Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/15/16 14:56, Louis Munro wrote: > pfdhcplistener is actually a fancy wrapper around lipcap. > > I am not sure how that gets reported by netstat since it does not open a > socket. Hrm.. not sure what that would look like either.. I guess if it's using libpcap that likely means the port is

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

> On Sep 15, 2016, at 2:50 PM, Jason 'XenoPhage' Frisvold > wrote: > > Hrm... pfdhcplistener only seems to be listening on localhost.. > > [root@packetfence0 pf]# netstat -anptu | grep dhcp > tcp0 0 0.0.0.0:79110.0.0.0:* > LISTEN

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/15/16 13:25, Louis Munro wrote: > Correct, except if you have routed isolation and registration networks. > DHCP relays for those should point to the PF interface for each. Hrm... pfdhcplistener only seems to be listening on localhost.. [root@packetfence0 pf]# netstat -anptu | grep dhcp

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

> On Sep 15, 2016, at 11:27 AM, Jason 'XenoPhage' Frisvold > wrote: > > Jog my memory a bit, please.. I should be using a helper-address on > each router interface to push dhcp requests to packatfence so that > pfdhcplistener can see them and act accordingly, right?

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/9/16 16:58, Louis Munro wrote: > Yes, it automatically registers the devices with the credentials sent in > the 802.1x authentication itself. Excellent, that resolved the issue. Jog my memory a bit, please.. I should be using a helper-address on each router interface to push dhcp requests

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

> On Sep 9, 2016, at 4:53 PM, Jason 'XenoPhage' Frisvold > wrote: > > That option isn't checked.. And I'm having some trouble understanding > what exactly it does. Does this effectively disable the portal for > 802.1x scenarios? If so, how do I handle a guest network

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/8/16 9:11 AM, Louis Munro wrote: > Hi Jason, > > Hi you auto-registering your devices? > There's an option for that in the portal profile configuration. That option isn't checked.. And I'm having some trouble understanding what exactly it does. Does this effectively disable the portal for

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Hi Jason, Hi you auto-registering your devices? There's an option for that in the portal profile configuration. > On Sep 7, 2016, at 5:40 PM, Jason 'XenoPhage' Frisvold > wrote: > > Am I missing a source entry? Right now it's set to the default sources > and I'm not

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/7/16 17:22, Jason 'XenoPhage' Frisvold wrote: > Aha.. found it. Ok, so I have cleartext passwords now. Just trying to > get 802.1x to behave now.. Ok, so very close to having this working now. I can log in via 802.1x, the user/pass is checked, radius returns an accept. However, the

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/7/16 17:04, Jason 'XenoPhage' Frisvold wrote: > Which is what I see in the database as well. That's obviously not a > cleartext password, though.. Is there an option I need to enable to > turn on cleartext passwords? Aha.. found it. Ok, so I have cleartext passwords now. Just trying to

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/7/16 16:52, Louis Munro wrote: > Try to find the radius debug section where it actually looks up the user > in the database. > > It may not be finding it, or finding another. > If the password is right, the username must be wrong... Ok, so looks like I found it here : (11) pflocal:

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Try to find the radius debug section where it actually looks up the user in the database. It may not be finding it, or finding another. If the password is right, the username must be wrong... > On Sep 7, 2016, at 4:49 PM, Jason 'XenoPhage' Frisvold > wrote: > > On

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/7/16 16:23, Jason 'XenoPhage' Frisvold wrote: > Wed Sep 7 16:14:39 2016 : Auth: (8) Login incorrect (mschap: > MS-CHAP2-Response is incorrect): [testuser] (from client 192.168.10.10 > port 50101 cli xx:xx:xx:xx:xx:xx via TLS tunnel) So, the googles tell me that this means that the

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

On 9/7/16 15:36, Louis Munro wrote: > Also, check that you have enabled local auth by uncommenting line 98 in > conf/radiusd/packetfence-tunnel. Ah, well.. That wasn't set properly.. Is that in the documentation somewhere and I overlooked it? I already owe you beer from that last time we did

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Also, check that you have enabled local auth by uncommenting line 98 in conf/radiusd/packetfence-tunnel. > On Sep 7, 2016, at 3:31 PM, Louis Munro wrote: > > Hi Jason, > > It's trying to use winbind for authentication. > Assuming you want to use locally defined users, it

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Interestingly, MAB works just fine. After 802.1x fails I can open a web page and log in via the packetfence portal ... On 9/7/16 15:23, Jason 'XenoPhage' Frisvold wrote: > Hi all, > > I'm trying to set up a new packetfence instance to authenticate via > 802.1x. I'm working on wired only

Re: [PacketFence-users] 802.1x and radius error : Reading winbind reply failed

Hi Jason, It's trying to use winbind for authentication. Assuming you want to use locally defined users, it should not do that. Can you send the output to # radiusd -d /usr/local/pf/raddb -n auth -X Please? It should tell us why it's doing that. > On Sep 7, 2016, at 3:23 PM, Jason