Menu
▾
▴
Re: [PacketFence-users] Auth: Login incorrect (mschap: External script says Reading winbind reply failed! (0xc0000001))
|
From: Dennis S. <ds...@me...> - 2015-08-05 15:24:30
|
Hi Louis, Thank you for your fast reply!!! I’ve changed the production domains/names/stuff to testdomain in the following log [root@testpf vlan]# ps aux | grep winbindd root 3375 0.0 0.0 187856 2696 ? Ss 14:54 0:00 /usr/sbin/winbindd -D -s /etc/samba/TESTDOMAIN.conf -l /var/log/sambaTESTDOMAIN root 3376 0.0 0.0 193072 4720 ? S 14:54 0:00 /usr/sbin/winbindd -D -s /etc/samba/TESTDOMAIN.conf -l /var/log/sambaTESTDOMAIN root 3610 0.0 0.0 105308 920 pts/3 S+ 17:21 0:00 grep winbindd [root@testpf vlan]# id -a pf uid=497(pf) gid=497(pf) Gruppen=497(pf),48(apache),496(fingerbank),88(wbpriv),495(carbon) [root@testpf vlan]# raddebug -d /usr/local/pf/raddb -t 900 Wed Aug 5 17:12:20 2015 : Debug: Received Access-Request packet from host 192.168.6.20 port 1645, id=152, length=273 Wed Aug 5 17:12:20 2015 : Debug: User-Name = "host/PC001.testdomain.com" Wed Aug 5 17:12:20 2015 : Debug: Service-Type = Framed-User Wed Aug 5 17:12:20 2015 : Debug: Framed-MTU = 1500 Wed Aug 5 17:12:20 2015 : Debug: Called-Station-Id = "00-23-34-A6-0F-06" Wed Aug 5 17:12:20 2015 : Debug: Calling-Station-Id = "70-5A-B6-A7-A5-0D" Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x0201003101686f73742f4d52444550433232312e4d5244452e65752e6d6974737562697368692d6d6f746f72732e636f6d Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0x9c0bec33223e8f6e7f4dc77a83c84222 Wed Aug 5 17:12:20 2015 : Debug: Cisco-AVPair = "audit-session-id=C0A8061400000133FDAC43C3" Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Type = Ethernet Wed Aug 5 17:12:20 2015 : Debug: NAS-Port = 50204 Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Id = "FastEthernet2/0/4" Wed Aug 5 17:12:20 2015 : Debug: NAS-IP-Address = 192.168.6.20 Wed Aug 5 17:12:20 2015 : Debug: server packetfence { Wed Aug 5 17:12:20 2015 : Debug: # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authorize { Wed Aug 5 17:12:20 2015 : Debug: [suffix] No '@' in User-Name = "host/PC001.testdomain.com", skipping NULL due to config. Wed Aug 5 17:12:20 2015 : Debug: ++[suffix] = noop Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] No '\' in User-Name = "host/PC001.testdomain.com", looking up realm NULL Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Found realm "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Adding Realm = "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Authentication realm is LOCAL. Wed Aug 5 17:12:20 2015 : Debug: ++[ntdomain] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[preprocess] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[packetfence-multi-domain] = updated Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP packet type response id 1 length 49 Wed Aug 5 17:12:20 2015 : Debug: [eap] No EAP Start, assuming it's an on-going EAP conversation Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = updated Wed Aug 5 17:12:20 2015 : Debug: ++[files] = noop Wed Aug 5 17:12:20 2015 : Debug: ++[expiration] = noop Wed Aug 5 17:12:20 2015 : Debug: ++[logintime] = noop Wed Aug 5 17:12:20 2015 : Debug: ++update request { Wed Aug 5 17:12:20 2015 : Debug: expand: %{Packet-Src-IP-Address} -> 192.168.6.20 Wed Aug 5 17:12:20 2015 : Debug: ++} # update request = noop Wed Aug 5 17:12:20 2015 : Debug: ++update control { Wed Aug 5 17:12:20 2015 : Debug: ++} # update control = noop Wed Aug 5 17:12:20 2015 : Debug: ++[packetfence] = noop Wed Aug 5 17:12:20 2015 : Debug: +} # group authorize = updated Wed Aug 5 17:12:20 2015 : Debug: Found Auth-Type = EAP Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authenticate { Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP Identity Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type tls Wed Aug 5 17:12:20 2015 : Debug: [tls] Initiate Wed Aug 5 17:12:20 2015 : Debug: [tls] Start returned 1 Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = handled Wed Aug 5 17:12:20 2015 : Debug: +} # group authenticate = handled Wed Aug 5 17:12:20 2015 : Debug: } # server packetfence Wed Aug 5 17:12:20 2015 : Debug: Sending Access-Challenge packet to host 192.168.6.20 port 1645, id=152, length=0 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x010200061920 Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0x00000000000000000000000000000000 Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaab8b7a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: Finished request 233. Wed Aug 5 17:12:20 2015 : Debug: Received Access-Request packet from host 192.168.6.20 port 1645, id=153, length=349 Wed Aug 5 17:12:20 2015 : Debug: User-Name = "host/PC001.testdomain.com" Wed Aug 5 17:12:20 2015 : Debug: Service-Type = Framed-User Wed Aug 5 17:12:20 2015 : Debug: Framed-MTU = 1500 Wed Aug 5 17:12:20 2015 : Debug: Called-Station-Id = "00-23-34-A6-0F-06" Wed Aug 5 17:12:20 2015 : Debug: Calling-Station-Id = "70-5A-B6-A7-A5-0D" Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x0202006b198000000061160301005c01000058030155c227d187d5390e88a09f095f61975ce3d454ff2ddb707bdc1547256989c7c1000018c014c0130035002fc00ac00900380032000a00130005000401000017000a00080006001700180019000b00020100ff01000100 Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0xd57553d08a8c9cc64936e30ddfd5c84b Wed Aug 5 17:12:20 2015 : Debug: Cisco-AVPair = "audit-session-id=C0A8061400000133FDAC43C3" Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Type = Ethernet Wed Aug 5 17:12:20 2015 : Debug: NAS-Port = 50204 Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Id = "FastEthernet2/0/4" Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaab8b7a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: NAS-IP-Address = 192.168.6.20 Wed Aug 5 17:12:20 2015 : Debug: server packetfence { Wed Aug 5 17:12:20 2015 : Debug: # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authorize { Wed Aug 5 17:12:20 2015 : Debug: [suffix] No '@' in User-Name = "host/PC001.testdomain.com", skipping NULL due to config. Wed Aug 5 17:12:20 2015 : Debug: ++[suffix] = noop Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] No '\' in User-Name = "host/PC001.testdomain.com", looking up realm NULL Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Found realm "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Adding Realm = "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Authentication realm is LOCAL. Wed Aug 5 17:12:20 2015 : Debug: ++[ntdomain] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[preprocess] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[packetfence-multi-domain] = updated Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP packet type response id 2 length 107 Wed Aug 5 17:12:20 2015 : Debug: [eap] Continuing tunnel setup. Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = ok Wed Aug 5 17:12:20 2015 : Debug: +} # group authorize = ok Wed Aug 5 17:12:20 2015 : Debug: Found Auth-Type = EAP Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authenticate { Wed Aug 5 17:12:20 2015 : Debug: [eap] Request found, released from the list Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP/peap Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type peap Wed Aug 5 17:12:20 2015 : Debug: [peap] processing EAP-TLS Wed Aug 5 17:12:20 2015 : Debug: [peap] Length Included Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_verify returned 11 Wed Aug 5 17:12:20 2015 : Debug: [peap] (other): before/accept initialization Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: before/accept initialization Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: SSLv3 read client hello A Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: SSLv3 write server hello A Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: SSLv3 write certificate A Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: SSLv3 write key exchange A Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: SSLv3 write server done A Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: SSLv3 flush data Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_process returned 13 Wed Aug 5 17:12:20 2015 : Debug: [peap] EAPTLS_HANDLED Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = handled Wed Aug 5 17:12:20 2015 : Debug: +} # group authenticate = handled Wed Aug 5 17:12:20 2015 : Debug: } # server packetfence Wed Aug 5 17:12:20 2015 : Debug: Sending Access-Challenge packet to host 192.168.6.20 port 1645, id=153, length=0 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x0103040019c000000546160301003902000035030155c227d48ea62a4102e5dff79a205fcb7b89744435d581c947ead031272bb65000c01400000dff01000100000b00040300010216030103aa0b0003a60003a30003a03082039c3082028402090089094e782a3d54a2300d06092a864886f70d010105050030818f310b3009060355040613024445310b300906035504080c024845310f300d06035504070c06547265627572310d300b060355040a0c044d524445310b3009060355040b0c0249543112301006035504030c096d72646573763035333132303006092a864886f70d010901162368656c706465736b406d7264652e6d697473756269 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x7368692d6d6f746f72732e636f6d301e170d3135303730383039353530325a170d3137313232343039353530325a30818f310b3009060355040613024445310b300906035504080c024845310f300d06035504070c06547265627572310d300b060355040a0c044d524445310b3009060355040b0c0249543112301006035504030c096d72646573763035333132303006092a864886f70d010901162368656c706465736b406d7264652e6d6974737562697368692d6d6f746f72732e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100acc01873efe44f998440f71a5bcd7cc09dda2708076a6362671df166 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x8e35faf8f1d1267779e4cb99b940d770b26e18553d1a4b95201bb76073ac7b9c424895051d98b94ba400b2780cd2280c063ef420afdd1bfea3bb1b96e030c5d7e09f41c67595543dcbda7e983d86b07b993b73c594089deecc23295b35e85225664d7c3ad3d208167dfb4e2ead419b7f04f92b6bc1036553760bc986fdbc5ef744afdaff23a1a1a709d688f56b3d161a439eda2e18d1adec13566829a94a8c1260ba4ce7e011df7d2590a9724825b990eb12cf1ed8eb8d6a6cce120abd32cc10dbd6c3ece6c933aaa72ae673297783a13e1c694ca0b46a2aa9ba9e3a2f12cf0440ff25c70203010001300d06092a864886f70d01010505000382010100 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x2c63dd467acd39b26fe492303adfb647094de0fc8698c039d383ec87ca895829de64ba6cd6829cdb5db9e9aadbf71711c5d3a5bf5f153e68e1df707995a91f41beadc5ac1e770ae1772bdecf09f8ece9a0d0f4376fd6feede9aaec037d6614480d45cc5ec697a84b1ed918ad9e3393da8c6a38ba9245dc90eeb68a37fe1b60d228fa1fd8f33fc990ff3dabf8e63c525d5e481be1dc0d93b262c65a426051214b62cd08407ab67083abe9689596bb98b7b96bfb648c019ae2d3825cff8ba307e2929a8efb19f9f3dba890466c8c0ba6a2a3f710e9a48f7101250dda12b565c8561544ab048cfe7e19090ed8abad5954b0cdd55579aabcb155608463c616 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x69250d160301014b0c000147 Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0x00000000000000000000000000000000 Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaab9b6a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: Finished request 234. Wed Aug 5 17:12:20 2015 : Debug: Received Access-Request packet from host 192.168.6.20 