Re: [PacketFence-users] Problem with Samba 4 authentication
Hi. [SAMBA.NAC] cache_match=0 read_timeout=10 realms= password=Zaq!2wsx scope=sub binddn=nacad...@samba.nac port=389 description=Teste de Autenticacao write_timeout=5 type=AD basedn=DC=SAMBA,DC=NAC set_access_level_action= email_attribute=mail usernameattribute=sAMAccountName connection_timeout=5 stripped_user_name=yes encryption=starttls host=10.161.16.23 [SAMBA] ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2 ntlm_cache=disabled registration=1 ntlm_cache_expiry=3600 dns_name=SAMBA.NAC dns_servers=10.161.16.23 ou=Computers bind_pass=Zaq!2wsx ntlm_cache_on_connection=disabled bind_dn=Administrator workgroup=SAMBA ntlm_cache_batch_one_at_a_time=disabled sticky_dc=10.161.16.23 ad_server=10.161.16.23 ntlm_cache_batch=disabled server_name=packetfence ## [root@PacketFence-ZEN conf]# chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC --username=administra...@samba.nac --password='Zaq!2wsx' NT_STATUS_OK: Success (0x0) [root@PacketFence-ZEN conf]# raddebug -f /usr/local/pf/var/run/radius.sock -t 3000 radmin: Failed connecting to /usr/local/pf/var/run/radius.sock: No such file or directory Perhaps you need to run the commands:cd /etc/raddb ln -s sites-available/control-socket sites-enabled/control-socket and then re-start the server? [root@PacketFence-ZEN conf]# Tks. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-04-18 13:23 GMT+01:00 Fabrice Durand via PacketFence-users : > Hello Jeimerson, > > can you run: > > raddebug -f /usr/local/pf/var/run/radius.sock -t 3000 > > and paste the result when you try to connect. > > Regards > > Fabrice > > > > Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit : >> Hello everyone, I'm having problem with authentication, using Samba server 4. >> >> CLI authentication works. But, using the Cisco 2950 802.1x, does not >> work according to the logs. >> >> >> >> chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC >> --username=nacad...@samba.nac --password='Zaq!2wsx' >> NT_STATUS_OK: Success (0x0) >> >> # >> radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123 >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f >> (0) No reply from server for ID 149 socket 3 >> >> >> What could it be? >> >> If you can help me. >> >> I created a testing environment with VMware ESXi 6.5. >> >> # >> >> >> MAC Address00:0c:29:75:9d:61 >> Auth StatusReject >> Auth Typeeap >> Auto Registrationno >> Calling Station ID00:0c:29:75:9d:61 >> Computer nameN/A >> EAP TypeMSCHAPv
Re: [PacketFence-users] Problem with Samba 4 authentication
[root@PacketFence-ZEN ~]# chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC --username=administra...@samba.nac --password='Zaq!2wsx' NT_STATUS_OK: Success (0x0) [root@PacketFence-ZEN ~]# raddebug -f /usr/local/pf/var/run/radius.sock -t 3000 radmin: Failed connecting to /usr/local/pf/var/run/radius.sock: No such file or directory Perhaps you need to run the commands:cd /etc/raddb ln -s sites-available/control-socket sites-enabled/control-socket and then re-start the server? Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-04-18 13:23 GMT+01:00 Fabrice Durand via PacketFence-users : > Hello Jeimerson, > > can you run: > > raddebug -f /usr/local/pf/var/run/radius.sock -t 3000 > > and paste the result when you try to connect. > > Regards > > Fabrice > > > > Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit : >> Hello everyone, I'm having problem with authentication, using Samba server 4. >> >> CLI authentication works. But, using the Cisco 2950 802.1x, does not >> work according to the logs. >> >> >> >> chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC >> --username=nacad...@samba.nac --password='Zaq!2wsx' >> NT_STATUS_OK: Success (0x0) >> >> # >> radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123 >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f >> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 >> User-Name = "nacadmin" >> MS-CHAP-Password = "Zaq!2wsx" >> NAS-IP-Address = 169.254.0.2 >> NAS-Port = 0 >> Message-Authenticator = 0x00 >> Cleartext-Password = "Zaq!2wsx" >> MS-CHAP-Challenge = 0xf8d279644d3003f7 >> MS-CHAP-Response = >> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f >> (0) No reply from server for ID 149 socket 3 >> >> >> What could it be? >> >> If you can help me. >> >> I created a testing environment with VMware ESXi 6.5. >> >> # >> >> >> MAC Address00:0c:29:75:9d:61 >> Auth StatusReject >> Auth Typeeap >> Auto Registrationno >> Calling Station ID00:0c:29:75:9d:61 >> Computer nameN/A >> EAP TypeMSCHAPv2 >> Event TypeRadius-Access-Request >> IP Address >> Is a Phoneno >> Node statusN/A >> DomainSAMBA >> ProfileN/A >> Realmsamba.nac >> Reasonchrooted_mschap: Program returned code (1) and output 'Logon >> failure (0xc06d)' >> RoleN/A >> SourceN/A >> Stripped User Namenacadmin >> User namenacad...