Re: [PacketFence-users] Radtest Fail

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I went through the setup as recommended by Louis. I was able to get the
machine on the domain. When I run the ntlm_auth command, I encounter the
following error message:

[root@pf-zen-esx ~]# ntlm_auth --username *****
password:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
(0xc00000da)

I didn't try the radtest command as yet, as I figured I should get this one
sorted out first.

On Mon, Jun 2, 2014 at 10:25 AM, Carla Nurse <pac...@gm...> wrote:

> I am trying to setup the RADIUS server using Active Directory and got to
> the radtest test. The LDAP connect, bind and search is successful but the
> radtest is failing. I keep getting the error message:
>
> [root@pf-zen-esx ~]# radtest dd9999 Abcd1234 localhost:18120 12 testing123
> radclient:: Failed to find IP address for pf-zen-esx
> radclient: Nothing to send.
>
> So far, I have:
> 1. Checked to make sure that the SQL password is working using the command *mysql
> -u pf -p *and checked the sql.conf file which is included below.
>
>
> [root@pf-zen-esx ~]# mysql -u pf -p
> Enter password:
> Welcome to the MySQL monitor.  Commands end with ; or \g.
>
>
> sql {
> database = "mysql"
> driver = "rlm_sql_${database}"
>
> server = "%%db_host%%"
> port = %%db_port%%
> login = "%%db_username%%"
>  password = "%%db_password%%"
>
> radius_db = "%%db_database%%"
>
>  acct_table1 = "radacct"
> acct_table2 = "radacct"
> postauth_table = "radpostauth"
>  authcheck_table = "radcheck"
> authreply_table = "radreply"
> groupcheck_table = "radgroupcheck"
>  groupreply_table = "radgroupreply"
> usergroup_table = "radusergroup"
>
>  deletestalesessions = yes
> sqltrace = no
> sqltracefile = ${logdir}/sqltrace.sql
>  num_sql_socks = 5
> connect_failure_retry_delay = 60
> lifetime = 0
>  max_queries = 0
>
> readclients = yes
> nas_table = "radius_nas"
>
> $INCLUDE sql/${database}/packetfence.conf
> }
>
>
> 2. Created a symbolic link *ln -s ../sites-available/packetfence|ln -s
> ../sites-available/packetfence-tunnel*
>
> 3. And based on another thread on this page, I checked my radiusd.conf
> file to see if $INCLUDE sql.conf was located. It was there. I have
> attached the radiusd.conf file.
>
> prefix = /usr
> exec_prefix = /usr
> sysconfdir = /etc
> localstatedir = %%install_dir%%/var
> sbindir = /usr/sbin
> logdir = %%install_dir%%/logs
> raddbdir = %%install_dir%%/var/radiusd
> radacctdir = %%install_dir%%/logs/radacct
>
> name = radiusd
>
> confdir = ${raddbdir}
> run_dir = ${localstatedir}/run
>
> db_dir = ${raddbdir}
>
> libdir = /usr/lib%%arch%%/freeradius
> pidfile = ${run_dir}/${name}.pid
>
> rpc_user   = %%rpc_user%%
> rpc_pass   = %%rpc_pass%%
> rpc_port   = 9090
> rpc_server = 127.0.0.1
> rpc_proto  = http
>
>
> user = pf
> group = pf
>
> max_request_time = 30
> cleanup_delay = 5
> max_requests = 20000
>
> listen {
>         type = auth
>         ipaddr = %%management_ip%%
>         port = 0
>  virtual_server = packetfence
> }
>
> listen {
>         ipaddr = %%management_ip%%
>         port = 0
>         type = acct
> virtual_server = packetfence
> }
>
> hostname_lookups = no
> allow_core_dumps = no
>
> regular_expressions     = yes
> extended_expressions    = yes
>
> log {
>         destination = files
>         file = ${logdir}/radius.log
>         syslog_facility = daemon
>         stripped_names = no
>         auth = yes
>         auth_badpass = no
>         auth_goodpass = no
> }
>
> checkrad = ${sbindir}/checkrad
>
> security {
>         max_attributes = 200
>         reject_delay = 1
>         status_server = yes
>         # On Centos, even if the openssl lib has been patched, freeradius
> refuse to start. Make sure you update openssl.
>         allow_vulnerable_openssl = yes
> }
>
> proxy_requests  = yes
> $INCLUDE proxy.conf
> $INCLUDE clients.conf
>
> thread pool {
>         start_servers = 5
>         max_servers = 32
>         min_spare_servers = 3
>         max_spare_servers = 10
>         max_requests_per_server = 0
> }
>
> modules {
>         $INCLUDE ${confdir}/modules/
>         $INCLUDE eap.conf
>         $INCLUDE sql.conf
> }
>
> instantiate {
>         exec
>         expr
>         expiration
>         logintime
>         raw
> }
>
> $INCLUDE policy.conf
> $INCLUDE sites-enabled/
>
>
> Is there anything else that can be done?
>
> Thank you,
> Carla
>
>