port 1645, id=154, length=248 Wed Aug 5 17:12:20 2015 : Debug: User-Name = "host/PC001.testdomain.com" Wed Aug 5 17:12:20 2015 : Debug: Service-Type = Framed-User Wed Aug 5 17:12:20 2015 : Debug: Framed-MTU = 1500 Wed Aug 5 17:12:20 2015 : Debug: Called-Station-Id = "00-23-34-A6-0F-06" Wed Aug 5 17:12:20 2015 : Debug: Calling-Station-Id = "70-5A-B6-A7-A5-0D" Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x020300061900 Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0xbddac476d931fe78a6affcea4f387fe1 Wed Aug 5 17:12:20 2015 : Debug: Cisco-AVPair = "audit-session-id=C0A8061400000133FDAC43C3" Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Type = Ethernet Wed Aug 5 17:12:20 2015 : Debug: NAS-Port = 50204 Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Id = "FastEthernet2/0/4" Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaab9b6a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: NAS-IP-Address = 192.168.6.20 Wed Aug 5 17:12:20 2015 : Debug: server packetfence { Wed Aug 5 17:12:20 2015 : Debug: # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authorize { Wed Aug 5 17:12:20 2015 : Debug: [suffix] No '@' in User-Name = "host/PC001.testdomain.com", skipping NULL due to config. Wed Aug 5 17:12:20 2015 : Debug: ++[suffix] = noop Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] No '\' in User-Name = "host/PC001.testdomain.com", looking up realm NULL Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Found realm "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Adding Realm = "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Authentication realm is LOCAL. Wed Aug 5 17:12:20 2015 : Debug: ++[ntdomain] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[preprocess] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[packetfence-multi-domain] = updated Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP packet type response id 3 length 6 Wed Aug 5 17:12:20 2015 : Debug: [eap] Continuing tunnel setup. Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = ok Wed Aug 5 17:12:20 2015 : Debug: +} # group authorize = ok Wed Aug 5 17:12:20 2015 : Debug: Found Auth-Type = EAP Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authenticate { Wed Aug 5 17:12:20 2015 : Debug: [eap] Request found, released from the list Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP/peap Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type peap Wed Aug 5 17:12:20 2015 : Debug: [peap] processing EAP-TLS Wed Aug 5 17:12:20 2015 : Debug: [peap] Received TLS ACK Wed Aug 5 17:12:20 2015 : Debug: [peap] ACK handshake fragment handler Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_verify returned 1 Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_process returned 13 Wed Aug 5 17:12:20 2015 : Debug: [peap] EAPTLS_HANDLED Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = handled Wed Aug 5 17:12:20 2015 : Debug: +} # group authenticate = handled Wed Aug 5 17:12:20 2015 : Debug: } # server packetfence Wed Aug 5 17:12:20 2015 : Debug: Sending Access-Challenge packet to host 192.168.6.20 port 1645, id=154, length=0 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x01040156190003001741040736dbf319c94598be6b15e664b7de1280ab8d1cf89e79d36ef57ceca0ed70f5c2b7fa952e904e5c82a84955818b1cde9929e012a047eee2fea13cf0232971910100161e762c08595fecc43567ea194cd1c3c3ec548c30831ddea2fb419d2a17596cdd565a74d517bc3b8bbf2285908d00384b9163b41b86d52c3a07043a21d7b4fb208e91d4d2a10d5cb618306d21b6e6cfabf10dd970c6805e2649ac35a518c9e0a7f9504d39c351f6a6a2ae564bd8bc78dd8b3ca8532c1055549c011e86b255c0932c688e7fd3de2a52649401a3f02c21c6bd49122d2deac51bfd5664ae0d05bd13d292d0ef54a57e88cc9c60dfb3fce9 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x834f01be0cae2da1fd8dc695d6a911caf0692ca7d2a65d04e8cdf503d0c946d5a2de3c07e37b7d7a96af53deee3b31107c793f5fc0d2d7796365cf86110d0960e805c826d1ca350ab3102cac79f3033316030100040e000000 Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0x00000000000000000000000000000000 Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaabab1a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: Finished request 235. Wed Aug 5 17:12:20 2015 : Debug: Received Access-Request packet from host 192.168.6.20 port 1645, id=155, length=386 Wed Aug 5 17:12:20 2015 : Debug: User-Name = "host/PC001.testdomain.com" Wed Aug 5 17:12:20 2015 : Debug: Service-Type = Framed-User Wed Aug 5 17:12:20 2015 : Debug: Framed-MTU = 1500 Wed Aug 5 17:12:20 2015 : Debug: Called-Station-Id = "00-23-34-A6-0F-06" Wed Aug 5 17:12:20 2015 : Debug: Calling-Station-Id = "70-5A-B6-A7-A5-0D" Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x02040090198000000086160301004610000042410495b6854d8a752296caa640d822761e6cb7aa414a832efa01ccf4464fd5aa96205c7a1b07d256163335ec8a5b648b68c790990a1d5fa42f69c4ab39f949510b571403010001011603010030443aac7f8bb615456b2b758005388fb98cf72f7ed19f43c801a133deeb4e5875c4692dbe294c342103bb4662312eec7c Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0xbbf35334dbff19d7a5384412b0c95d7c Wed Aug 5 17:12:20 2015 : Debug: Cisco-AVPair = "audit-session-id=C0A8061400000133FDAC43C3" Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Type = Ethernet Wed Aug 5 17:12:20 2015 : Debug: NAS-Port = 50204 Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Id = "FastEthernet2/0/4" Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaabab1a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: NAS-IP-Address = 192.168.6.20 Wed Aug 5 17:12:20 2015 : Debug: server packetfence { Wed Aug 5 17:12:20 2015 : Debug: # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authorize { Wed Aug 5 17:12:20 2015 : Debug: [suffix] No '@' in User-Name = "host/PC001.testdomain.com", skipping NULL due to config. Wed Aug 5 17:12:20 2015 : Debug: ++[suffix] = noop Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] No '\' in User-Name = "host/PC001.testdomain.com", looking up realm NULL Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Found realm "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Adding Realm = "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Authentication realm is LOCAL. Wed Aug 5 17:12:20 2015 : Debug: ++[ntdomain] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[preprocess] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[packetfence-multi-domain] = updated Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP packet type response id 4 length 144 Wed Aug 5 17:12:20 2015 : Debug: [eap] Continuing tunnel setup. Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = ok Wed Aug 5 17:12:20 2015 : Debug: +} # group authorize = ok Wed Aug 5 17:12:20 2015 : Debug: Found Auth-Type = EAP Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authenticate { Wed Aug 5 17:12:20 2015 : Debug: [eap] Request found, released from the list Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP/peap Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type peap Wed Aug 5 17:12:20 2015 : Debug: [peap] processing EAP-TLS Wed Aug 5 17:12:20 2015 : Debug: [peap] Length Included Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_verify returned 11 Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: SSLv3 read client key exchange A Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: SSLv3 read finished A Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: SSLv3 write change cipher spec A Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: SSLv3 write finished A Wed Aug 5 17:12:20 2015 : Debug: [peap] TLS_accept: SSLv3 flush data Wed Aug 5 17:12:20 2015 : Debug: [peap] (other): SSL negotiation finished successfully Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_process returned 13 Wed Aug 5 17:12:20 2015 : Debug: [peap] EAPTLS_HANDLED Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = handled Wed Aug 5 17:12:20 2015 : Debug: +} # group authenticate = handled Wed Aug 5 17:12:20 2015 : Debug: } # server packetfence Wed Aug 5 17:12:20 2015 : Debug: Sending Access-Challenge packet to host 192.168.6.20 port 1645, id=155, length=0 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x010500411900140301000101160301003038d7cbe44a41a550f72fde5c0f59f4c3036dffa5cc87753d72152a94a48cd44773c697f05f5a0b688351b5da408e9ada Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0x00000000000000000000000000000000 Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaabbb0a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: Finished request 236. Wed Aug 5 17:12:20 2015 : Debug: Received Access-Request packet from host 192.168.6.20 port 1645, id=156, length=248 Wed Aug 5 17:12:20 2015 : Debug: User-Name = "host/PC001.testdomain.com" Wed Aug 5 17:12:20 2015 : Debug: Service-Type = Framed-User Wed Aug 5 17:12:20 2015 : Debug: Framed-MTU = 1500 Wed Aug 5 17:12:20 2015 : Debug: Called-Station-Id = "00-23-34-A6-0F-06" Wed Aug 5 17:12:20 2015 : Debug: Calling-Station-Id = "70-5A-B6-A7-A5-0D" Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x020500061900 Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0xa619dfa8d8b0b06faba1e3919982b2fb Wed Aug 5 17:12:20 2015 : Debug: Cisco-AVPair = "audit-session-id=C0A8061400000133FDAC43C3" Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Type = Ethernet Wed Aug 5 17:12:20 2015 : Debug: NAS-Port = 50204 Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Id = "FastEthernet2/0/4" Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaabbb0a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: NAS-IP-Address = 192.168.6.20 Wed Aug 5 17:12:20 2015 : Debug: server packetfence { Wed Aug 5 17:12:20 2015 : Debug: # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authorize { Wed Aug 5 17:12:20 2015 : Debug: [suffix] No '@' in User-Name = "host/PC001.testdomain.com", skipping NULL due to config. Wed Aug 5 17:12:20 2015 : Debug: ++[suffix] = noop Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] No '\' in User-Name = "host/PC001.testdomain.com", looking up realm NULL Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Found realm "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Adding Realm = "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Authentication realm is LOCAL. Wed Aug 5 17:12:20 2015 : Debug: ++[ntdomain] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[preprocess] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[packetfence-multi-domain] = updated Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP packet type response id 5 length 6 Wed Aug 5 17:12:20 2015 : Debug: [eap] Continuing tunnel setup. Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = ok Wed Aug 5 17:12:20 2015 : Debug: +} # group authorize = ok Wed Aug 5 17:12:20 2015 : Debug: Found Auth-Type = EAP Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authenticate { Wed Aug 5 17:12:20 2015 : Debug: [eap] Request found, released from the list Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP/peap Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type peap Wed Aug 5 17:12:20 2015 : Debug: [peap] processing EAP-TLS Wed Aug 5 17:12:20 2015 : Debug: [peap] Received TLS ACK Wed Aug 5 17:12:20 2015 : Debug: [peap] ACK handshake is finished Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_verify returned 3 Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_process returned 3 Wed Aug 5 17:12:20 2015 : Debug: [peap] EAPTLS_SUCCESS Wed Aug 5 17:12:20 2015 : Debug: [peap] Session established. Decoding tunneled attributes. Wed Aug 5 17:12:20 2015 : Debug: [peap] Peap state TUNNEL ESTABLISHED Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = handled Wed Aug 5 17:12:20 2015 : Debug: +} # group authenticate = handled Wed Aug 5 17:12:20 2015 : Debug: } # server packetfence Wed Aug 5 17:12:20 2015 : Debug: Sending Access-Challenge packet to host 192.168.6.20 port 1645, id=156, length=0 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x0106002b19001703010020646bf03bb802dd05a8f23b3fed52add47e96d8578c5c1baba8c4a9ffcb2c3cd1 Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0x00000000000000000000000000000000 Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaabcb3a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: Finished request 237. Wed Aug 5 17:12:20 2015 : Debug: Received Access-Request packet from host 192.168.6.20 port 1645, id=157, length=333 Wed Aug 5 17:12:20 2015 : Debug: User-Name = "host/PC001.testdomain.com" Wed Aug 5 17:12:20 2015 : Debug: Service-Type = Framed-User Wed Aug 5 17:12:20 2015 : Debug: Framed-MTU = 1500 Wed Aug 5 17:12:20 2015 : Debug: Called-Station-Id = "00-23-34-A6-0F-06" Wed Aug 5 17:12:20 2015 : Debug: Calling-Station-Id = "70-5A-B6-A7-A5-0D" Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x0206005b19001703010050c5fe95e849003770f61951d2bcfc1b3e92ec5892ec3ef819c80fa8e5d449a6f8ebd4a3b567319c94b6b152a0518f23dc7d0b25d87faf0ca04094ef30c003dfc530a9704bb768ac0188e3ac3961444dc1 Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0x899318c420c713a21f030934c967bf04 Wed Aug 5 17:12:20 2015 : Debug: Cisco-AVPair = "audit-session-id=C0A8061400000133FDAC43C3" Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Type = Ethernet Wed Aug 5 17:12:20 2015 : Debug: NAS-Port = 50204 Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Id = "FastEthernet2/0/4" Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaabcb3a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: NAS-IP-Address = 192.168.6.20 Wed Aug 5 17:12:20 2015 : Debug: server packetfence { Wed Aug 5 17:12:20 2015 : Debug: # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authorize { Wed Aug 5 17:12:20 2015 : Debug: [suffix] No '@' in User-Name = "host/PC001.testdomain.com", skipping NULL due to config. Wed Aug 5 17:12:20 2015 : Debug: ++[suffix] = noop Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] No '\' in User-Name = "host/PC001.testdomain.com", looking up realm NULL Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Found realm "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Adding Realm = "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Authentication realm is LOCAL. Wed Aug 5 17:12:20 2015 : Debug: ++[ntdomain] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[preprocess] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[packetfence-multi-domain] = updated Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP packet type response id 6 length 91 Wed Aug 5 17:12:20 2015 : Debug: [eap] Continuing tunnel setup. Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = ok Wed Aug 5 17:12:20 2015 : Debug: +} # group authorize = ok Wed Aug 5 17:12:20 2015 : Debug: Found Auth-Type = EAP Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authenticate { Wed Aug 5 17:12:20 2015 : Debug: [eap] Request found, released from the list Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP/peap Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type peap Wed Aug 5 17:12:20 2015 : Debug: [peap] processing EAP-TLS Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_verify returned 7 Wed Aug 5 17:12:20 2015 : Debug: [peap] Done initial handshake Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_process returned 7 Wed Aug 5 17:12:20 2015 : Debug: [peap] EAPTLS_OK Wed Aug 5 17:12:20 2015 : Debug: [peap] Session established. Decoding tunneled attributes. Wed Aug 5 17:12:20 2015 : Debug: [peap] Peap state WAITING FOR INNER IDENTITY Wed Aug 5 17:12:20 2015 : Debug: [peap] Identity - host/PC001.testdomain.com Wed Aug 5 17:12:20 2015 : Debug: [peap] Got inner identity 'host/PC001.testdomain.com' Wed Aug 5 17:12:20 2015 : Debug: [peap] Setting default EAP type for tunneled EAP session. Wed Aug 5 17:12:20 2015 : Debug: [peap] Setting User-Name to host/PC001.testdomain.com Wed Aug 5 17:12:20 2015 : Debug: # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence-tunnel Wed Aug 5 17:12:20 2015 : Debug: +group authorize { Wed Aug 5 17:12:20 2015 : Debug: [suffix] No '@' in User-Name = "host/PC001.testdomain.com", skipping NULL due to config. Wed Aug 5 17:12:20 2015 : Debug: ++[suffix] = noop Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] No '\' in User-Name = "host/PC001.testdomain.com", looking up realm NULL Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Found realm "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Adding Realm = "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Authentication realm is LOCAL. Wed Aug 5 17:12:20 2015 : Debug: ++[ntdomain] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[packetfence-multi-domain] = updated Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP packet type response id 6 length 49 Wed Aug 5 17:12:20 2015 : Debug: [eap] No EAP Start, assuming it's an on-going EAP conversation Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = updated