@samba.nac >> Unique ID >> >> >> >> Switch IDN/A >> Switch MACN/A >> Switch IP AddressN/A >> Called Station ID00:16:47:53:3e:08 >> Connection typeN/A >> IfIndexN/A >> NAS identifier >> NAS IP Address10.190.90.24 >> NAS Port50008 >> NAS Port ID >> NAS Port TypeEthernet >> RADIUS Source IP Address10.190.90.24 >> Wi-Fi Network SSID >> >> >> # >> >> request_time0 >> RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User >> Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id = >> "00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24 >> FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type = >> MSCHAPv2 NAS-IP-Addre
Re: [PacketFence-users] Problem with Samba 4 authentication
Hello Jeimerson, can you run: raddebug -f /usr/local/pf/var/run/radius.sock -t 3000 and paste the result when you try to connect. Regards Fabrice Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit : > Hello everyone, I'm having problem with authentication, using Samba server 4. > > CLI authentication works. But, using the Cisco 2950 802.1x, does not > work according to the logs. > > > > chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC > --username=nacad...@samba.nac --password='Zaq!2wsx' > NT_STATUS_OK: Success (0x0) > > # > radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123 > Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 > User-Name = "nacadmin" > MS-CHAP-Password = "Zaq!2wsx" > NAS-IP-Address = 169.254.0.2 > NAS-Port = 0 > Message-Authenticator = 0x00 > Cleartext-Password = "Zaq!2wsx" > MS-CHAP-Challenge = 0xf8d279644d3003f7 > MS-CHAP-Response = > 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f > Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 > User-Name = "nacadmin" > MS-CHAP-Password = "Zaq!2wsx" > NAS-IP-Address = 169.254.0.2 > NAS-Port = 0 > Message-Authenticator = 0x00 > Cleartext-Password = "Zaq!2wsx" > MS-CHAP-Challenge = 0xf8d279644d3003f7 > MS-CHAP-Response = > 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f > Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 > User-Name = "nacadmin" > MS-CHAP-Password = "Zaq!2wsx" > NAS-IP-Address = 169.254.0.2 > NAS-Port = 0 > Message-Authenticator = 0x00 > Cleartext-Password = "Zaq!2wsx" > MS-CHAP-Challenge = 0xf8d279644d3003f7 > MS-CHAP-Response = > 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f > (0) No reply from server for ID 149 socket 3 > > > What could it be? > > If you can help me. > > I created a testing environment with VMware ESXi 6.5. > > # > > > MAC Address00:0c:29:75:9d:61 > Auth StatusReject > Auth Typeeap > Auto Registrationno > Calling Station ID00:0c:29:75:9d:61 > Computer nameN/A > EAP TypeMSCHAPv2 > Event TypeRadius-Access-Request > IP Address > Is a Phoneno > Node statusN/A > DomainSAMBA > ProfileN/A > Realmsamba.nac > Reasonchrooted_mschap: Program returned code (1) and output 'Logon > failure (0xc06d)' > RoleN/A > SourceN/A > Stripped User Namenacadmin > User namenacad...@samba.nac > Unique ID > > > > Switch IDN/A > Switch MACN/A > Switch IP AddressN/A > Called Station ID00:16:47:53:3e:08 > Connection typeN/A > IfIndexN/A > NAS identifier > NAS IP Address10.190.90.24 > NAS Port50008 > NAS Port ID > NAS Port TypeEthernet > RADIUS Source IP Address10.190.90.24 > Wi-Fi Network SSID > > > # > > request_time0 > RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User > Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id = > "00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24 > FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type = > MSCHAPv2 NAS-IP-Address = 10.190.90.24 Calling-Station-Id = > "00:0c:29:75:9d:61" MS-CHAP-User-Name = "nacad...@samba.nac" > MS-CHAP-Challenge = 0x5c1c7d80053c06b835a6d60ed493985c > PacketFence-Domain = "SAMBA" User-Name = "nacad...