My freeradius server seems to be falling back to local authentication rather than piping it out to our ADS server.  If I create a local user on the radius box authentication is successful.  Can anyone please help with this?  All relevant info I can think of is below.

 

Samba connection works fine, I’ve joined the linux box (red hat 6.2) to the domain.

Kinit connection runs fine.

Edited Testparm results are:

Load smb config files from /etc/samba/smb.conf

rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)

Loaded services file OK.

Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

 

[global]

        workgroup = workgroup

        realm = INTERNAL.DOMAIN.CO.UK

        server string = server01

        interfaces = 10.1.3.9/24

        security = ADS

        client NTLMv2 auth = Yes

        log level = 1 winbind:5 auth:3

        load printers = No

        idmap uid = 10000-45000

        idmap gid = 10000-45000

        winbind use default domain = Yes

        cups options = raw

 

net ads lookup dcs shows a domain controller

chgrp radiusd /var/lib/samba/winbindd_privileged/ has been run

ntlm_auth –username give result: NT_STATUS_OK: Success (0x0)

 

cropped debug output:

 

Ready to process requests.

rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=50, length=152

                NAS-IP-Address = 10.1.1.22

                NAS-Port = 50001

                Cisco-NAS-Port = "FastEthernet0/1"

                NAS-Port-Type = Ethernet

                User-Name = "sm18818"

                Called-Station-Id = "00-16-47-F7-32-41"

                Calling-Station-Id = "00-24-54-42-86-04"

                Service-Type = Framed-User

                Framed-MTU = 1500

                EAP-Message = 0x0200000c01736d3138383138

                Message-Authenticator = 0xa49f7bb9beab7a89b485841f3a600993

server packetfence {

# Executing section authorize from file /etc/raddb/sites-enabled/packetfence

+- entering group authorize {...}

[suffix] No '@' in User-Name = "sm18818", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[preprocess] returns ok

[eap] EAP packet type response id 0 length 12

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

rlm_perl: Added pair NAS-Port-Type = Ethernet

rlm_perl: Added pair Service-Type = Framed-User

rlm_perl: Added pair Calling-Station-Id = 00-24-54-42-86-04

rlm_perl: Added pair Called-Station-Id = 00-16-47-F7-32-41

rlm_perl: Added pair Cisco-NAS-Port = FastEthernet0/1

rlm_perl: Added pair Message-Authenticator = 0xa49f7bb9beab7a89b485841f3a600993

rlm_perl: Added pair User-Name = sm18818

rlm_perl: Added pair EAP-Message = 0x0200000c01736d3138383138

rlm_perl: Added pair EAP-Type = Identity

rlm_perl: Added pair NAS-IP-Address = 10.1.1.22

rlm_perl: Added pair NAS-Port = 50001

rlm_perl: Added pair Framed-MTU = 1500

rlm_perl: Added pair Auth-Type = EAP

++[packetfence] returns noop

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/packetfence

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type tls

[tls] Initiate

[tls] Start returned 1

++[eap] returns handled

} # server packetfence

Sending Access-Challenge of id 50 to 10.1.1.22 port 1812

                EAP-Message = 0x010100061920

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x7c7cc4a17c7ddd7defb2c24478e29151

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=51, length=263

                NAS-IP-Address = 10.1.1.22

                NAS-Port = 50001

                Cisco-NAS-Port = "FastEthernet0/1"

                NAS-Port-Type = Ethernet

                User-Name = "sm18818"

                Called-Station-Id = "00-16-47-F7-32-41"

                Calling-Station-Id = "00-24-54-42-86-04"

                Service-Type = Framed-User

                Framed-MTU = 1500

                State = 0x7c7cc4a17c7ddd7defb2c24478e29151

                EAP-Message = 0x0201006919800000005f160301005a0100005603014f9017be440f4cbc99f67ffe587f648545f74cc832daa9e43857f7ce7ac48e42000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100

                Message-Authenticator = 0xaae583362e9a580324ffe1459a30e524

server packetfence {

# Executing section authorize from file /etc/raddb/sites-enabled/packetfence

+- entering group authorize {...}

[suffix] No '@' in User-Name = "sm18818", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[preprocess] returns ok

