Re: [PacketFence-users] MD5 error
Hello Fabrice,
Issue solved, this link helped.
https://sourceforge.net/p/packetfence/mailman/message/35737713/
add packetfence-local-auth in
raddb//sites-enabled/packetfence (conf/radiusd/packetfence if you
restart radius from pf)
Thanks,
Ali
On Mon, Nov 26, 2018 at 11:04 AM Amjad Ali wrote:
> Hello Fabrice
>
> The error is:
>
> Module-Failure-Message = "eap_md5: Cleartext-Password is required for
> EAP-MD5 authentication" Module-Failure-Message = "eap: Failed continuing
> EAP MD5 (4) session. EAP sub-module failed"
>
> My database password hashing is set to plaintext, and I set MD5 on the
> client PC (linux machine) for 802.1X connection.
> I have uncommented *packetfence-local-auth.*
> The connection profile filter is EAP-Ethernet and source is local
> The username password is added to PF database, by the way, the same client
> works without problems when I chose PEAP on the client machine.
>
> Below is the raddebug output in full detail:
>
> (28137) Mon Nov 26 10:42:36 2018: Debug: Received Access-Request Id 4 from
> 10.10.51.224:1812 to 10.10.50.204:1812 length 119
> (28137) Mon Nov 26 10:42:36 2018: Debug: User-Name = "pica8"
> (28137) Mon Nov 26 10:42:36 2018: Debug: NAS-IP-Address = 0.0.0.0
> (28137) Mon Nov 26 10:42:36 2018: Debug: NAS-Port-Type = Ethernet
> (28137) Mon Nov 26 10:42:36 2018: Debug: NAS-Port = 23
> (28137) Mon Nov 26 10:42:36 2018: Debug: Called-Station-Id =
> "A8-2B-B5-F6-CA-01"
> (28137) Mon Nov 26 10:42:36 2018: Debug: Calling-Station-Id =
> "08-9E-01-9E-CC-FE"
> (28137) Mon Nov 26 10:42:36 2018: Debug: Framed-MTU = 1500
> (28137) Mon Nov 26 10:42:36 2018: Debug: EAP-Message =
> 0x02da017069636138
> (28137) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator =
> 0xe8c76845b7dd499ff147277f9a3f4443
> (28137) Mon Nov 26 10:42:36 2018: Debug: # Executing section authorize
> from file /usr/local/pf/raddb/sites-enabled/packetfence
> (28137) Mon Nov 26 10:42:36 2018: Debug: authorize {
> (28137) Mon Nov 26 10:42:36 2018: Debug: update {
> (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND
> %{Packet-Src-IP-Address}
> (28137) Mon Nov 26 10:42:36 2018: Debug: --> 10.10.51.224
> (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %l
> (28137) Mon Nov 26 10:42:36 2018: Debug: --> 1543200156
> (28137) Mon Nov 26 10:42:36 2018: Debug: } # update = noop
> (28137) Mon Nov 26 10:42:36 2018: Debug: policy
> packetfence-set-tenant-id {
> (28137) Mon Nov 26 10:42:36 2018: Debug: if (
> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
> (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND
> %{%{control:PacketFence-Tenant-Id}:-0}
> (28137) Mon Nov 26 10:42:36 2018: Debug: --> 0
> (28137) Mon Nov 26 10:42:36 2018: Debug: if (
> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
> (28137) Mon Nov 26 10:42:36 2018: Debug: if (
> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
> (28137) Mon Nov 26 10:42:36 2018: Debug: update control {
> (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{User-Name}
> (28137) Mon Nov 26 10:42:36 2018: Debug: --> pica8
> (28137) Mon Nov 26 10:42:36 2018: Debug: SQL-User-Name set to
> 'pica8'
> (28137) Mon Nov 26 10:42:36 2018: Debug: Executing select
> query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
> '10.10.51.224'), 0)
> (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{sql: SELECT
> IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
> '%{Packet-Src-IP-Address}'), 0)}
> (28137) Mon Nov 26 10:42:36 2018: Debug: --> 1
> (28137) Mon Nov 26 10:42:36 2018: Debug: } # update control = noop
> (28137) Mon Nov 26 10:42:36 2018: Debug: } # if (
> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
> (28137) Mon Nov 26 10:42:36 2018: Debug: if (
> :PacketFence-Tenant-Id == 0 ) {
> (28137) Mon Nov 26 10:42:36 2018: Debug: if (
> :PacketFence-Tenant-Id == 0 ) -> FALSE
> (28137) Mon Nov 26 10:42:36 2018: Debug: } # policy
> packetfence-set-tenant-id = noop
> (28137) Mon Nov 26 10:42:36 2018: Debug: policy
> rewrite_calling_station_id {
> (28137) Mon Nov 26 10:42:36 2018: Debug: if ( &&
> ( =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
> {
> (28137) Mon Nov 26 10:42:36 2018: Debug: if ( &&
> ( =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
> -> TRUE
> (28137) Mon Nov 26 10:42:36 2018: Debug: if ( &&
> ( =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
> {
> (28137) Mon Nov 26 10:42:36 2018: Debug: update request {
> (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND
> %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
> (28137) Mon Nov
Re: [PacketFence-users] MD5 error
Hello Fabrice
The error is:
Module-Failure-Message = "eap_md5: Cleartext-Password is required for
EAP-MD5 authentication" Module-Failure-Message = "eap: Failed continuing
EAP MD5 (4) session. EAP sub-module failed"
My database password hashing is set to plaintext, and I set MD5 on the
client PC (linux machine) for 802.1X connection.
