How to config FR 3.0.x (<->AD <-Windows 10) Computer(machine) authentication MSCHAP?

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

How to config FR 3.0.x (<->AD <-Windows 10) Computer(machine) authentication MSCHAP?

박지연
   Hi.

   how can i config FR <-join->AD Client is Windows 10 mschap [auth type
   mschap, machine authenticaiton]

   my case below error(machine authenticaiton)... (but auth type mschap
   user authentication is fine)

   Thanks.

   --

   ri Oct  9 10:56:30 2020 : Debug: (56) sql: SQL query returned: success
   Fri Oct  9 10:56:30 2020 : Debug: (56) sql: 1 record(s) updated
   Fri Oct  9 10:56:30 2020 : Debug: ppx_sql (sql): Released connection
   (9)
   Fri Oct  9 10:56:30 2020 : Debug: (56)     modsingle[post-auth]:
   returned from sql (rlm_sql)
   Fri Oct  9 10:56:30 2020 : Debug: (56)     [sql] = ok
   Fri Oct  9 10:56:30 2020 : Debug: (56)     modsingle[post-auth]:
   calling attr_filter.access_reject (rlm_attr_filter)
   Fri Oct  9 10:56:30 2020 : Debug: %{User-Name}
   Fri Oct  9 10:56:30 2020 : Debug: Parsed xlat tree:
   Fri Oc! t  9 10:56:30 2020 : Debug: attribute --> User-Name
   Fri Oct  9 10:56:30 2020 : Debug: (56) attr_filter.access_reject:
   EXPAND %{User-Name}
   Fri Oct  9 10:56:30 2020 : Debug: (56) attr_filter.access_reject:
   --> host/park.test.com
   Fri Oct  9 10:56:30 2020 : Debug: (56) attr_filter.access_reject:
   Matched entry DEFAULT at line 1
   Fri Oct  9 10:56:30 2020 : Debug: (56) attr_filter.access_reject:
   EAP-Message = 0x040e0004 allowed by EAP-Message =* 0x
   Fri Oct  9 10:56:30 2020 : Debug: (56) attr_filter.access_reject:
   Attribute "EAP-Message" allowed by 1 rules, disallowed by 0 rules
   Fri Oct  9 10:56:30 2020 : Debug: (56) attr_filter.access_reject:
   Message-Authenticator = 0x00000000000000000000000000000000 allowed by
   Message-Authenticator =* 0x
   Fri Oct  9 10:56:30 2020 : Debug: (56) attr_filter.access_reject:
   Attribute "Message-Authenticator" allowed by 1 rules, disallowed by 0
   rules
   Fri Oct  9 1! 0:56:30 2020 : Debug: (56)     modsingle[post-auth]:
   returned from attr_filter.access_reject (rlm_attr_filter)
   Fri Oct  9 10:56:30 2020 : Debug: (56)     [attr_filter.access_reject]
   = updated
   Fri Oct  9 10:56:30 2020 : Debug: (56)   } # Post-Auth-Type REJECT =
   updated
   Fri Oct  9 10:56:30 2020 : Auth: (56) Login Fail (eap: Failed
   continuing EAP PEAP (25) session.  EAP sub-module failed):
   [host/park.test.com] (from client ALL port 0 cli F4-5C-89-9C-54-49)
   Fri Oct  9 10:56:30 2020 : Debug: (56) Delaying response for 1.000000
   seconds
   Fri Oct  9 10:56:30 2020 : Debug: Waking up in 0.3 seconds.
   Fri Oct  9 10:56:30 2020 : Debug: Waking up in 0.6 seconds.
   Fri Oct  9 10:56:31 2020 : Debug: (56) Sending delayed response
   Fri Oct  9 10:56:31 2020 : Debug: (56) Sent Access-Reject Id 40 from
   192.168.255.22:1812 to 192.168.255.21:45726 length 44
   Fri Oct  9 10:56:31 2020 : Debug: (56)   EAP-Message = 0x040e0004
   Fri Oct&nb! sp; 9 10:56:31 2020 : Debug: (56)   Message-Authenticator =
   0x00000000000000000000000000000000
   Fri Oct  9 10:56:31 2020 : Debug: Waking up in 3.7 seconds.

   --

   [PutAck.jsp?ack_args=c2VudF9maWxlPWZkZEBrb3JlYS5jb20vLlNlbnQvMTYwMjIxMT
   Y1Mjc0NC4zMDIzNS5rb3JlYSZzZW5kX2RhdGU9MjAyMDEwMDkxMTQ3MzImc3ViamVjdD1Ib
   3cgdG8gY29uZmlnIEZSIDMuMC54ICg8LT5BRCA8LVdpbmRvd3MgMTApIENvbXB1dGVyKG1h
   Y2hpbmUpIGF1dGhlbnRpY2F0aW9uIE1TQ0hBUD8=&to_email=freeradius-users@list
   s.freeradius.org_______________________________________________________
   __________________________________________________________]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: How to config FR 3.0.x (<->AD <-Windows 10) Computer(machine) authentication MSCHAP?

Alan DeKok-2
On Oct 8, 2020, at 10:47 PM, 박지연 <[hidden email]> wrote:
>   how can i config FR <-join->AD Client is Windows 10 mschap [auth type
>   mschap, machine authenticaiton]
>
>   my case below error(machine authenticaiton)... (but auth type mschap
>   user authentication is fine)

  The debug output does not contain any useful information.

  Please read http://wiki.freeradius.org/list-help

  And follow the instructions on that page.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html