[eap] EAP packet type response id 1 length 105

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/packetfence

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

  TLS Length 95

[peap] Length Included

[peap] eaptls_verify returned 11

[peap]     (other): before/accept initialization

[peap]     TLS_accept: before/accept initialization

[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello 

[peap]     TLS_accept: SSLv3 read client hello A

[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello 

[peap]     TLS_accept: SSLv3 write server hello A

[peap] >>> TLS 1.0 Handshake [length 0419], Certificate 

[peap]     TLS_accept: SSLv3 write certificate A

[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 

[peap]     TLS_accept: SSLv3 write server done A

[peap]     TLS_accept: SSLv3 flush data

[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A

In SSL Handshake Phase

In SSL Accept mode 

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] returns handled

} # server packetfence

Sending Access-Challenge of id 51 to 10.1.1.22 port 1812

                EAP-Message = 0x0102040019c00000045d16030100310200002d03014f90179057e896056f57af82c6f54e60041737802441091408cb5086b96cb93500002f000005ff0100010016030104190b00041500041200040f3082040b308202f3a0030201020209008457e87e4346de7f300d06092a864886f70d010105050030819b310b30090603550406130247423110300e06035504080c07436172646966663110300e06035504070c074361726469666631283026060355040a0c1f43617264696666204d6574726f706f6c6974616e20556e697665727369747931293027060355040b0c204c69627261727920616e6420496e666f726d6174696f6e20536572766963

                EAP-Message = 0x65733113301106035504030c0a68616c6c736e61633031301e170d3132303431363138303930385a170d3133303431363138303930385a30819b310b30090603550406130247423110300e06035504080c07436172646966663110300e06035504070c074361726469666631283026060355040a0c1f43617264696666204d6574726f706f6c6974616e20556e697665727369747931293027060355040b0c204c69627261727920616e6420496e666f726d6174696f6e2053657276696365733113301106035504030c0a68616c6c736e6163303130820122300d06092a864886f70d01010105000382010f003082010a0282010100be9c9265f0fd69

                EAP-Message = 0x36b44a273f0b3bf8aafa36904d3dec8d392bc1bc9d52c73cd83c34fc418e4ae116847ed462411d54e7f78d586e53c05e5a59a08327cdafdebd2d06fe22a08ffabab004fefdde1b2b005a2d17c114b5b262122f8ff5d3ae89b2b3debd83a134a3c504f57c0e46cdc201d51b343a8243167b95478d92c2b2289e6516219bda5daf1b64d2599512f41a35cc1cb749cecc637e905880e7794ae637e1f52bc9d62e8a73444ffe0e164888574d9afdb7ab3ee30c09296a6d299337796d36644d00f6a5725ff2e05381d12ba1fdd37075cd56a6b7e13e51d671aaa3aacf6f0cbf7f0f90e75e22369e426c2a530ab0abb6162582d6b3ec4adeb354e53102030100

                EAP-Message = 0x01a350304e301d0603551d0e041604146cb125f0ea10521b328b7ae014a2680c058ca7bc301f0603551d230418301680146cb125f0ea10521b328b7ae014a2680c058ca7bc300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010084c2453f7ee7c9659c6278e51bdcda9489b9df1721271447e78c69ea94edf9a1c90a83fd14af61ced01dfe7a931363afcd4bf2ad4c563bd5200454356c3973f8233f6ebc5a8e8fec1cdfc7a46b317ec65a5b105c644b81d435480a8386267d9975db81f918a400fe1fea57f82219834c44288970bf3b5ff40ce9089dc99e432d706e765e204fab9cbc7a6dfa88c793788441371df26d

                EAP-Message = 0x1966ce6ceb1e56b79c80e9ab

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x7c7cc4a17d7edd7defb2c24478e29151

Finished request 1.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=52, length=164

                NAS-IP-Address = 10.1.1.22

                NAS-Port = 50001

                Cisco-NAS-Port = "FastEthernet0/1"

                NAS-Port-Type = Ethernet

                User-Name = "sm18818"

                Called-Station-Id = "00-16-47-F7-32-41"

                Calling-Station-Id = "00-24-54-42-86-04"

                Service-Type = Framed-User

                Framed-MTU = 1500

                State = 0x7c7cc4a17d7edd7defb2c24478e29151

                EAP-Message = 0x020200061900

                Message-Authenticator = 0x7e4e96be86285da30bea39583ab60700

server packetfence {

# Executing section authorize from file /etc/raddb/sites-enabled/packetfence

+- entering group authorize {...}

[suffix] No '@' in User-Name = "sm18818", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[preprocess] returns ok