I have uncommented *packetfence-local-auth.*
The connection profile filter is EAP-Ethernet and source is local
The username password is added to PF database, by the way, the same client
works without problems when I chose PEAP on the client machine.
Below is the raddebug output in full detail:
(28137) Mon Nov 26 10:42:36 2018: Debug: Received Access-Request Id 4 from
10.10.51.224:1812 to 10.10.50.204:1812 length 119
(28137) Mon Nov 26 10:42:36 2018: Debug: User-Name = "pica8"
(28137) Mon Nov 26 10:42:36 2018: Debug: NAS-IP-Address = 0.0.0.0
(28137) Mon Nov 26 10:42:36 2018: Debug: NAS-Port-Type = Ethernet
(28137) Mon Nov 26 10:42:36 2018: Debug: NAS-Port = 23
(28137) Mon Nov 26 10:42:36 2018: Debug: Called-Station-Id =
"A8-2B-B5-F6-CA-01"
(28137) Mon Nov 26 10:42:36 2018: Debug: Calling-Station-Id =
"08-9E-01-9E-CC-FE"
(28137) Mon Nov 26 10:42:36 2018: Debug: Framed-MTU = 1500
(28137) Mon Nov 26 10:42:36 2018: Debug: EAP-Message =
0x02da017069636138
(28137) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator =
0xe8c76845b7dd499ff147277f9a3f4443
(28137) Mon Nov 26 10:42:36 2018: Debug: # Executing section authorize from
file /usr/local/pf/raddb/sites-enabled/packetfence
(28137) Mon Nov 26 10:42:36 2018: Debug: authorize {
(28137) Mon Nov 26 10:42:36 2018: Debug: update {
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{Packet-Src-IP-Address}
(28137) Mon Nov 26 10:42:36 2018: Debug: --> 10.10.51.224
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %l
(28137) Mon Nov 26 10:42:36 2018: Debug: --> 1543200156
(28137) Mon Nov 26 10:42:36 2018: Debug: } # update = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: policy
packetfence-set-tenant-id {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{%{control:PacketFence-Tenant-Id}:-0}
(28137) Mon Nov 26 10:42:36 2018: Debug: --> 0
(28137) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
(28137) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(28137) Mon Nov 26 10:42:36 2018: Debug: update control {
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{User-Name}
(28137) Mon Nov 26 10:42:36 2018: Debug: --> pica8
(28137) Mon Nov 26 10:42:36 2018: Debug: SQL-User-Name set to
'pica8'
(28137) Mon Nov 26 10:42:36 2018: Debug: Executing select query:
SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'10.10.51.224'), 0)
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{sql: SELECT
IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'%{Packet-Src-IP-Address}'), 0)}
(28137) Mon Nov 26 10:42:36 2018: Debug: --> 1
(28137) Mon Nov 26 10:42:36 2018: Debug: } # update control = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: } # if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: if (
:PacketFence-Tenant-Id == 0 ) {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (
:PacketFence-Tenant-Id == 0 ) -> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: } # policy
packetfence-set-tenant-id = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: policy
rewrite_calling_station_id {
(28137) Mon Nov 26 10:42:36 2018: Debug: if ( &&
( =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28137) Mon Nov 26 10:42:36 2018: Debug: if ( &&
( =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
-> TRUE
(28137) Mon Nov 26 10:42:36 2018: Debug: if ( &&
( =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28137) Mon Nov 26 10:42:36 2018: Debug: update request {
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(28137) Mon Nov 26 10:42:36 2018: Debug: --> 08:9e:01:9e:cc:fe
(28137) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated
(28137) Mon Nov 26 10:42:36 2018: Debug: } # if (
&& ( =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
= updated
(28137) Mon Nov 26 10:42:36 2018: Debug: ... skipping else:
Re: [PacketFence-users] MD5 error
Hello Amjad, can you paste the raddebug output, it will help to understand what happen. Regards Fabrice Le 18-11-22 à 06 h 01, Amjad Ali via PacketFence-users a écrit : Hi All, Just want to know that WIRED 802.1X and WIRED MAC AUTH authentication works well with PEAP but is giving error with MD5, Is MD5 not supported for these two or do I need to change some configuration? Thanks Ali -- Amjad Ali ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
