When attempting to rejoin the domain I get the error "Failed to join domain: failed to find DC for domain".
Ntlm_auth --username ............. responds with: NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e) However I've since discovered that if I put the IP address of the DC as a nameserver in /etc/resolv.conf the ntlm_auth test is successful. Do I need to have this IP address in there, I would rather use the DNS server that I did have set if possible. Cheers, Andi -----Original Message----- From: Francois Gaudreault [mailto:[email protected]] Sent: 27 January 2012 14:43 To: [email protected] Subject: Re: [Packetfence-users] Radius no longer authenticating users Rejoin the machine to the domain and it should fix it. On 12-01-27 8:54 AM, Morris, Andi wrote: > Hi all, > > Since yesterday my PF server has stopped authenticating users. The > only things that I can think may be related are: > > -A week or so back I added a new DNS server into the PF development > network, and changed all the relevant entries that I could think of in > the PF config. This morning was possibly the first time the PF server > had rebooted since this new DNS server was in place. > > -Yesterday I mounted a windows share on the PF server so that I could > transfer some company logos etc onto the box, I managed to do this > successfully via CIFS. > > To troubleshoot I attempted a radtest dd9999 Abcd1234 localhost 12 > testing123 and a kinit connection and they both failed, with some sort > of unknown server message (sorry I didn't write it down), but this led > me to realise that I hadn't declared the PF server in the new DNS > server, nor the AD server. After adding these entries into DNS I > rebooted the PF server and can now successfully run both tests. > > However I'm still unable to authenticate via radius and am seeing this > in the debug log: > > /# Executing group from file > /etc/raddb/sites-enabled/packetfence-tunnel/ > > /+- entering group authenticate {...}/ > > /[eap] Request found, released from the list/ > > /[eap] EAP/mschapv2/ > > /[eap] processing type mschapv2/ > > /[mschapv2] # Executing group from file > /etc/raddb/sites-enabled/packetfence-tunnel/ > > /[mschapv2] +- entering group MS-CHAP {...}/ > > /[mschap] Creating challenge hash with username: sm18818/ > > /[mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password/ > > /[mschap] expand: %{Stripped-User-Name} ->/ > > /[mschap] ... expanding second conditional/ > > /[mschap] WARNING: Deprecated conditional expansion ":-". See "man > unlang" for details/ > > /[mschap] expand: %{User-Name:-None} -> sm18818/ > > /[mschap] expand: > --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} -> > --username=sm18818/ > > /[mschap] mschap2: 0f/ > > /[mschap] Creating challenge hash with username: sm18818/ > > /[mschap] expand: --challenge=%{mschap:Challenge:-00} -> > --challenge=dfa962c4782b9582/ > > /[mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> > --nt-response=54452218a438818444dd851749894003ab9926896ac14877/ > > /Exec-Program output: No logon servers (0xc000005e)/ > > /Exec-Program-Wait: plaintext: No logon servers (0xc000005e)/ > > /Exec-Program: returned: 1/ > > /[mschap] External script failed./ > > /[mschap] FAILED: MS-CHAP2-Response is incorrect/ > > /++[mschap] returns reject/ > > /[eap] Freeing handler/ > > /++[eap] returns reject/ > > /Failed to authenticate the user./ > > "No logon servers" seems to be a samba related error from what I can > find, but I can't think of where else I will need to look in order to > get this vital service back up and running again. > > Cheers, > > Andi > > ---------------------------------------------------------------------- > -- > > >From 1st November 2011 UWIC changed its title to Cardiff > Metropolitan University. From the 6th December, as part of this > change, all email addresses which included @uwic.ac.uk have changed to > @cardiffmet.ac.uk. > All emails sent from Cardiff Metropolitan University will now be sent > from the new @cardiffmet.ac.uk address. *Please could you ensure that > all of your contact records and databases are updated to reflect this > change.* Further information can be found on the website here. > <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> > > > > ---------------------------------------------------------------------- > -------- Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft > developers is just $99.99! Visual Studio, SharePoint, SQL - plus > HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you > subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > > > > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ________________________________ >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan >University. From the 6th December, as part of this change, all email addresses >which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent >from Cardiff Metropolitan University will now be sent from the new >@cardiffmet.ac.uk address. Please could you ensure that all of your contact >records and databases are updated to reflect this change. Further information >can be found on the website >here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
