PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
Hello, Community! I just installed PacketFence 13.1 from ISO image. I
configured it as per described in manuals and successfully joined MS AD
Domain. AD is assotiated with Default and Null Realms. Also, I set up Cisco
ASA and configured it as NAD to use as VPN Gateway. I faced a strange issue
during authentication with NTLM. It looks like something go wrong in
ntlm_auth, but I cannot find any more information other than RADIUS log:
extrafu
commented
8 months ago
Hello, Community! I just installed PacketFence 13.1 from ISO image. I configured it as per described in manuals and successfully joined MS AD Domain. AD is assotiated with Default and Null Realms. Also, I set up Cisco ASA and configured it as NAD to use as VPN Gateway. I faced a strange issue during authentication with NTLM. It looks like something go wrong in ntlm_auth, but I cannot find any more information other than RADIUS log:
ASA-ClientType = "L2TP\/IPsec-SSL-VPN", ASA-TunnelGroupName = "DefaultRAGroup", Calling-Station-Id = "217.118.64.45", Cisco-AVPair = "audit-session-id=90d190260002000065b33e85", Cisco-AVPair = "ip:source-ip=217.118.64.45", Cisco-AVPair = "coa-push=true", EAP-Message = "0x020200531a0202004e31ab0ae27b817ca34db21fe3cdd83e878d0000000000000000b2f429f7b49e066e8bb6cbabf388aad77e6cc9810bbe04390053414b48414c494e325c496c79612e4b686974726f762d62", EAP-Type = "MSCHAPv2", Event-Timestamp = "Jan 26 2024 16:14:17 +11", Framed-MTU = "1500", Framed-Protocol = "PPP", FreeRADIUS-Client-IP-Address = " 192.168.1.12 ", MS-CHAP-Challenge = "0x4b54af053452db473623d2418cb4e1ac", MS-CHAP-User-Name = "TESTAD\TestUser", MS-CHAP2-Response = "0x0241ab0ae27b817ca34db21fe3cdd83e878d0000000000000000b2f429f7b49e066e8bb6cbabf388aad77e6cc9810bbe0439", Message-Authenticator = "0x0c0409247adf17ffc59e3a37d0675e2a", Module-Failure-Message = "mschap: Program returned code (1) and output ''", Module-Failure-Message = "mschap: External script says: ", Module-Failure-Message = "mschap: MS-CHAP2-Response is incorrect", NAS-IP-Address = "192.168.1.12", NAS-Port = "131072", NAS-Port-Type = "Virtual", PacketFence-KeyBalanced = "c4dc2f9e07316cea9aa1a2e9d9c63cde", PacketFence-Radius-Ip = "172.18.191.70", Realm = "default", Service-Type = "Framed-User", State = "0x68a81ebc69aa04790ad37d0b9c01d70a", Stripped-User-Name = "TestUser", Tunnel-Client-Endpoint = "185.40.1.100", User-Name = "TESTAD\TestUser", User-Password = "**"
RADIUS Reply EAP-Message = "0x04020004", MS-CHAP-Error = " E=691 R=0 C=32efd9f7bea957edecdc0e5f6b2dd8ea V=3 M=Authentication rejected", Message-Authenticator = "0x00000000000000000000000000000000"