You need to have a DNS server that is able to resolve your local domain name properly, otherwise it won't work :S
ie. 4.2.2.2 is not able to resolve domain.local for sure :) On 12-01-27 10:00 AM, Morris, Andi wrote: > When attempting to rejoin the domain I get the error "Failed to join domain: > failed to find DC for domain". > > Ntlm_auth --username ............. responds with: > NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e) > > However I've since discovered that if I put the IP address of the DC as a > nameserver in /etc/resolv.conf the ntlm_auth test is successful. Do I need > to have this IP address in there, I would rather use the DNS server that I > did have set if possible. > > Cheers, > Andi > > > -----Original Message----- > From: Francois Gaudreault [mailto:[email protected]] > Sent: 27 January 2012 14:43 > To: [email protected] > Subject: Re: [Packetfence-users] Radius no longer authenticating users > > Rejoin the machine to the domain and it should fix it. > > On 12-01-27 8:54 AM, Morris, Andi wrote: >> Hi all, >> >> Since yesterday my PF server has stopped authenticating users. The >> only things that I can think may be related are: >> >> -A week or so back I added a new DNS server into the PF development >> network, and changed all the relevant entries that I could think of in >> the PF config. This morning was possibly the first time the PF server >> had rebooted since this new DNS server was in place. >> >> -Yesterday I mounted a windows share on the PF server so that I could >> transfer some company logos etc onto the box, I managed to do this >> successfully via CIFS. >> >> To troubleshoot I attempted a radtest dd9999 Abcd1234 localhost 12 >> testing123 and a kinit connection and they both failed, with some sort >> of unknown server message (sorry I didn't write it down), but this led >> me to realise that I hadn't declared the PF server in the new DNS >> server, nor the AD server. After adding these entries into DNS I >> rebooted the PF server and can now successfully run both tests. >> >> However I'm still unable to authenticate via radius and am seeing this >> in the debug log: >> >> /# Executing group from file >> /etc/raddb/sites-enabled/packetfence-tunnel/ >> >> /+- entering group authenticate {...}/ >> >> /[eap] Request found, released from the list/ >> >> /[eap] EAP/mschapv2/ >> >> /[eap] processing type mschapv2/ >> >> /[mschapv2] # Executing group from file >> /etc/raddb/sites-enabled/packetfence-tunnel/ >> >> /[mschapv2] +- entering group MS-CHAP {...}/ >> >> /[mschap] Creating challenge hash with username: sm18818/ >> >> /[mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password/ >> >> /[mschap] expand: %{Stripped-User-Name} ->/ >> >> /[mschap] ... expanding second conditional/ >> >> /[mschap] WARNING: Deprecated conditional expansion ":-". See "man >> unlang" for details/ >> >> /[mschap] expand: %{User-Name:-None} -> sm18818/ >> >> /[mschap] expand: >> --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} -> >> --username=sm18818/ >> >> /[mschap] mschap2: 0f/ >> >> /[mschap] Creating challenge hash with username: sm18818/ >> >> /[mschap] expand: --challenge=%{mschap:Challenge:-00} -> >> --challenge=dfa962c4782b9582/ >> >> /[mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> >> --nt-response=54452218a438818444dd851749894003ab9926896ac14877/ >> >> /Exec-Program output: No logon servers (0xc000005e)/ >> >> /Exec-Program-Wait: plaintext: No logon servers (0xc000005e)/ >> >> /Exec-Program: returned: 1/ >> >> /[mschap] External script failed./ >> >> /[mschap] FAILED: MS-CHAP2-Response is incorrect/ >> >> /++[mschap] returns reject/ >> >> /[eap] Freeing handler/ >> >> /++[eap] returns reject/ >> >> /Failed to authenticate the user./ >> >> "No logon servers" seems to be a samba related error from what I can >> find, but I can't think of where else I will need to look in order to >> get this vital service back up and running again. >> >> Cheers, >> >> Andi >> >> ---------------------------------------------------------------------- >> -- >> >> > From 1st November 2011 UWIC changed its title to Cardiff >> Metropolitan University. From the 6th December, as part of this >> change, all email addresses which included @uwic.ac.uk have changed to >> @cardiffmet.ac.uk. >> All emails sent from Cardiff Metropolitan University will now be sent >> from the new @cardiffmet.ac.uk address. *Please could you ensure that >> all of your contact records and databases are updated to reflect this >> change.* Further information can be found on the website here. >> <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> >> >> >> >> ---------------------------------------------------------------------- >> -------- Try before you buy = See our experts in action! >> The most comprehensive online learning library for Microsoft >> developers is just $99.99! Visual Studio, SharePoint, SQL - plus >> HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you >> subscribe now! >> http://p.sf.net/sfu/learndevnow-dev2 >> >> >> >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse > inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers is > just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro > Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ________________________________ > >> From 1st November 2011 UWIC changed its title to Cardiff Metropolitan >> University. From the 6th December, as part of this change, all email >> addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All >> emails sent from Cardiff Metropolitan University will now be sent from the >> new @cardiffmet.ac.uk address. Please could you ensure that all of your >> contact records and databases are updated to reflect this change. Further >> information can be found on the website >> here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