Wed Aug 5 17:12:20 2015 : Debug: ++[files] = noop Wed Aug 5 17:12:20 2015 : Debug: ++[expiration] = noop Wed Aug 5 17:12:20 2015 : Debug: ++[logintime] = noop Wed Aug 5 17:12:20 2015 : Debug: +} # group authorize = updated Wed Aug 5 17:12:20 2015 : Debug: Found Auth-Type = EAP Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence-tunnel Wed Aug 5 17:12:20 2015 : Debug: +group authenticate { Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP Identity Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type mschapv2 Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = handled Wed Aug 5 17:12:20 2015 : Debug: +} # group authenticate = handled Wed Aug 5 17:12:20 2015 : Debug: [peap] Got tunneled Access-Challenge Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = handled Wed Aug 5 17:12:20 2015 : Debug: +} # group authenticate = handled Wed Aug 5 17:12:20 2015 : Debug: } # server packetfence Wed Aug 5 17:12:20 2015 : Debug: Sending Access-Challenge packet to host 192.168.6.20 port 1645, id=157, length=0 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x0107006b19001703010060f9ae5d1cb52be11233a936a009c92e11d665c8cd0049b35bb6a925106a8b077eba7003bd5a1915867246a01a710251853fcf1557446b2e9339a4260824ea47bd4fd6ef458cc30417c333cebdae2e45d413a840141cab9f68e4cb5ae324d86721 Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0x00000000000000000000000000000000 Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaabdb2a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: Finished request 238. Wed Aug 5 17:12:20 2015 : Debug: Received Access-Request packet from host 192.168.6.20 port 1645, id=158, length=381 Wed Aug 5 17:12:20 2015 : Debug: User-Name = "host/PC001.testdomain.com" Wed Aug 5 17:12:20 2015 : Debug: Service-Type = Framed-User Wed Aug 5 17:12:20 2015 : Debug: Framed-MTU = 1500 Wed Aug 5 17:12:20 2015 : Debug: Called-Station-Id = "00-23-34-A6-0F-06" Wed Aug 5 17:12:20 2015 : Debug: Calling-Station-Id = "70-5A-B6-A7-A5-0D" Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x0207008b19001703010080a2e58f02df6e75c0463c00e039b7222b4c05b236fbafd564ae71b68c449e59355545a43ce12fcb190a5ad66ce071e7a656b0b8aa357dfe66cc8bc91b71763fe68ea15f3ab350a71f4cf6727cdbec569d7fdea52f7c3a9894c68b52838811dbd370e67208e9c1b2fc9cb9bc072067dab25519621261e50fe18f42d584484491de Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0xf4fab1a8ae226f8ed14a36f56dd19249 Wed Aug 5 17:12:20 2015 : Debug: Cisco-AVPair = "audit-session-id=C0A8061400000133FDAC43C3" Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Type = Ethernet Wed Aug 5 17:12:20 2015 : Debug: NAS-Port = 50204 Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Id = "FastEthernet2/0/4" Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaabdb2a47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: NAS-IP-Address = 192.168.6.20 Wed Aug 5 17:12:20 2015 : Debug: server packetfence { Wed Aug 5 17:12:20 2015 : Debug: # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authorize { Wed Aug 5 17:12:20 2015 : Debug: [suffix] No '@' in User-Name = "host/PC001.testdomain.com", skipping NULL due to config. Wed Aug 5 17:12:20 2015 : Debug: ++[suffix] = noop Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] No '\' in User-Name = "host/PC001.testdomain.com", looking up realm NULL Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Found realm "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Adding Realm = "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Authentication realm is LOCAL. Wed Aug 5 17:12:20 2015 : Debug: ++[ntdomain] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[preprocess] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[packetfence-multi-domain] = updated Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP packet type response id 7 length 139 Wed Aug 5 17:12:20 2015 : Debug: [eap] Continuing tunnel setup. Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = ok Wed Aug 5 17:12:20 2015 : Debug: +} # group authorize = ok Wed Aug 5 17:12:20 2015 : Debug: Found Auth-Type = EAP Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authenticate { Wed Aug 5 17:12:20 2015 : Debug: [eap] Request found, released from the list Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP/peap Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type peap Wed Aug 5 17:12:20 2015 : Debug: [peap] processing EAP-TLS Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_verify returned 7 Wed Aug 5 17:12:20 2015 : Debug: [peap] Done initial handshake Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_process returned 7 Wed Aug 5 17:12:20 2015 : Debug: [peap] EAPTLS_OK Wed Aug 5 17:12:20 2015 : Debug: [peap] Session established. Decoding tunneled attributes. Wed Aug 5 17:12:20 2015 : Debug: [peap] Peap state phase2 Wed Aug 5 17:12:20 2015 : Debug: [peap] EAP type mschapv2 Wed Aug 5 17:12:20 2015 : Debug: [peap] Setting User-Name to host/PC001.testdomain.com Wed Aug 5 17:12:20 2015 : Debug: # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence-tunnel Wed Aug 5 17:12:20 2015 : Debug: +group authorize { Wed Aug 5 17:12:20 2015 : Debug: [suffix] No '@' in User-Name = "host/PC001.testdomain.com", skipping NULL due to config. Wed Aug 5 17:12:20 2015 : Debug: ++[suffix] = noop Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] No '\' in User-Name = "host/PC001.testdomain.com", looking up realm NULL Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Found realm "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Adding Realm = "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Authentication