Hello there, Once you enable the NTLM or the plain text stored password, did you reset the password?
You will need to because the db does not go over the password once you change the method of storage. You can use the command: /usr/local/pf/pftest authentication USERNAME PASSWORD local to verify if everything matches. Thanks, PS: make sure to restart radius processes as well. Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Nov 23, 2022, at 11:51 PM, Nikunj Vacchani via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hello Fabrice, > > My univention password settings is. > > Password complexity: on > Store plaintext passwords: off > Password history length: 0 > Minimum password length: 8 > Minimum password age (days): 0 > Maximum password age (days): 0 > Account lockout duration (mins): 0 > Account lockout threshold (attempts): 0 > Reset account lockout after (mins): 30 > > > > Thanks & Regards, > Nikunj Vachhani. > Network Engineer. > 99091 10490 > > From: Fabrice Durand <oeufd...@gmail.com <mailto:oeufd...@gmail.com>> > Sent: 23 November 2022 07:25 PM > To: packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > Cc: Nikunj Vacchani <nikun...@allotgroup.com <mailto:nikun...@allotgroup.com>> > Subject: Re: [PacketFence-users] ldap authentication failed > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > Hello Nikunj, > you can use ldap for peap only if you can grab the password in clear text or > with NT-Hash > > http://deployingradius.com/documents/protocols/compatibility.html > <https://urldefense.com/v3/__http://deployingradius.com/documents/protocols/compatibility.html__;!!GjvTz_vk!XjmcYyZGcoT7uEEOCV4xdJKgxsF2ebuYHzGXP1LSsPse49rNZJtXOaqp49sYhIEywyXdUvX0xeNggjqRvMKckiQaJkffg_xWIuwxjw$> > > So how do you configure that ? > > Or join the packetfence server to the domain. > > Regards > Fabrice > > > > Le mer. 23 nov. 2022 à 08:47, Nikunj Vacchani via PacketFence-users > <packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net>> a écrit : > Hello > > I m able to authenticate with local user but I m not able to authenticate > with my ldap server users, > > I m facing error, > > PacketFence-KeyBalanced = "1acc010ea4ece6928d7a7f0c37444c0f" > PacketFence-Radius-Ip = "10.20.40.153" > Event-Timestamp = "Nov 17 2022 12:42:35 IST" > Acct-Session-Id = "05000132" > NAS-Port = 53 > NAS-IP-Address = 11.11.11.240 > PacketFence-NTLMv2-Only = "" > EAP-Message = > 0x020800431a0208003e319e88dd03b1c260dbc55155c80f85eed00000000000000000eed23b3c6bbfe523b45578ae1d11d4211d136139d7394e6a005252555c74657374 > FreeRADIUS-Proxied-To = 127.0.0.1 > EAP-Type = MSCHAPv2 > MS-CHAP2-Response = > 0x08529e88dd03b1c260dbc55155c80f85eed00000000000000000eed23b3c6bbfe523b45578ae1d11d4211d136139d7394e6a > Calling-Station-Id = "54:05:db:0a:ae:a4" > Stripped-User-Name = "test" > User-Name = "RRU\\test" > PacketFence-Outer-User = "RRU\\test" > NAS-Port-Type = Ethernet > PacketFence-Domain = "RRUAD01" > MS-CHAP-Challenge = 0xa88d981c98c2e8b5e0512896662f75d3 > Realm = "default" > MS-CHAP-User-Name = "RRU\\test" > State = 0x0e2308c40e2b12014ce5e92689785f0a > Module-Failure-Message = "chrooted_mschap: Program returned code (1) and > output 'The attempted logon is invalid. This is either due to a bad username > or authentication information. (0xc000006d)'" > Module-Failure-Message = "chrooted_mschap: External script says: The > attempted logon is invalid. This is either due to a bad username or > authentication information. (0xc000006d)" > Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is incorrect" > User-Password = "******" > SQL-User-Name = "RRU\\\\test" > RADIUS Reply > MS-CHAP-Error = "\010E=691 R=0 C=fefbe43603701f99844df4f72dfc01ac V=3 > M=Authentication rejected" > EAP-Message = 0x04080004 > Message-Authenticator = 0x00000000000000000000000000000000 > > > Anyone have idea, how to resolve this error. > > Thanks & Regards, > Nikunj Vachhani. > Network Engineer. > 99091 10490 > > From: Nikunj Vacchani via PacketFence-users > <packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net>> > Sent: 16 November 2022 07:29 PM > To: packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > Cc: Nikunj Vacchani <nikun...@allotgroup.com <mailto:nikun...@allotgroup.com>> > Subject: [PacketFence-users] ldap authentication failed > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > Hello everyone, > > I m facing issue when I m trying to authenticate with LDAP user. > > ERROR, > > chrooted_mschap: Program returned code (1) and output 'The attempted logon is > invalid. This is either due to a bad username or authentication information. > (0xc000006d)' > > how to resolve this issue. > > Thanks & Regards, > Nikunj Vachhani. > Network Engineer. > 99091 10490 > > DISCLAIMER : The content of this email is confidential and intended for the > recipient specified in message only. It is strictly forbidden to share any > part of this message with any third party, without a written consent of the > sender. If you received this message by mistake, please reply to this message > and follow with its deletion, so that we can ensure such a mistake does not > occur in the future. > DISCLAIMER : The content of this email is confidential and intended for the > recipient specified in message only. It is strictly forbidden to share any > part of this message with any third party, without a written consent of the > sender. If you received this message by mistake, please reply to this message > and follow with its deletion, so that we can ensure such a mistake does not > occur in the future. > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > <https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!XjmcYyZGcoT7uEEOCV4xdJKgxsF2ebuYHzGXP1LSsPse49rNZJtXOaqp49sYhIEywyXdUvX0xeNggjqRvMKckiQaJkffg_ywuqMg2A$>DISCLAIMER > : The content of this email is confidential and intended for the recipient > specified in message only. It is strictly forbidden to share any part of this > message with any third party, without a written consent of the sender. If you > received this message by mistake, please reply to this message and follow > with its deletion, so that we can ensure such a mistake does not occur in the > future._______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!XjmcYyZGcoT7uEEOCV4xdJKgxsF2ebuYHzGXP1LSsPse49rNZJtXOaqp49sYhIEywyXdUvX0xeNggjqRvMKckiQaJkffg_ywuqMg2A$ > > <https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!XjmcYyZGcoT7uEEOCV4xdJKgxsF2ebuYHzGXP1LSsPse49rNZJtXOaqp49sYhIEywyXdUvX0xeNggjqRvMKckiQaJkffg_ywuqMg2A$>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