[eap] EAP packet type response id 2 length 6

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/packetfence

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake fragment handler

[peap] eaptls_verify returned 1

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] returns handled

} # server packetfence

Sending Access-Challenge of id 52 to 10.1.1.22 port 1812

                EAP-Message = 0x0103006d1900ae27f7c48f8dcf1d47327fc08f9f1a9a004fd376c1a4c491331b2e554c6458a40bebde6444da9b525372d9c44920937aa26393222d460bc64bd1d007021531016d5d96796972e15d25eced794837a6d77d98a5d1b7b3c128d3c895de9e9e16030100040e000000

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x7c7cc4a17e7fdd7defb2c24478e29151

Finished request 2.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=53, length=496

                NAS-IP-Address = 10.1.1.22

                NAS-Port = 50001

                Cisco-NAS-Port = "FastEthernet0/1"

                NAS-Port-Type = Ethernet

                User-Name = "sm18818"

                Called-Station-Id = "00-16-47-F7-32-41"

                Calling-Station-Id = "00-24-54-42-86-04"

                Service-Type = Framed-User

                Framed-MTU = 1500

                State = 0x7c7cc4a17e7fdd7defb2c24478e29151

                EAP-Message = 0x0203015019800000014616030101061000010201004c7788a8a2f60c69bf9dd1c9a0a777de1a7b45ffc7efaded554f9ae7daa57bed28006e3af36fb6e48e325bba393c7ed30f62ee242f8bca8584f3982bf43879642f227025425044a0061a487781d4243d9b731719172f21056fba514a7ffe85becb7d4870d2d7b00940113a9a4a47bdbc087223f615f6643f9fee1c07f4c7b8ce849b605cf2d6e945295161f02014a91b90c95ae5419079252793bf3e1578e9d4a9891a73554201221bccfcbbecf2b658344db323b32aed8c7a74057abc15d8aa5edb9c3dd6cfd20de84639ebaa5bb1e78bfbf02d19cd2ca596e0a72bf4612f9a58c681473dbee4f5

                EAP-Message = 0xd6d80708035534d6f9a4a296d5f67a220426e485c4796430140301000101160301003086ff2b333a990ad6876caba4e9b6f806f8a437681f6db738596d4c80963e7941f7016f3bf845cd94fb15f5f5c5fe452f

                Message-Authenticator = 0x21930395cd5e71160ca4bf8c1125df8e

server packetfence {

# Executing section authorize from file /etc/raddb/sites-enabled/packetfence

+- entering group authorize {...}

[suffix] No '@' in User-Name = "sm18818", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[preprocess] returns ok

[eap] EAP packet type response id 3 length 253

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/packetfence

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

  TLS Length 326

[peap] Length Included

[peap] eaptls_verify returned 11

[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange 

[peap]     TLS_accept: SSLv3 read client key exchange A

[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] 

[peap] <<< TLS 1.0 Handshake [length 0010], Finished 

[peap]     TLS_accept: SSLv3 read finished A

[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] 

[peap]     TLS_accept: SSLv3 write change cipher spec A

[peap] >>> TLS 1.0 Handshake [length 0010], Finished 

[peap]     TLS_accept: SSLv3 write finished A

[peap]     TLS_accept: SSLv3 flush data

[peap]     (other): SSL negotiation finished successfully

SSL Connection Established

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] returns handled

} # server packetfence

Sending Access-Challenge of id 53 to 10.1.1.22 port 1812

                EAP-Message = 0x01040041190014030100010116030100301a7416c5a68d27374ed4739350a51eae93d8baede52b057347c665cabff9410f7dab4d72795b54891b15e6ed2dd0d780

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x7c7cc4a17f78dd7defb2c24478e29151

Finished request 3.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=54, length=164

                NAS-IP-Address = 10.1.1.22

                NAS-Port = 50001

                Cisco-NAS-Port = "FastEthernet0/1"

                NAS-Port-Type = Ethernet

                User-Name = "sm18818"

                Called-Station-Id = "00-16-47-F7-32-41"

                Calling-Station-Id = "00-24-54-42-86-04"

                Service-Type = Framed-User

                Framed-MTU = 1500

                State = 0x7c7cc4a17f78dd7defb2c24478e29151

                EAP-Message = 0x020400061900

                Message-Authenticator = 0x7f354427c0059d1a5fc0a89e7fac88f1

server packetfence {

# Executing section authorize from file /etc/raddb/sites-enabled/packetfence

+- entering group authorize {...}

[suffix] No '@' in User-Name = "sm18818", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[preprocess] returns ok

[eap] EAP packet type response id 4 length 6

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/packetfence

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake is finished

[peap] eaptls_verify returned 3

[peap] eaptls_process returned 3

[peap] EAPTLS_SUCCESS

[peap] Session established.  Decoding tunneled attributes.

