[PacketFence-users] TTLS Issues

Nathan, Josh via PacketFence-users Wed, 12 May 2021 05:21:10 -0700

Hello,

So, in my continuing saga of getting a new setup going for how we use
PacketFence, I am trying to get EAP-TTLS working.  Yesterday, I had it
working for a little while.  Then I started adding some more settings to
get things ready for production, did some "clean up", and discovered it no
longer worked.  I've tried to get it working again, but I'm hitting a wall
that I don't understand.  The TTLS authentication seemed to like using LDAP
as its backend rather than a straight RADIUS proxy, but I'm getting a
strange error.


In the RADIUS debug, I'm getting:

(21) Wed May 12 13:58:58 2021: Debug: JumpCloud-LDAP: EXPAND
(&(|(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})))
(21) Wed May 12 13:58:58 2021: Debug: JumpCloud-LDAP:    -->
(&(|(sAMAccountName=josh.nathan)))
(21) Wed May 12 13:58:58 2021: Debug: JumpCloud-LDAP: Performing search in
"ou=Users,o=5ab0e00f9778114e1c04036d,dc=jumpcloud,dc=com" with filter
"(&(|(sAMAccountName=josh.nathan)))", scope "sub"
(21) Wed May 12 13:58:58 2021: Debug: JumpCloud-LDAP: Waiting for search
result...
(21) Wed May 12 13:58:58 2021: Debug: JumpCloud-LDAP: Search returned no
results
(21) Wed May 12 13:58:58 2021: Debug:         [JumpCloud-LDAP] = notfound


However, running "pftest authentication josh.nathan [password]
JumpCloud-LDAP" gives me:

Testing authentication for "josh.nathan"

Authenticating against 'JumpCloud-LDAP' in context 'admin'
  Authentication SUCCEEDED against JumpCloud-LDAP (Authentication
successful.)
  Matched against JumpCloud-LDAP for 'authentication' rule IsStaffDevice
    set_role : staff
    set_access_duration : 2W
  Did not match against JumpCloud-LDAP for 'administration' rules

Authenticating against 'JumpCloud-LDAP' in context 'portal'
  Authentication SUCCEEDED against JumpCloud-LDAP (Authentication
successful.)
  Matched against JumpCloud-LDAP for 'authentication' rule IsStaffDevice
    set_role : staff
    set_access_duration : 2W
  Did not match against JumpCloud-LDAP for 'administration' rules


So the username is clearly valid, and can be found via the LDAP
authentication source.  Why would the RADIUS debug log get "not found"???

Doing a grep on the packetfence.log file doesn't return anything.

Thanks for any help/pointers!

Joshua Nathan
*IT Supervisor*
Black Forest Academy

p: +49 (0) 7626 9161 631 m: +49 (0) 152 3452 0056
a:
w: Hammersteiner Straße 50, 79400 Kandern
bfacademy.de

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] TTLS Issues

Reply via email to