This made no difference unfortunately. I'll just leave it with the AD server as the DNS for the time being as I need to get this up and running asap.
Cheers for your help. -----Original Message----- From: Francois Gaudreault [mailto:[email protected]] Sent: 27 January 2012 15:18 To: [email protected] Subject: Re: [Packetfence-users] Radius no longer authenticating users What about adding an entry in your /etc/hosts file: domain.local 192.168.110.34 That way you will be able to use your external DNS. On 12-01-27 10:15 AM, Morris, Andi wrote: > I understand that, but what I don't understand is why my PF server can > resolve the IP address of the AD server, using the configured DNS server, and > can reverse this so the name can be pulled from the IP address, but even then > samba doesn't seem to want to work as it did before. > > EG. > Resnet DNS server: - 10.1.3.11 > PF server: 10.1.3.10 > AD server: 192.1.68.110.34 (also a DNS server, but I want to configure > PF to use the resnet DNS if possible) > > All names and IP addresses are resolvable from the PF server, however if I > declare 192.168.110.34 in /etc/resolv.conf ntlm_auth works, but if I declare > 10.1.3.11 then it doesn't. > > I appreciate this isn't actually a PF problem, and more a linux/samba/dns > problem, but I was hoping someone on the list may have seen this before. > > Cheers, > Andi > > -----Original Message----- > From: Francois Gaudreault [mailto:[email protected]] > Sent: 27 January 2012 15:06 > To: [email protected] > Subject: Re: [Packetfence-users] Radius no longer authenticating users > > You need to have a DNS server that is able to resolve your local > domain name properly, otherwise it won't work :S > > ie. 4.2.2.2 is not able to resolve domain.local for sure :) > > On 12-01-27 10:00 AM, Morris, Andi wrote: >> When attempting to rejoin the domain I get the error "Failed to join domain: >> failed to find DC for domain". >> >> Ntlm_auth --username ............. responds with: >> NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e) >> >> However I've since discovered that if I put the IP address of the DC as a >> nameserver in /etc/resolv.conf the ntlm_auth test is successful. Do I need >> to have this IP address in there, I would rather use the DNS server that I >> did have set if possible. >> >> Cheers, >> Andi >> >> >> -----Original Message----- >> From: Francois Gaudreault [mailto:[email protected]] >> Sent: 27 January 2012 14:43 >> To: [email protected] >> Subject: Re: [Packetfence-users] Radius no longer authenticating >> users >> >> Rejoin the machine to the domain and it should fix it. >> >> On 12-01-27 8:54 AM, Morris, Andi wrote: >>> Hi all, >>> >>> Since yesterday my PF server has stopped authenticating users. The >>> only things that I can think may be related are: >>> >>> -A week or so back I added a new DNS server into the PF development >>> network, and changed all the relevant entries that I could think of >>> in the PF config. This morning was possibly the first time the PF >>> server had rebooted since this new DNS server was in place. >>> >>> -Yesterday I mounted a windows share on the PF server so that I >>> could transfer some company logos etc onto the box, I managed to do >>> this successfully via CIFS. >>> >>> To troubleshoot I attempted a radtest dd9999 Abcd1234 localhost 12 >>> testing123 and a kinit connection and they both failed, with some >>> sort of unknown server message (sorry I didn't write it down), but >>> this led me to realise that I hadn't declared the PF server in the >>> new DNS server, nor the AD server. After adding these entries into >>> DNS I rebooted the PF server and can now successfully run both tests. >>> >>> However I'm still unable to authenticate via radius and am seeing >>> this in the debug log: >>> >>> /# Executing group from file >>> /etc/raddb/sites-enabled/packetfence-tunnel/ >>> >>> /+- entering group authenticate {...}/ >>> >>> /[eap] Request found, released from the list/ >>> >>> /[eap] EAP/mschapv2/ >>> >>> /[eap] processing type mschapv2/ >>> >>> /[mschapv2] # Executing group from file >>> /etc/raddb/sites-enabled/packetfence-tunnel/ >>> >>> /[mschapv2] +- entering group MS-CHAP {...}/ >>> >>> /[mschap] Creating challenge hash with username: sm18818/ >>> >>> /[mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password/ >>> >>> /[mschap] expand: %{Stripped-User-Name} ->/ >>> >>> /[mschap] ... expanding second conditional/ >>> >>> /[mschap] WARNING: Deprecated conditional expansion ":-". See "man >>> unlang" for details/ >>> >>> /[mschap] expand: %{User-Name:-None} -> sm18818/ >>> >>> /[mschap] expand: >>> --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} -> >>> --username=sm18818/ >>> >>> /[mschap] mschap2: 0f/ >>> >>> /[mschap] Creating challenge hash with username: sm18818/ >>> >>> /[mschap] expand: --challenge=%{mschap:Challenge:-00} -> >>> --challenge=dfa962c4782b9582/ >>> >>> /[mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> >>> --nt-response=54452218a438818444dd851749894003ab9926896ac14877/ >>> >>> /Exec-Program output: No logon servers (0xc000005e)/ >>> >>> /Exec-Program-Wait: plaintext: No logon servers (0xc000005e)/ >>> >>> /Exec-Program: returned: 1/ >>> >>> /[mschap] External script failed./ >>> >>> /[mschap] FAILED: MS-CHAP2-Response is incorrect/ >>> >>> /++[mschap] returns reject/ >>> >>> /[eap] Freeing handler/ >>> >>> /++[eap] returns reject/ >>> >>> /Failed to authenticate the user./ >>> >>> "No logon servers" seems to be a samba related error from what I can >>> find, but I can't think of where else I will need to look in order >>> to get this vital service back up and running again. >>> >>> Cheers, >>> >>> Andi >>> >>> -------------------------------------------------------------------- >>> - >>> - >>> -- >>> >>> > From 1st November 2011 UWIC changed its title to Cardiff >>> Metropolitan University. From the 6th December, as part of this >>> change, all email addresses which included @uwic.ac.uk have changed to >>> @cardiffmet.ac.uk. >>> All emails sent from Cardiff Metropolitan University will now be >>> sent from the new @cardiffmet.ac.uk address. *Please could you >>> ensure that all of your contact records and databases are updated to >>> reflect this >>> change.* Further information can be found on the website here. >>> <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> >>> >>> >>> >>> -------------------------------------------------------------------- >>> - >>> - >>> -------- Try before you buy = See our experts in action! >>> The most comprehensive online learning library for Microsoft >>> developers is just $99.99! Visual Studio, SharePoint, SQL - plus >>> HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you >>> subscribe now! >>> http://p.sf.net/sfu/learndevnow-dev2 >>> >>> >>> >>> _______________________________________________ >>> Packetfence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> -- >> Francois Gaudreault, ing. jr >> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >> (www.packetfence.org) >> >> --------------------------------------------------------------------- >> - >> -------- Try before you buy = See our experts in action! >> The most comprehensive online learning library for Microsoft developers is >> just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro >> Style Apps, more. Free future releases when you subscribe now! >> http://p.sf.net/sfu/learndevnow-dev2 >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> ________________________________ >> >>> From 1st November 2011 UWIC changed its title to Cardiff >>> Metropolitan University. From the 6th December, as part of this >>> change, all email addresses which included @uwic.ac.uk have changed >>> to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan >>> University will now be sent from the new @cardiffmet.ac.uk address. >>> Please could you ensure that all of your contact records and >>> databases are updated to reflect this change. Further information >>> can be found on the website >>> here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.asp >>> x >>>> >> >> --------------------------------------------------------------------- >> - >> -------- Try before you buy = See our experts in action! >> The most comprehensive online learning library for Microsoft >> developers is just $99.99! Visual Studio, SharePoint, SQL - plus >> HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you >> subscribe now! >> http://p.sf.net/sfu/learndevnow-dev2 >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ---------------------------------------------------------------------- > -------- Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers is > just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro > Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ________________________________ > >> From 1st November 2011 UWIC changed its title to Cardiff Metropolitan >> University. From the 6th December, as part of this change, all email >> addresses which included @uwic.ac.uk have changed to >> @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan >> University will now be sent from the new @cardiffmet.ac.uk address. >> Please could you ensure that all of your contact records and >> databases are updated to reflect this change. Further information can >> be found on the website >> here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx >> > > > ---------------------------------------------------------------------- > -------- Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft > developers is just $99.99! Visual Studio, SharePoint, SQL - plus > HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you > subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ________________________________ >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan >University. From the 6th December, as part of this change, all email addresses >which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent >from Cardiff Metropolitan University will now be sent from the new >@cardiffmet.ac.uk address. Please could you ensure that all of your contact >records and databases are updated to reflect this change. Further information >can be found on the website >here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