[peap] Peap state TUNNEL ESTABLISHED

++[eap] returns handled

} # server packetfence

Sending Access-Challenge of id 54 to 10.1.1.22 port 1812

                EAP-Message = 0x0105002b190017030100207698c92d6973a15e192ae19cecef7a29e6ccd5f32f64f713e4f5497216d6f371

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x7c7cc4a17879dd7defb2c24478e29151

Finished request 4.

Going to the next request

Waking up in 4.8 seconds.

rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=55, length=201

                NAS-IP-Address = 10.1.1.22

                NAS-Port = 50001

                Cisco-NAS-Port = "FastEthernet0/1"

                NAS-Port-Type = Ethernet

                User-Name = "sm18818"

                Called-Station-Id = "00-16-47-F7-32-41"

                Calling-Station-Id = "00-24-54-42-86-04"

                Service-Type = Framed-User

                Framed-MTU = 1500

                State = 0x7c7cc4a17879dd7defb2c24478e29151

                EAP-Message = 0x0205002b1900170301002095f189b1ea8c30d31387e9a79add21fc2b07b4e7e86205b38772a041b99a6b00

                Message-Authenticator = 0x3fa49fa72ae68063e5edc7c76c1a23c5

server packetfence {

# Executing section authorize from file /etc/raddb/sites-enabled/packetfence

+- entering group authorize {...}

[suffix] No '@' in User-Name = "sm18818", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[preprocess] returns ok

[eap] EAP packet type response id 5 length 43

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/packetfence

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established.  Decoding tunneled attributes.

[peap] Peap state WAITING FOR INNER IDENTITY

[peap] Identity - sm18818

[peap] Got inner identity 'sm18818'

[peap] Setting default EAP type for tunneled EAP session.

[peap] Got tunneled request

                EAP-Message = 0x0205000c01736d3138383138

server packetfence {

[peap] Setting User-Name to sm18818

Sending tunneled request

                EAP-Message = 0x0205000c01736d3138383138

                FreeRADIUS-Proxied-To = 127.0.0.1

                User-Name = "sm18818"

                NAS-IP-Address = 10.1.1.22

                NAS-Port = 50001

                Cisco-NAS-Port = "FastEthernet0/1"

                NAS-Port-Type = Ethernet

                Called-Station-Id = "00-16-47-F7-32-41"

                Calling-Station-Id = "00-24-54-42-86-04"

                Service-Type = Framed-User

                Framed-MTU = 1500

server packetfence-tunnel {

# Executing section authorize from file /etc/raddb/sites-enabled/packetfence-tunnel

+- entering group authorize {...}

[suffix] No '@' in User-Name = "sm18818", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 5 length 12

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type mschapv2

rlm_eap_mschapv2: Issuing Challenge

++[eap] returns handled

} # server packetfence-tunnel

[peap] Got tunneled reply code 11

                EAP-Message = 0x010600211a0106001c10b6f046e50b7952e6e797acb2dcd7b773736d3138383138

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x9920660299267c474e5f7c2e3011a1e5

[peap] Got tunneled reply RADIUS code 11

                EAP-Message = 0x010600211a0106001c10b6f046e50b7952e6e797acb2dcd7b773736d3138383138

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x9920660299267c474e5f7c2e3011a1e5

[peap] Got tunneled Access-Challenge

++[eap] returns handled

} # server packetfence

Sending Access-Challenge of id 55 to 10.1.1.22 port 1812

                EAP-Message = 0x0106004b190017030100404ae4ff24a485244baabe8642914ae553c53877050c4ac566f444c764f938c4bbb924e13de5c7f90c50d5d89d5e0322b2f7e54eec93a9b6ef170863282b669f90

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x7c7cc4a1797add7defb2c24478e29151

Finished request 5.

