Hi all ,Ecxuse me to disturb again but I have a problem when I want to authenticate a radius local user on a NAC solution which is Packetfence.I have installed a windows certificate on the client and on my server. But I got this specific error : (8) Login incorrect (eap: Failed continuing EAP PEAP (25) session. EAP sub-module failed): [Administrateur] (from client 192.168.1.5 port 50003 cli 00:40:d0:67:d0:b1) Is someone know how to solve this? This my radius debug output Regards Amidou 8) eap_peap: This means you need to read the PREVIOUS messages in the debug output (8) eap_peap: to find out the reason why the user was rejected (8) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you (8) eap_peap: what went wrong, and how to fix the problem (8) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed (8) eap: Sending EAP Failure (code 4) ID 10 length 4 (8) eap: Failed in EAP select (8) [eap] = invalid (8) } # authenticate = invalid (8) Failed to authenticate the user (8) Login incorrect (eap: Failed continuing EAP PEAP (25) session. EAP sub-module failed): [Administrateur] (from client 192.168.1.5 port 50003 cli 00:40:d0:67:d0:b1) (8) Using Post-Auth-Type Reject (8) # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence (8) Post-Auth-Type REJECT { (8) if (! EAP-Type || (EAP-Type != TTLS && EAP-Type != PEAP) ) { (8) if (! EAP-Type || (EAP-Type != TTLS && EAP-Type != PEAP) ) -> FALSE (8) attr_filter.access_reject: EXPAND %{User-Name} (8) attr_filter.access_reject: --> Administrateur (8) attr_filter.access_reject: Matched entry DEFAULT at line 11 (8) [attr_filter.access_reject] = updated (8) attr_filter.packetfence_post_auth: EXPAND %{User-Name} (8) attr_filter.packetfence_post_auth: --> Administrateur (8) attr_filter.packetfence_post_auth: Matched entry DEFAULT at line 10 (8) [attr_filter.packetfence_post_auth] = updated (8) [eap] = noop (8) policy remove_reply_message_if_eap { (8) if (&reply:EAP-Message && &reply:Reply-Message) { (8) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (8) else { (8) [noop] = noop (8) } # else = noop (8) } # policy remove_reply_message_if_eap = noop (8) linelog: EXPAND messages.%{%{reply:Packet-Type}:-default} (8) linelog: --> messages.Access-Reject (8) linelog: EXPAND %t : [mac:%{Calling-Station-Id}] Rejected user: %{User-Name} (8) linelog: --> Sat May 7 17:23:12 2016 : [mac:00:40:d0:67:d0:b1] Rejected user: Administrateur (8) linelog: EXPAND /usr/local/pf/logs/radius.log (8) linelog: --> /usr/local/pf/logs/radius.log (8) [linelog] = ok (8) } # Post-Auth-Type REJECT = updated (8) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (8) Sending delayed response (8) Sent Access-Reject Id 54 from 192.168.10.1:1812 to 192.168.1.5:1645 length 44 (8) EAP-Message = 0x040a0004 (8) Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.7 seconds. (0) Cleaning up request packet ID 46 with timestamp +3 (1) Cleaning up request packet ID 47 with timestamp +3 (2) Cleaning up request packet ID 48 with timestamp +3 (3) Cleaning up request packet ID 49 with timestamp +3 (4) Cleaning up request packet ID 50 with timestamp +4 (5) Cleaning up request packet ID 51 with timestamp +4 (6) Cleaning up request packet ID 52 with timestamp +4 Waking up in 0.1 seconds. (7) Cleaning up request packet ID 53 with timestamp +4 (8) Cleaning up request packet ID 54 with timestamp +4 Ready to process requests Envoyé depuis Yahoo Mail pour Android