Hello Everyone,
We have strange behaviour with Windows Client connecting to dot1x WiFi on Packetfence using AD Authentication source. The symptoms are : - When the first time Windows client connect to SSID, it was asked for username and password for login. - But if client forget the SSID and try to reconnect, Windows never asked username and password, it was automatically send hostname as login to packetfence, and accepted by packetfence. - The same thing happened when user comeback in the next day, Windows send hostname as login instead of username and it also accepted by packetfence We don't setup any machine auth, only user auth. Drill down to radius log, we saw that hostname login hit a non-existe realm. Using username and password client hit null realm. But when windows send hostname it hit binus.local realm, which is never exist. Bellow are radius log and realm.conf 1. Using user auth =============== Request Time 0 RADIUS Request User-Name = "loudy.owen" NAS-IP-Address = 10.21.36.41 NAS-Port = 4 Service-Type = Framed-User State = 0x6067228e61c0382594e9daec37da5a60 Called-Station-Id = "90:3a:72:03:18:90:BinusWifi-Staff.1x" Calling-Station-Id = "70:66:55:34:28:f3" NAS-Identifier = "90-3A-72-03-18-90" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "6361F1F4-03189001" Acct-Multi-Session-Id = "88DA8FBC70CEC821" Event-Timestamp = "Nov 2 2022 11:28:41 WIB" Connect-Info = "CONNECT 802.11" EAP-Message = 0x02a700061a03 Chargeable-User-Identity = 0x00 Location-Data = 0x31304944170d42696e7573205379616864616e WLAN-Pairwise-Cipher = 1027076 WLAN-Group-Cipher = 1027076 WLAN-AKM-Suite = 1027073 FreeRADIUS-Proxied-To = 127.0.0.1 Ruckus-SSID = "BinusWifi-Staff.1x" Ruckus-Wlan-Id = 508 Ruckus-Location = "Binus Syahdan" Ruckus-SCG-CBlade-IP = 180933220 Ruckus-VLAN-ID = 1220 Ruckus-BSSID = 0x903a7243189d Ruckus-Zone-Name = "AP-Zone-Syahdan" Ruckus-Wlan-Name = "VlanPool2" EAP-Type = MSCHAPv2 Stripped-User-Name = "loudy.owen" Realm = "null" Called-Station-SSID = "BinusWifi-Staff.1x" PacketFence-Domain = "binus" PacketFence-KeyBalanced = "10a6d36fd6ec338584a72fcbe75f86ba" PacketFence-Radius-Ip = "10.200.210.87" PacketFence-NTLMv2-Only = "" PacketFence-Outer-User = "loudy.owen" Attr-26.25053.155 = 0x5379616864616e2043616d707573 User-Password = "******" SQL-User-Name = "loudy.owen" RADIUS Reply EAP-Message = 0x03a70004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "loudy.owen" REST-HTTP-Status-Code = 200 ============================================== 2. Using hostname =============== Request Time 0 RADIUS Request User-Name = "host/NB202007000166.binus.local" NAS-IP-Address = 10.21.36.41 NAS-Port = 4 Service-Type = Framed-User State = 0xb4483109b5402b5768b5cf1f24ad1e9e Called-Station-Id = "90:3a:72:03:18:90:BinusWifi-Staff.1x" Calling-Station-Id = "70:66:55:34:28:f3" NAS-Identifier = "90-3A-72-03-18-90" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "6361F350-03189001" Acct-Multi-Session-Id = "3DD47C3ED408529E" Event-Timestamp = "Nov 2 2022 11:34:26 WIB" Connect-Info = "CONNECT 802.11" EAP-Message = 0x020800061a03 Chargeable-User-Identity = 0x00 Location-Data = 0x31304944170d42696e7573205379616864616e WLAN-Pairwise-Cipher = 1027076 WLAN-Group-Cipher = 1027076 WLAN-AKM-Suite = 1027073 FreeRADIUS-Proxied-To = 127.0.0.1 Ruckus-SSID = "BinusWifi-Staff.1x" Ruckus-Wlan-Id = 508 Ruckus-Location = "Binus Syahdan" Ruckus-SCG-CBlade-IP = 180933220 Ruckus-VLAN-ID = 1220 Ruckus-BSSID = 0x903a7243189d Ruckus-Zone-Name = "AP-Zone-Syahdan" Ruckus-Wlan-Name = "VlanPool2" EAP-Type = MSCHAPv2 Realm = "binus.local" Called-Station-SSID = "BinusWifi-Staff.1x" PacketFence-Domain = "binus" PacketFence-KeyBalanced = "e080ae33e5dd7f64d0155f1a8dc95245" PacketFence-Radius-Ip = "10.200.210.87" PacketFence-NTLMv2-Only = "" PacketFence-Outer-User = "host/NB202007000166.binus.local" Attr-26.25053.155 = 0x5379616864616e2043616d707573 User-Password = "******" SQL-User-Name = "host/NB202007000166.binus.local" RADIUS Reply MS-MPPE-Encryption-Policy = Encryption-Required MS-MPPE-Encryption-Types = 4 MS-MPPE-Send-Key = 0xb45a79e25b9f5bda45259afc13d0dc5c MS-MPPE-Recv-Key = 0xe52d30f3e2977a2c1219c4200bc44678 EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "host/NB202007000166.binus.local" REST-HTTP-Status-Code = 200 3. realm.conf ========== # Copyright (C) Inverse inc. [1 DEFAULT] radius_auth_compute_in_pf=enabled radius_acct= eduroam_radius_auth= radius_auth= eduroam_radius_acct= radius_auth_proxy_type=keyed-balance eduroam_radius_acct_proxy_type=load-balance eduroam_radius_auth_proxy_type=keyed-balance permit_custom_attributes=disabled radius_acct_proxy_type=load-balance eduroam_radius_auth_compute_in_pf=enabled domain=binus [1 LOCAL] eduroam_radius_acct= radius_auth= radius_acct= eduroam_radius_acct_proxy_type=load-balance radius_acct_proxy_type=load-balance eduroam_radius_auth= radius_auth_compute_in_pf=enabled radius_auth_proxy_type=keyed-balance permit_custom_attributes=disabled eduroam_radius_auth_compute_in_pf=enabled eduroam_radius_auth_proxy_type=keyed-balance [1 NULL] radius_auth_compute_in_pf=enabled radius_acct= radius_auth= eduroam_radius_auth= eduroam_radius_auth_proxy_type=keyed-balance eduroam_radius_acct= radius_auth_proxy_type=keyed-balance eduroam_radius_acct_proxy_type=load-balance permit_custom_attributes=disabled radius_acct_proxy_type=load-balance eduroam_radius_auth_compute_in_pf=enabled domain=binus ============================= How could this happened? Any advice? Thanks in advance Regards, Irvan
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users