@samba.nac" > Event-Timestamp = "Apr 11 2018 13:56:46 UTC" EAP-Message = > 0x0207004d1a0207004831ce8f7270555af5072eea462eb420f41eceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e006e616361646d696e4073616d62612e6e6163 > MS-CHAP2-Response = > 0x0761ce8f7270555af5072eea462eb420f41eceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e > Stripped-User-Name = "nacadmin" NAS-Port = 50008 Framed-MTU = 1500 > Module-Failure-Message = "chrooted_mschap: Program returned code (1) > and output 'Logon failure (0xc06d)'" Module-Failure-Message = > "chrooted_mschap: External script says: Logon failure (0xc06d)" > Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is > incorrect" User-Password = "**" Module-Failure-Message = "Failed > retrieving values required to evaluate condition" SQL-User-Name = > "nacad...@samba.nac" > RADIUS ReplyMS-CHAP-Error = "\007E=691 R=0 > C=e8ad3e58bb3c49bc6dd841d883b40c8a V=3 M=Authentication failed" > EAP-Message = 0x04070004 Message-Authenticator = > 0x > > > > Thank you. > > Com os melhores cumprimentos. > > Jeimerson Chaves > > Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros > informáticos com ele transmitidos são confidenciais, podem conter > informação privilegiada e destinam-se ao conhecimento e uso exclusivo > d
[PacketFence-users] Problem with Samba 4 authentication
Hello everyone, I'm having problem with authentication, using Samba server 4. CLI authentication works. But, using the Cisco 2950 802.1x, does not work according to the logs. chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC --username=nacad...@samba.nac --password='Zaq!2wsx' NT_STATUS_OK: Success (0x0) # radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123 Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 User-Name = "nacadmin" MS-CHAP-Password = "Zaq!2wsx" NAS-IP-Address = 169.254.0.2 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "Zaq!2wsx" MS-CHAP-Challenge = 0xf8d279644d3003f7 MS-CHAP-Response = 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 User-Name = "nacadmin" MS-CHAP-Password = "Zaq!2wsx" NAS-IP-Address = 169.254.0.2 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "Zaq!2wsx" MS-CHAP-Challenge = 0xf8d279644d3003f7 MS-CHAP-Response = 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134 User-Name = "nacadmin" MS-CHAP-Password = "Zaq!2wsx" NAS-IP-Address = 169.254.0.2 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "Zaq!2wsx" MS-CHAP-Challenge = 0xf8d279644d3003f7 MS-CHAP-Response = 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f (0) No reply from server for ID 149 socket 3 What could it be? If you can help me. I created a testing environment with VMware ESXi 6.5. # MAC Address00:0c:29:75:9d:61 Auth StatusReject Auth Typeeap Auto Registrationno Calling Station ID00:0c:29:75:9d:61 Computer nameN/A EAP TypeMSCHAPv2 Event TypeRadius-Access-Request IP Address Is a Phoneno Node statusN/A DomainSAMBA ProfileN/A Realmsamba.nac Reasonchrooted_mschap: Program returned code (1) and output 'Logon failure (0xc06d)' RoleN/A SourceN/A Stripped User Namenacadmin User namenacad...@samba.nac Unique ID Switch IDN/A Switch MACN/A Switch IP AddressN/A Called Station ID00:16:47:53:3e:08 Connection typeN/A IfIndexN/A NAS identifier NAS IP Address10.190.90.24 NAS Port50008 NAS Port ID NAS Port TypeEthernet RADIUS Source IP Address10.190.90.24 Wi-Fi Network SSID # request_time0 RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id = "00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24 FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type = MSCHAPv2 NAS-IP-Address = 10.190.90.24 Calling-Station-Id = "00:0c:29:75:9d:61" MS-CHAP-User-Name = "nacad...@samba.nac" MS-CHAP-Challenge = 0x5c1c7d80053c06b835a6d60ed493985c PacketFence-Domain = "SAMBA" User-Name = "nacad...@samba.nac" Event-Timestamp = "Apr 11 2018 13:56:46 UTC" EAP-Message = 0x0207004d1a0207004831ce8f7270555af5072eea462eb420f41eceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e006e616361646d696e4073616d62612e6e6163 MS-CHAP2-Response = 0x0761ce8f7270555af5072eea462eb420f41eceed66e8cdac3b9387cc236dac99ad8132d1e4e4d06f770e Stripped-User-Name = "nacadmin" NAS-Port = 50008 Framed-MTU = 1500 Module-Failure-Message = "chrooted_mschap: Program returned code (1) and output 'Logon failure (0xc06d)'" Module-Failure-Message = "chrooted_mschap: External script says: Logon failure (0xc06d)" Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is incorrect" User-Password = "**" Module-Failure-Message = "Failed retrieving values required to evaluate condition" SQL-User-Name = "nacad...@samba.nac" RADIUS ReplyMS-CHAP-Error = "\007E=691 R=0 C=e8ad3e58bb3c49bc6dd841d883b40c8a V=3 M=Authentication failed" EAP-Message = 0x04070004 Message-Authenticator = 0x Thank you. Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered.