Re: [PacketFence-users] Packetfence not moving to next source in list

[Durand f. <fd...@in...>]

Hello Jordan,

the error message is related to ntlm, so it mean that it try to 
authenticate the student account on the AD.

When it fail in freeradius then the radius request doesn't reach the 
packetfence code to test the authentication sources with the rules.

So you need to find a way to authenticate your student with 802.1x and 
is it possible to do 802.1x with G suite ?

Regards

Fabrice


Le 19-10-03 à 16 h 23, Jordan Dare via PacketFence-users a écrit :
> Hi all,
>
> I'm having issues getting a wireless profile to use the secondary LDAP
> source instead of the Active Directory source when authentication
> fails.
>
> What I have is our internal AD server that has all staff accounts,
> etc. And an stunnel proxy to G-Suite LDAP which contains our student
> accounts.
>
> What I want to happen is if authentication fails for the first Active
> Directory source, it then tries the stunnel G Suite LDAP, however it
> seems to hit the AD source, get a "authentication failed", and then
> stop there.
>
> Here's what the "RADIUS" tab on the failed authentication shows:
> Module-Failure-Message = "chrooted_mschap: Program returned code (1)
> and output 'The attempted logon is invalid. This is either due to a
> bad username or authentication information. (0xc000006d)'"
> Module-Failure-Message = "chrooted_mschap: External script says: The
> attempted logon is invalid. This is either due to a bad username or
> authentication information. (0xc000006d)"
> Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is incorrect"
> User-Password = "******"
> Module-Failure-Message = "Failed retrieving values required to
> evaluate condition"
>
> Thanks.
> --
>
> Jordan Dare
>
> Information Technology Specialist
>
> Morgan Hill Unified School District
>
>
> _______________________________________________
> PacketFence-users mailing list
> Pac...@li...
> https://lists.sourceforge.net/lists/listinfo/packetfence-users