Re: [PacketFence-users] why is my radius working? :-)

Hello Mj, Le 2017-07-10 à 09:38, mj via PacketFence-users a écrit : ghehe :-) Happy that after some fiddling with REALMS config, our 802.1x radius auth is working now, but I am seeing behaviour that I don't understand. I have _only_ configured the "DEFAULT" realm and left LOCAL and NULL

Re: [PacketFence-users] Machine authentication

Hello Mj, Le 2017-07-10 à 09:54, mj via PacketFence-users a écrit : Hi, I noticed two ERROR lines in your packetfence.log: Jul 10 15:21:30 pfnac01 packetfence_httpd.aaa: httpd.aaa(23293) ERROR: [mac:00:9c:02:92:ea:b0] error creating SNMP v1 read connection to 10.10.10.4: No response from

Re: [PacketFence-users] Machine authentication

Hello Luca, You need to test this source with a machine account (UserPrincipalName), not a user account (sAMAccountName), this is why it failled. Try that: /usr/local/pf/bin/pftest authentication host/LAB3-NB.dm.loc /reallystrongpassword DM_Machine_Auth_PDC /Also capture the ldap traffic

[PacketFence-users] radius secret lost if master role moves

Hi, I have a 3-server packetfence 7.1 cluster. It seems when the master role moves to another member, the radius authentication for mab begins failing and I get the 'server dead' message in the switch logs. I found that if I retype the secret in the switch group gui, it begins working again. I

[PacketFence-users] email registration always remains status "incomplete"

Hi, We're using pf-7.1 with the captive portal with email registration. While everything appears to work (confirmation mails are sent, the links are working, users get "mail activation code has been verified. Access granted for a month" in their browsers. Yet: under Reports / All

Re: [PacketFence-users] Machine authentication

Hi MJ, any help is really appreciated I'm also not a packetfence expert  The first error I think is not relevant because I'm not using SNMP I will check it after the basic config will run fine. The other one is strange, as I was writing to Fabrice my source is apparently correctly configured

Re: [PacketFence-users] Unable to view the web configuration page after installation

Hello, The httpd and haproxy process are not running. Try this: /usr/local/pf/bin/pfcmd service httpd.admin start Thanks On 07/10/2017 01:13 AM, Muralidhar Bg via PacketFence-users wrote: Hi, I installed packetfence following the instructions on

Re: [PacketFence-users] Machine authentication

Hi, I noticed two ERROR lines in your packetfence.log: Jul 10 15:21:30 pfnac01 packetfence_httpd.aaa: httpd.aaa(23293) ERROR: [mac:00:9c:02:92:ea:b0] error creating SNMP v1 read connection to 10.10.10.4: No response from remote host "10.10.10.4" (pf::Switch::connectRead) and Jul 10

Re: [PacketFence-users] Machine authentication

It's really strange Fabrice, because if I try it from the gui it tells me success but if I try from pftest doesn't work (perhaps I'm wrong with the command): [root@pfnac01 ~]#/usr/local/pf/bin/pftest authentication ldapuser DM_Machine_Auth_PDC Testing authentication for "ldapuser"

[PacketFence-users] Unable to view the web configuration page after installation

Hi, I installed packetfence following the instructions on https://packetfence.org/doc/PacketFence_Administration_Guide.html After installation I tried opening the https://@ip_of_packetfence: 1443/configurator page on my server I get "unable to connect" error on the browser. Also find the

[PacketFence-users] ?????? The switch(sg300) does not immediately respond to a pf client state change

Hello Ludovice, Now I have changed switches config,but still can not immediately respond from pf: [192.168.1.4] description=sg300-2f isolationVlan=60 registrationVlan=50 SNMPVersionTrap=3 SNMPUserNameTrap=private SNMPAuthProtocolWrite=MD5 SNMPUserNameWrite=private SNMPUserNameRead=private

[PacketFence-users] ?????? The switch(sg300) does not immediately respond to a pf client state change

Hello Ludovice, thank you for your help,Now switch can change the response status immediately. Security-TCP/UDP Services-SNMP Service need to select. -- -- ??: "";; : 2017??7??10??(??) 4:03 ??: "Ludovic

[PacketFence-users] why is my radius working? :-)

ghehe :-) Happy that after some fiddling with REALMS config, our 802.1x radius auth is working now, but I am seeing behaviour that I don't understand. I have _only_ configured the "DEFAULT" realm and left LOCAL and NULL empty. (also created no new ones) DEFAULT is configured with strip,

Re: [PacketFence-users] Machine authentication

Your issue is with the DM_Machine_Auth_PDC source. Verify that you are able to bind with this source. Also you can use pftest. Le 2017-07-10 à 09:24, luca comes a écrit : > > Hi Fabrice, > > yes I was checking the debug and I saw it. In the attached > packetfence.log I can see ERROR:

Re: [PacketFence-users] Machine authentication

Hi Fabrice, yes I was checking the debug and I saw it. In the attached packetfence.log I can see ERROR: [mac:00:9c:02:92:ea:b0] Error binding 'Connection reset by peer' (pf::LDAP::bind) but the domain join is still working with wbinf -u for example. Luca Inviato da

Re: [PacketFence-users] Machine authentication

The machine authentication is ok this time. Do you have the packetfence.log for this device ? Le 2017-07-10 à 08:58, luca comes a écrit : > > Hello Fabrice, > > attached you can find radius debug file of the transaction. > > > Thanks > > > Luca > > > Inviato da Outlook

Re: [PacketFence-users] Machine authentication

Hello Luca, you need to have the realm to use the correct domain join. Also what i need is the complete radius debug when you try machine authentication. Regards Fabrice Le 2017-07-10 à 08:45, luca comes a écrit : > > Hi Fabrice, > > in this manner the error is not shown in radius.log but

Re: [PacketFence-users] Machine authentication

Hi Fabrice, in this manner the error is not shown in radius.log but machine authentication is still not working. Also as the preceding email the domain (DM) is correctly joined and tested with wbinfo. But if I try a radtest vs my domain I obtain an Access-Reject. Any suggestio on how to

Re: [PacketFence-users] Machine authentication

Hi MJ, yes the same as you, and I can't find a solution. I don't know if the messages are related to the host authentication doesn't working. Luca Inviato da Outlook Da: mj via PacketFence-users

Re: [PacketFence-users] Machine authentication

Hello Luca, add a realm dm.loc and assign it to your domain and restart radius. Regards Fabrice Le 2017-07-10 à 05:58, luca comes via PacketFence-users a écrit : > > I've found this error in radius.log > > > ERROR: mschap_machine: Program returned code (1) and output 'Reading > winbind reply

Re: [PacketFence-users] Machine authentication

Just to say that I am following this thread with interest, as I currently have the same issue on my (debian8) install. GUI says: domain join OK Also, in CLI, I can do: root@pf:/chroots/DOMAIN/etc/samba# chroot /chroots/DOMAIN ntlm_auth --username=testuser Password: NT_STATUS_OK: Success

Re: [PacketFence-users] Machine authentication

I've found this error in radius.log ERROR: mschap_machine: Program returned code (1) and output 'Reading winbind reply failed! (0xc00 1)' But the domain is working fine, how can I solve this? Luca Inviato da Outlook Da: luca

Re: [PacketFence-users] Machine authentication

Hi all, any suggestion? I don't know what check, domain is correctly configured the test are fine (wbinfo -u etc.). I added my domain to the LOCAL realm as per Antoine mail but is still doesn't work. Thanks for your help Luca Inviato da Outlook