Going to the next request

Waking up in 4.8 seconds.

rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=56, length=265

                NAS-IP-Address = 10.1.1.22

                NAS-Port = 50001

                Cisco-NAS-Port = "FastEthernet0/1"

                NAS-Port-Type = Ethernet

                User-Name = "sm18818"

                Called-Station-Id = "00-16-47-F7-32-41"

                Calling-Station-Id = "00-24-54-42-86-04"

                Service-Type = Framed-User

                Framed-MTU = 1500

                State = 0x7c7cc4a1797add7defb2c24478e29151

                EAP-Message = 0x0206006b1900170301006024a871b68d472e9b2fb927c48ee8eec1927e26d0c995f1d33b245e2aaedf10d0850fe337c1fbeca10935879e64a3ca65c75159b07b567d9bca49128ad5d4abe9c7069dcb9c32575274cd9e383e7c4b93dd49018d352297f3253b5831d997b660

                Message-Authenticator = 0x19cf5c1dc655bdbc50918cb01e71cfd0

server packetfence {

# Executing section authorize from file /etc/raddb/sites-enabled/packetfence

+- entering group authorize {...}

[suffix] No '@' in User-Name = "sm18818", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[preprocess] returns ok

[eap] EAP packet type response id 6 length 107

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/packetfence

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established.  Decoding tunneled attributes.

[peap] Peap state phase2

[peap] EAP type mschapv2

[peap] Got tunneled request

                EAP-Message = 0x020600421a0206003d31b49f7150ff84c15725200ff871377c240000000000000000b1ce20b6cca5c3e86e219ec24aef13ee2e4c12825e87e18a00736d3138383138

server packetfence {

[peap] Setting User-Name to sm18818

Sending tunneled request

                EAP-Message = 0x020600421a0206003d31b49f7150ff84c15725200ff871377c240000000000000000b1ce20b6cca5c3e86e219ec24aef13ee2e4c12825e87e18a00736d3138383138

                FreeRADIUS-Proxied-To = 127.0.0.1

                User-Name = "sm18818"

                State = 0x9920660299267c474e5f7c2e3011a1e5

                NAS-IP-Address = 10.1.1.22

                NAS-Port = 50001

                Cisco-NAS-Port = "FastEthernet0/1"

                NAS-Port-Type = Ethernet

                Called-Station-Id = "00-16-47-F7-32-41"

                Calling-Station-Id = "00-24-54-42-86-04"

                Service-Type = Framed-User

                Framed-MTU = 1500

server packetfence-tunnel {

# Executing section authorize from file /etc/raddb/sites-enabled/packetfence-tunnel

+- entering group authorize {...}

[suffix] No '@' in User-Name = "sm18818", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 6 length 66

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/mschapv2

[eap] processing type mschapv2

[mschapv2] # Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel

[mschapv2] +- entering group MS-CHAP {...}

[mschap] No Cleartext-Password configured.  Cannot create LM-Password.

[mschap] No Cleartext-Password configured.  Cannot create NT-Password.

[mschap] Creating challenge hash with username: sm18818

[mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password

[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.

[mschap] FAILED: MS-CHAP2-Response is incorrect

++[mschap] returns reject

[eap] Freeing handler

++[eap] returns reject

Failed to authenticate the user.

Login incorrect: [sm18818] (from client 10.1.1.22 port 50001 cli 00-24-54-42-86-04 via TLS tunnel)

} # server packetfence-tunnel

[peap] Got tunneled reply code 3

                MS-CHAP-Error = "\006E=691 R=1"

                EAP-Message = 0x04060004

                Message-Authenticator = 0x00000000000000000000000000000000

[peap] Got tunneled reply RADIUS code 3

                MS-CHAP-Error = "\006E=691 R=1"

                EAP-Message = 0x04060004

                Message-Authenticator = 0x00000000000000000000000000000000

[peap] Tunneled authentication was rejected.

[peap] FAILURE

++[eap] returns handled

} # server packetfence

Sending Access-Challenge of id 56 to 10.1.1.22 port 1812

                EAP-Message = 0x0107002b1900170301002083d13929a4b17d457d0978cbdf96feaf9b3d0291f181a38ab1d60377f0333d2a

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x7c7cc4a17a7bdd7defb2c24478e29151

Finished request 6.

Going to the next request

 

Cheers,

Andi



>From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.