fixed the problem, /usr/local/pf/bin/pfcmd configreload hard . after I saw that Mikrotik in the realm sends null, added ntlm check in my domain to the null realm
________________________________ От: Артур Беляков via PacketFence-users <packetfence-users@lists.sourceforge.net> Отправлено: 6 апреля 2023 г. 15:33:38 Кому: Fabrice Durand Копия: Артур Беляков; packetfence-users@lists.sourceforge.net Тема: Re: [PacketFence-users] FW: winbox radius login mikrotik has no option to disable mschap for radius authentication on winbox ________________________________ От: Fabrice Durand <oeufd...@gmail.com> Отправлено: 5 апреля 2023 г. 16:48:23 Кому: Артур Беляков Копия: packetfence-users@lists.sourceforge.net Тема: Re: [PacketFence-users] FW: winbox radius login I mean on the client side. Le mer. 5 avr. 2023 à 04:25, Артур Беляков <abelya...@samokat.ru<mailto:abelya...@samokat.ru>> a écrit : turned off ms-chapv2, but the error did not change [cid:18751accf98f456b1e51] ________________________________ От: Fabrice Durand <oeufd...@gmail.com<mailto:oeufd...@gmail.com>> Отправлено: 4 апреля 2023 г. 18:26:41 Кому: Артур Беляков Копия: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Тема: Re: [PacketFence-users] FW: winbox radius login it looks that it's mschapv2 authentication, it's why it try to use ntlm_auth. If you can change it to pap to test. Le mar. 4 avr. 2023 à 10:58, Артур Беляков <abelya...@samokat.ru<mailto:abelya...@samokat.ru>> a écrit : I set up AD authentication source, is that not enough to work? h3c authentication works ________________________________ От: Fabrice Durand <oeufd...@gmail.com<mailto:oeufd...@gmail.com>> Отправлено: 4 апреля 2023 г. 17:25:23 Кому: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Копия: Артур Беляков Тема: Re: [PacketFence-users] FW: winbox radius login Hello, ntlm_auth is not able to communicate with winbindd, did you join the server to the domain ? Regards Fabrice Le mar. 4 avr. 2023 à 10:19, Артур Беляков via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> a écrit : hi, I'm trying to make authorization on winbox through AD, but it gives an error. I chose PacketFence::Standard as the type RADIUS Request MS-CHAP-Challenge = 0x61b729dbe6749d5eceae28b535d5255a NAS-Identifier = "" MS-CHAP2-Response = 0x00008fd97b711e5af49f968d966fbc47bdb600000000000000001f8960fe5945b6a9a52e332ff3993878bc91c9db6e2b68f9 Realm = "null" FreeRADIUS-Client-IP-Address = Event-Timestamp = "Apr 4 2023 14:41:50 MSK" PacketFence-Radius-Ip = "" PacketFence-KeyBalanced = "26ac71433b08f7e8d7b2457e1f5c41ba" PacketFence-NTLMv2-Only = "" NAS-IP-Address = Stripped-User-Name = "" Calling-Station-Id = "" Service-Type = Login-User User-Name = "" Module-Failure-Message = "Failed retrieving values required to evaluate condition" Module-Failure-Message = "mschap: Program returned code (1) and output 'Reading winbind reply failed! (0xc0000001)'" Module-Failure-Message = "mschap: Reading winbind reply failed! (0xc0000001)" User-Password = "******" SQL-User-Name = "" RADIUS Reply MS-CHAP-Error = "\000E=691 R=0 C=8e9cadc84bb85e593454b1872b20fe77 V=3 M=Authentication failed" _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users