Hello, looking for some assistance as I'm running into an issue that I'm not sure how to proceed researching the cause of. Sorry for the wall of text, but want to provide as much information as I can!
We've been using Packetfence for a few years now (around June 2020, since Cisco ACS went EOL) and sometime last year we started having issues where the connection to AD would stop working. We would notice it first because 802.1x authentication would start failing and we'd get calls from users unable to connect. When this was happening, I would go into the GUI and check Policies and Access Control-Active Directory Domains-Our Domain and could see it attempting to update the Domain Join field for a couple of minutes before failing. I could not get it to reconnect even with proper credentials until I restarted the Packetfence server, after which I could go in and provide credentials and it would reconnect fine. I believe initially this was because we setup password expiration for the root account, because before it was giving us an unable to update token error. So we made a note to go in and reset the password monthly before it expired and that seemed to take care of the issue. This past weekend however, we had a similar issue after our patch management system updated the Packetfence server. This time I wasn't given any specific errors from the GUI, but when I would go into the radius log I could see these messages as clients tried to authenticate: May 21 16:09:13 packetfence auth[11877]: Adding client 10.1.247.26/32 May 21 16:09:13 packetfence auth[11877]: (330510) chrooted_mschap_machine: ERROR: Program returned code (1) and output 'Reading winbind reply failed! (0xc0000001)' May 21 16:09:13 packetfence auth[11877]: (330510) Login incorrect (chrooted_mschap_machine: Program returned code (1) and output 'Reading winbind reply failed! (0xc0000001)'): [host/8CG7111XXX.redacted.domain] (from client 10.1.247.26/32 port 1 cli 00:28:f8:44:c7:8f via TLS tunnel) May 21 16:09:13 packetfence auth[11877]: (330511) Login incorrect (eap_peap: The users session was previously rejected: returning reject (again.)): [host/8CG7111XXX.redacted.domain] (from client 10.1.247.26/32 port 1 cli 00:28:f8:44:c7:8f) Again, I could not connect to the domain until I restarted the server, then I could provide credentials and join the domain and everything started working again. I'm really just looking for information as to what I can check to see what may be happening. I've looked through all the logs (current and compressed) in /usr/local/pf/logs but I really only see the messages I've attached in the radius log. Thanks Steven This message and any files transmitted with it are confidential and intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this e-mail and delete this e-mail from your system.
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