realm is LOCAL. Wed Aug 5 17:12:20 2015 : Debug: ++[ntdomain] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[packetfence-multi-domain] = updated Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP packet type response id 7 length 103 Wed Aug 5 17:12:20 2015 : Debug: [eap] No EAP Start, assuming it's an on-going EAP conversation Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = updated Wed Aug 5 17:12:20 2015 : Debug: ++[files] = noop Wed Aug 5 17:12:20 2015 : Debug: ++[expiration] = noop Wed Aug 5 17:12:20 2015 : Debug: ++[logintime] = noop Wed Aug 5 17:12:20 2015 : Debug: +} # group authorize = updated Wed Aug 5 17:12:20 2015 : Debug: Found Auth-Type = EAP Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence-tunnel Wed Aug 5 17:12:20 2015 : Debug: +group authenticate { Wed Aug 5 17:12:20 2015 : Debug: [eap] Request found, released from the list Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP/mschapv2 Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type mschapv2 Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence-tunnel Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] +group MS-CHAP { Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++? if (PacketFence-Domain) Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ? Evaluating (PacketFence-Domain) -> FALSE Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++? if (PacketFence-Domain) -> FALSE Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++else else { Wed Aug 5 17:12:20 2015 : Debug: [mschap] Creating challenge hash with username: host/PC001.testdomain.com Wed Aug 5 17:12:20 2015 : Debug: [mschap] Client is using MS-CHAPv2 for host/PC001.testdomain.com, we need NT-Password Wed Aug 5 17:12:20 2015 : Debug: [mschap] expand: %{Stripped-User-Name} -> Wed Aug 5 17:12:20 2015 : Debug: [mschap] ... expanding second conditional Wed Aug 5 17:12:20 2015 : Debug: [mschap] expand: %{mschap:User-Name:-None} -> PC001$ Wed Aug 5 17:12:20 2015 : Debug: [mschap] expand: --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} -> --username=PC001$ Wed Aug 5 17:12:20 2015 : Debug: [mschap] Creating challenge hash with username: host/PC001.testdomain.com Wed Aug 5 17:12:20 2015 : Debug: [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=008ed3fa50ed746a Wed Aug 5 17:12:20 2015 : Debug: [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=5ddae5e07d7a2dc1733531fce4eb8a772ad350309533952d Wed Aug 5 17:12:20 2015 : Debug: [mschap] Exec: program returned: 1 Wed Aug 5 17:12:20 2015 : Debug: [mschap] External script failed. Wed Aug 5 17:12:20 2015 : Debug: [mschap] FAILED: MS-CHAP2-Response is incorrect Wed Aug 5 17:12:20 2015 : Debug: +++[mschap] = reject Wed Aug 5 17:12:20 2015 : Debug: ++} # else else = reject Wed Aug 5 17:12:20 2015 : Debug: +} # group MS-CHAP = reject Wed Aug 5 17:12:20 2015 : Debug: [eap] Freeing handler Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = reject Wed Aug 5 17:12:20 2015 : Debug: +} # group authenticate = reject Wed Aug 5 17:12:20 2015 : Debug: Failed to authenticate the user. Wed Aug 5 17:12:20 2015 : Debug: Using Post-Auth-Type REJECT Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence-tunnel Wed Aug 5 17:12:20 2015 : Debug: +group REJECT { Wed Aug 5 17:12:20 2015 : Debug: [attr_filter.access_reject] expand: %{User-Name} -> host/PC001.testdomain.com Wed Aug 5 17:12:20 2015 : Debug: ++[attr_filter.access_reject] = updated Wed Aug 5 17:12:20 2015 : Debug: +} # group REJECT = updated Wed Aug 5 17:12:20 2015 : Debug: [peap] Tunneled authentication was rejected. Wed Aug 5 17:12:20 2015 : Debug: [peap] FAILURE Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = handled Wed Aug 5 17:12:20 2015 : Debug: +} # group authenticate = handled Wed Aug 5 17:12:20 2015 : Debug: } # server packetfence Wed Aug 5 17:12:20 2015 : Debug: Sending Access-Challenge packet to host 192.168.6.20 port 1645, id=158, length=0 Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x0108002b190017030100204c628be19ad68b1845cd55ccea0e2f1912bc6a921a836f337716c01c779fe418 Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0x00000000000000000000000000000000 Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaabebda47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: Finished request 239. Wed Aug 5 17:12:20 2015 : Debug: Received Access-Request packet from host 192.168.6.20 port 1645, id=159, length=285 Wed Aug 5 17:12:20 2015 : Debug: User-Name = "host/PC001.testdomain.com" Wed Aug 5 17:12:20 2015 : Debug: Service-Type = Framed-User Wed Aug 5 17:12:20 2015 : Debug: Framed-MTU = 1500 Wed Aug 5 17:12:20 2015 : Debug: Called-Station-Id = "00-23-34-A6-0F-06" Wed Aug 5 17:12:20 2015 : Debug: Calling-Station-Id = "70-5A-B6-A7-A5-0D" Wed Aug 5 17:12:20 2015 : Debug: EAP-Message = 0x0208002b190017030100202c1ad2c72d57dd0962f0f0cc14d67ce557d1c2e61e042671568b7cb47c13b82c Wed Aug 5 17:12:20 2015 : Debug: Message-Authenticator = 0x5d7f54c4cd315911f89eb8c6856e11ed Wed Aug 5 17:12:20 2015 : Debug: Cisco-AVPair = "audit-session-id=C0A8061400000133FDAC43C3" Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Type = Ethernet Wed Aug 5 17:12:20 2015 : Debug: NAS-Port = 50204 Wed Aug 5 17:12:20 2015 : Debug: NAS-Port-Id = "FastEthernet2/0/4" Wed Aug 5 17:12:20 2015 : Debug: State = 0xb8b5bdaabebda47b1e14eb19b1742af4 Wed Aug 5 17:12:20 2015 : Debug: NAS-IP-Address = 192.168.6.20 Wed Aug 5 17:12:20 2015 : Debug: server packetfence { Wed Aug 5 17:12:20 2015 : Debug: # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authorize { Wed Aug 5 17:12:20 2015 : Debug: [suffix] No '@' in User-Name = "host/PC001.testdomain.com", skipping NULL due to config. Wed Aug 5 17:12:20 2015 : Debug: ++[suffix] = noop Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] No '\' in User-Name = "host/PC001.testdomain.com", looking up realm NULL Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Found realm "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Adding Realm = "NULL" Wed Aug 5 17:12:20 2015 : Debug: [ntdomain] Authentication realm is LOCAL. Wed Aug 5 17:12:20 2015 : Debug: ++[ntdomain] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[preprocess] = ok Wed Aug 5 17:12:20 2015 : Debug: ++[packetfence-multi-domain] = updated Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP packet type response id 8 length 43 Wed Aug 5 17:12:20 2015 : Debug: [eap] Continuing tunnel setup. Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = ok Wed Aug 5 17:12:20 2015 : Debug: +} # group authorize = ok Wed Aug 5 17:12:20 2015 : Debug: Found Auth-Type = EAP Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group authenticate { Wed Aug 5 17:12:20 2015 : Debug: [eap] Request found, released from the list Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP/peap Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type peap Wed Aug 5 17:12:20 2015 : Debug: [peap] processing EAP-TLS Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_verify returned 7 Wed Aug 5 17:12:20 2015 : Debug: [peap] Done initial handshake Wed Aug 5 17:12:20 2015 : Debug: [peap] eaptls_process returned 7 Wed Aug 5 17:12:20 2015 : Debug: [peap] EAPTLS_OK Wed Aug 5 17:12:20 2015 : Debug: [peap] Session established. Decoding tunneled attributes. Wed Aug 5 17:12:20 2015 : Debug: [peap] Peap state send tlv failure Wed Aug 5 17:12:20 2015 : Debug: [peap] Received EAP-TLV response. Wed Aug 5 17:12:20 2015 : Debug: [peap] The users session was previously rejected: returning reject (again.) Wed Aug 5 17:12:20 2015 : Debug: [peap] *** This means you need to read the PREVIOUS messages in the debug output Wed Aug 5 17:12:20 2015 : Debug: [peap] *** to find out the reason why the user was rejected. Wed Aug 5 17:12:20 2015 : Debug: [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. Wed Aug 5 17:12:20 2015 : Debug: [peap] *** what went wrong, and how to fix the problem. Wed Aug 5 17:12:20 2015 : Debug: [eap] Handler failed in EAP/peap Wed Aug 5 17:12:20 2015 : Debug: [eap] Failed in EAP select Wed Aug 5 17:12:20 2015 : Debug: ++[eap] = invalid Wed Aug 5 17:12:20 2015 : Debug: +} # group authenticate = invalid Wed Aug 5 17:12:20 2015 : Debug: Failed to authenticate the user. Wed Aug 5 17:12:20 2015 : Debug: } # server packetfence Wed Aug 5 17:12:20 2015 : Debug: Using Post-Auth-Type REJECT Wed Aug 5 17:12:20 2015 : Debug: # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence Wed Aug 5 17:12:20 2015 : Debug: +group REJECT { Wed Aug 5 17:12:20 2015 : Debug: [attr_filter.access_reject] expand: %{User-Name} -> host/PC001.testdomain.com Wed Aug 5 17:12:20 2015 : Debug: ++[attr_filter.access_reject] = updated Wed Aug 5 17:12:20 2015 : Debug: +} # group REJECT = updated Wed Aug 5 17:12:20 2015 : Debug: Delaying reject of request 240 for 1 seconds Wed Aug 5 17:12:21 2015 : Debug: Sending delayed reject for request 240 Wed Aug 5 17:12:21 2015 : Debug: Sending Access-Reject packet to host 192.168.6.20 port 1645, id=159, length=0 Wed Aug 5 17:12:21 2015 : Debug: EAP-Message = 0x04080004 Wed Aug 5 17:12:21 2015 : Debug: Message-Authenticator = 0x00000000000000000000000000000000 Wed Aug 5 17:12:25 2015 : Debug: Cleaning up request 233 ID 152 with timestamp +11941 Wed Aug 5 17:12:25 2015 : Debug: Cleaning up request 234 ID 153 with timestamp +11941 Wed Aug 5 17:12:25 2015 : Debug: Cleaning up request 235 ID 154 with timestamp +11941 Wed Aug 5 17:12:25 2015 : Debug: Cleaning up request 236 ID 155 with timestamp +11941 Wed Aug 5 17:12:25 2015 : Debug: Cleaning up request 237 ID 156 with timestamp +11941 Wed Aug 5 17:12:25 2015 : Debug: Cleaning up request 238 ID 157 with timestamp +11941 Wed Aug 5 17:12:25 2015 : Debug: Cleaning up request 239 ID 158 with timestamp +11941 Wed Aug 5 17:12:26 2015 : Debug: Cleaning up request 240 ID 159 with timestamp +11941 Von: Louis Munro Antworten an: "pac...@li...<mailto:pac...@li...>" Datum: Mittwoch, 5. August 2015 17:06 An: "pac...@li...<mailto:pac...@li...>" Betreff: Re: [PacketFence-users] Auth: Login incorrect (mschap: External script says Reading winbind reply failed! (0xc0000001)) Hi Dennis, Let’s try the obvious first: - Is winbind actually running? - is pf in the wbpriv group? ( run ‘id -a pf’ ) Then the less obvious stuff: Run a freeradius debugging session for a Computer authentication and post the whole output: # raddebug -d /usr/local/pf/raddb -t 900 It may have to do with the way your realms are defined. We’ll need the output to find out. Regards, -- Louis Munro lm...@in...<mailto:lm...@in...> :: www.inverse.ca<http://www.inverse.ca> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>) On Aug 5, 2015, at 11:00 , Dennis Schulmeyer <ds...@me...<mailto:ds...@me...>> wrote: Hi all, after upgrading to 5.3.1 I receive the error Wed Aug 5 16:39:39 2015 : Auth: Login incorrect (mschap: External script says Reading winbind reply failed! (0xc0000001)) for a AD "machines" Users Source.. the „users“ users source works perfectly… I found some old hints, that the winbindd has insufficient right to winbindd-privileged, but they seem to be correct.. any hints? thank you in advance! ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users |
