldapbut I don't have modules directory
so, After some search, I found this on google:
https://blog.fijs.be/2020/04/30/packetfence-authenticate-using-mschapv2-with-openldap/
I followed the instruction but still got the same error.
Can you please tell me what the problem is?
Thanks.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
