Hello Ludovic, Thank you for your explanation. How about the realm? According to log, when windows sends computer account as login, Packetfence put it on Realm = "binus.local". But we never stup that realm. Is it normal to?
Regards, Irvan. On Thu, Nov 3, 2022 at 12:16 AM Zammit, Ludovic <luza...@akamai.com> wrote: > Hello Irvan, > > It looks pretty normal that the windows sends the computer account because > it’s the default behavior. > > What is not normal, is that if you have at least one successful > authentication on the wifi with a username password, it should keep that > one and not re-ask again. > > All that can be configured on the SSID profile on windows. > > Thanks, > > > *Ludovic Zammit* > *Product Support Engineer Principal Lead* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Nov 2, 2022, at 1:45 AM, Irvan via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > Hello Everyone, > > > We have strange behaviour with Windows Client connecting to dot1x WiFi on > Packetfence using AD Authentication source. > > The symptoms are : > > - When the first time Windows client connect to SSID, it was asked for > username and password for login. > - But if client forget the SSID and try to reconnect, Windows never asked > username and password, it was automatically send hostname as login to > packetfence, and accepted by packetfence. > - The same thing happened when user comeback in the next day, Windows send > hostname as login instead of username and it also accepted by packetfence > > We don't setup any machine auth, only user auth. Drill down to radius log, > we saw that hostname login hit a non-existe realm. Using username and > password client hit null realm. But when windows send hostname it hit > binus.local realm, which is never exist. > > Bellow are radius log and realm.conf > > 1. Using user auth > =============== > Request Time > 0 > > RADIUS Request > User-Name = "loudy.owen" > NAS-IP-Address = 10.21.36.41 > NAS-Port = 4 > Service-Type = Framed-User > State = 0x6067228e61c0382594e9daec37da5a60 > Called-Station-Id = "90:3a:72:03:18:90:BinusWifi-Staff.1x" > Calling-Station-Id = "70:66:55:34:28:f3" > NAS-Identifier = "90-3A-72-03-18-90" > NAS-Port-Type = Wireless-802.11 > Acct-Session-Id = "6361F1F4-03189001" > Acct-Multi-Session-Id = "88DA8FBC70CEC821" > Event-Timestamp = "Nov 2 2022 11:28:41 WIB" > Connect-Info = "CONNECT 802.11" > EAP-Message = 0x02a700061a03 > Chargeable-User-Identity = 0x00 > Location-Data = 0x31304944170d42696e7573205379616864616e > WLAN-Pairwise-Cipher = 1027076 > WLAN-Group-Cipher = 1027076 > WLAN-AKM-Suite = 1027073 > FreeRADIUS-Proxied-To = 127.0.0.1 > Ruckus-SSID = "BinusWifi-Staff.1x" > Ruckus-Wlan-Id = 508 > Ruckus-Location = "Binus Syahdan" > Ruckus-SCG-CBlade-IP = 180933220 > Ruckus-VLAN-ID = 1220 > Ruckus-BSSID = 0x903a7243189d > Ruckus-Zone-Name = "AP-Zone-Syahdan" > Ruckus-Wlan-Name = "VlanPool2" > EAP-Type = MSCHAPv2 > Stripped-User-Name = "loudy.owen" > Realm = "null" > Called-Station-SSID = "BinusWifi-Staff.1x" > PacketFence-Domain = "binus" > PacketFence-KeyBalanced = "10a6d36fd6ec338584a72fcbe75f86ba" > PacketFence-Radius-Ip = "10.200.210.87" > PacketFence-NTLMv2-Only = "" > PacketFence-Outer-User = "loudy.owen" > Attr-26.25053.155 = 0x5379616864616e2043616d707573 > User-Password = "******" > SQL-User-Name = "loudy.owen" > > RADIUS Reply > EAP-Message = 0x03a70004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "loudy.owen" > REST-HTTP-Status-Code = 200 > > ============================================== > > 2. Using hostname > =============== > Request Time > 0 > > RADIUS Request > User-Name = "host/NB202007000166.binus.local" > NAS-IP-Address = 10.21.36.41 > NAS-Port = 4 > Service-Type = Framed-User > State = 0xb4483109b5402b5768b5cf1f24ad1e9e > Called-Station-Id = "90:3a:72:03:18:90:BinusWifi-Staff.1x" > Calling-Station-Id = "70:66:55:34:28:f3" > NAS-Identifier = "90-3A-72-03-18-90" > NAS-Port-Type = Wireless-802.11 > Acct-Session-Id = "6361F350-03189001" > Acct-Multi-Session-Id = "3DD47C3ED408529E" > Event-Timestamp = "Nov 2 2022 11:34:26 WIB" > Connect-Info = "CONNECT 802.11" > EAP-Message = 0x020800061a03 > Chargeable-User-Identity = 0x00 > Location-Data = 0x31304944170d42696e7573205379616864616e > WLAN-Pairwise-Cipher = 1027076 > WLAN-Group-Cipher = 1027076 > WLAN-AKM-Suite = 1027073 > FreeRADIUS-Proxied-To = 127.0.0.1 > Ruckus-SSID = "BinusWifi-Staff.1x" > Ruckus-Wlan-Id = 508 > Ruckus-Location = "Binus Syahdan" > Ruckus-SCG-CBlade-IP = 180933220 > Ruckus-VLAN-ID = 1220 > Ruckus-BSSID = 0x903a7243189d > Ruckus-Zone-Name = "AP-Zone-Syahdan" > Ruckus-Wlan-Name = "VlanPool2" > EAP-Type = MSCHAPv2 > Realm = "binus.local" > Called-Station-SSID = "BinusWifi-Staff.1x" > PacketFence-Domain = "binus" > PacketFence-KeyBalanced = "e080ae33e5dd7f64d0155f1a8dc95245" > PacketFence-Radius-Ip = "10.200.210.87" > PacketFence-NTLMv2-Only = "" > PacketFence-Outer-User = "host/NB202007000166.binus.local" > Attr-26.25053.155 = 0x5379616864616e2043616d707573 > User-Password = "******" > SQL-User-Name = "host/NB202007000166.binus.local" > > RADIUS Reply > MS-MPPE-Encryption-Policy = Encryption-Required > MS-MPPE-Encryption-Types = 4 > MS-MPPE-Send-Key = 0xb45a79e25b9f5bda45259afc13d0dc5c > MS-MPPE-Recv-Key = 0xe52d30f3e2977a2c1219c4200bc44678 > EAP-Message = 0x03080004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "host/NB202007000166.binus.local" > REST-HTTP-Status-Code = 200 > > > 3. realm.conf > ========== > # Copyright (C) Inverse inc. > [1 DEFAULT] > radius_auth_compute_in_pf=enabled > radius_acct= > eduroam_radius_auth= > radius_auth= > eduroam_radius_acct= > radius_auth_proxy_type=keyed-balance > eduroam_radius_acct_proxy_type=load-balance > eduroam_radius_auth_proxy_type=keyed-balance > permit_custom_attributes=disabled > radius_acct_proxy_type=load-balance > eduroam_radius_auth_compute_in_pf=enabled > domain=binus > > [1 LOCAL] > eduroam_radius_acct= > radius_auth= > radius_acct= > eduroam_radius_acct_proxy_type=load-balance > radius_acct_proxy_type=load-balance > eduroam_radius_auth= > radius_auth_compute_in_pf=enabled > radius_auth_proxy_type=keyed-balance > permit_custom_attributes=disabled > eduroam_radius_auth_compute_in_pf=enabled > eduroam_radius_auth_proxy_type=keyed-balance > > [1 NULL] > radius_auth_compute_in_pf=enabled > radius_acct= > radius_auth= > eduroam_radius_auth= > eduroam_radius_auth_proxy_type=keyed-balance > eduroam_radius_acct= > radius_auth_proxy_type=keyed-balance > eduroam_radius_acct_proxy_type=load-balance > permit_custom_attributes=disabled > radius_acct_proxy_type=load-balance > eduroam_radius_auth_compute_in_pf=enabled > domain=binus > > ============================= > > How could this happened? Any advice? > > > Thanks in advance > > > Regards, > Irvan > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!SFNRQV2PR8ry-00A8fXYEKuTzZqZg4CQPmHkOABxoBZ8BUuBihHqubUhd6DemK1cAhf2LKJJakTGi6H5RFEO2J7YKZ2Qp9SUd0HP4Q$ > > >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users