Hello, Could you paste the Mac address event from that particular authentication from packetfence.log?
grep 00:11:22:33:44:55 /usr/local/pf/logs/packetfence.log Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Sep 17, 2025, at 10:05 AM, Alípio Luiz via PacketFence-users > <[email protected]> wrote: > > This Message Is From an External Sender > This message came from outside your organization. > I'm trying to enable user authentication in AD with 802.1x. I've configured > the switches and PacketFence. When I restart the computer, before user > authentication, PacketFence successfully authorizes the computer (machine > authentication) and places it in the correct production VLAN. However, when > the user logs into Windows, the user authentication fails and PacketFence > moves it back to the isolation VLAN. I'm having issues with this RADIUS > configuration. > > radius.log > 2025-09-17T09:49:49.802869-04:00 nac auth[896559]: (467) mschap: ERROR: > Program returned code (5) and output '' > 2025-09-17T09:49:49.803507-04:00 nac auth[896559]: (467) Login incorrect > (mschap: Program returned code (5) and output ''): [DOMAIN\username] (from > client XXX.XXX.XXX > <https://urldefense.com/v3/__https://xxx.xxx.xxx/__;!!GjvTz_vk!RRiZuIZI-Obs9qG-ox7dT0pG8RUg4EhL5twz033QcOAyjRvoqo6OYCfBI6PjV1S9ohA3zFTbiU23Nu4bOwxhxJdgRwLBNBeSuDc7cg$>.XXX/32 > port 6 cli XX:XX:XX:XX:XX:XX via TLS tunnel) > 2025-09-17T09:49:49.816518-04:00 nac auth[896559]: VERIFY returned 7 > 2025-09-17T09:49:49.816747-04:00 nac auth[896559]: (468) Login incorrect > (eap_peap: The users session was previously rejected: returning reject > (again.)): [DOMAIN\username] (from client XXX.XXX.XXX > <https://urldefense.com/v3/__https://xxx.xxx.xxx/__;!!GjvTz_vk!RRiZuIZI-Obs9qG-ox7dT0pG8RUg4EhL5twz033QcOAyjRvoqo6OYCfBI6PjV1S9ohA3zFTbiU23Nu4bOwxhxJdgRwLBNBeSuDc7cg$>.XXX/32 > port 6 cli XX:XX:XX:XX:XX:XX) > > > In the RADIUS audit (RADIUS Request) from PacketFence, the following appears > (I noticed that the username is in the format DOMAINusername, instead of > DOMAIN\username or just username): > Called-Station-Id = "XX:XX:XX:XX:XX:XX", > Calling-Station-Id = "XX:XX:XX:XX:XX:XX", > EAP-Message = > "0x025200471a0252004231f7f7d8548ffcee6607d4e2be50cee0d80000000000000000f8b8fe3c8265136f88d02471c1b0e88eb31bd021a1b83f3200534543454c5c616c6970696f", > EAP-Type = "MSCHAPv2", > Event-Timestamp = "Sep 17 2025 09:49:49 -04", > FreeRADIUS-Proxied-To = "127.0.0.1", > MS-CHAP-Challenge = "0xf64e8a99c5c77dfc64062816ec53a059", > MS-CHAP-User-Name = "DOMAINusername", > MS-CHAP2-Response = > "0x5245f7f7d8548ffcee6607d4e2be50cee0d80000000000000000f8b8fe3c8265136f88d02471c1b0e88eb31bd021a1b83f32", > Module-Failure-Message = "mschap: Program returned code (5) and output ''", > Module-Failure-Message = "mschap: External script says: ", > Module-Failure-Message = "mschap: MS-CHAP2-Response is incorrect", > NAS-IP-Address = "XXX.XXX.XXX > <https://urldefense.com/v3/__https://xxx.xxx.xxx/__;!!GjvTz_vk!RRiZuIZI-Obs9qG-ox7dT0pG8RUg4EhL5twz033QcOAyjRvoqo6OYCfBI6PjV1S9ohA3zFTbiU23Nu4bOwxhxJdgRwLBNBeSuDc7cg$>.XXX", > NAS-Identifier = "SWITCHE-ARUBA-6100", > NAS-Port = "6", > NAS-Port-Id = "1/1/6", > NAS-Port-Type = "Ethernet", > PacketFence-KeyBalanced = "eb1405b1ec04752f2316b848fe4fd2ff", > PacketFence-NTLM-Auth-Host = "", > PacketFence-NTLM-Auth-Port = "", > PacketFence-Outer-User = "DOMAINusername", > PacketFence-Radius-Ip = "XXX.XXX.XXX.XXX", > Realm = "default", > Service-Type = "Framed-User", > State = "0xbf89ddc3bfdbc7a4db01df45deca9adf", > Stripped-User-Name = "username", > User-Name = "DOMAINusername", > User-Password = "******" > > > Any tips on how to fix this? > _______________________________________________ > PacketFence-users mailing list > [email protected] > <mailto:[email protected]> > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!RRiZuIZI-Obs9qG-ox7dT0pG8RUg4EhL5twz033QcOAyjRvoqo6OYCfBI6PjV1S9ohA3zFTbiU23Nu4bOwxhxJdgRwLBNBcU6G7jMQ$
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
