Hello all: Im posting this to the list for posterity.
My issue was a little weird. I had disabled iptables on the server (I have an external FW inline with the server, dont panic) and this was what was causing the domain join to fail. The new domain joining process makes use of chroot jails and iptables to manipulate the traffic, it does this in ways that seem like black magic to me but in time I'm sure I will understand it. Suffice it to say however, the domain joining process in the GUI will NOT work without iptables being managed by PF. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________ From: Fletcher Haynes [[email protected]] Sent: Thursday, August 20, 2015 11:50 AM To: [email protected] Subject: Re: [PacketFence-users] Error in GUI domain config Hrm, just out of curiosity, does your DNS have the appropriate records for AD? Also, have you checked the event log on the domain controllers? In the past, I've also used wireshark on the DCs to debug connectivity issues. Those are my primary ways of checking to see if the server is even trying to join AD. On Thu, Aug 20, 2015 at 9:34 AM, Sallee, Jake <[email protected]<mailto:[email protected]>> wrote: So, a configreload hard and blanking out my domain.conf file seemed to help. I can get to the domain GUI now ... so I've got that going for me ... which is nice. I still cant get the server to join the AD though. here is the log: [2015/08/20 11:25:21, 0] winbindd/winbindd.c:1382(main) winbindd version 3.6.23-14.el6_6 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2015/08/20 11:25:21.669918, 0] winbindd/winbindd_cache.c:3203(initialize_winbindd_cache) initialize_winbindd_cache: clearing cache and re-creating with version number 2 [2015/08/20 11:25:21.672218, 0] winbindd/winbindd_util.c:630(init_domain_list) Could not fetch our SID - did we join? [2015/08/20 11:25:21.672305, 0] winbindd/winbindd.c:1142(winbindd_register_handlers) unable to initialize domain list Not too helpful AFAICT. when I do a net ads info I get: ads_connect: No logon servers ads_connect: No logon servers Didn't find the ldap server! But I have made sure the servers are active, running, and accessible by my PF server. Ideas? Deep theological insights? Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU<http://WWW.UMHB.EDU> 900 College St. Belton, Texas 76513 Fone: 254-295-4658<tel:254-295-4658> Phax: 254-295-4221<tel:254-295-4221> ________________________________________ From: Sallee, Jake [[email protected]<mailto:[email protected]>] Sent: Thursday, August 20, 2015 10:50 AM To: [email protected]<mailto:[email protected]> Subject: [PacketFence-users] Error in GUI domain config Hello all! Im trying to join my server to my AD domain, however it gave me an error about not finding my info over rpc. However now when I go to the domain config section of the admin GUI i get the red "An error occurred" dialogue. Can someone please post a working (and sanitized) copy of their domain.conf so I can get this back up and running, my students are getting antsy : ) Also, I have already restarted the PF services to see if I could get back to the GUI domains config, but no luck. Any ideas on how I can get that part of the admin interface working again are welcome. Another weird thing is that I noticed winbindd no longer shows up in the list of restart-able services in the web admin GUI, no idea if that is related. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU<http://WWW.UMHB.EDU> 900 College St. Belton, Texas 76513 Fone: 254-295-4658<tel:254-295-4658> Phax: 254-295-4221<tel:254-295-4221> ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fletcher Haynes <[email protected]<mailto:[email protected]>> Systems Administrator/Network Services Consultant Willamette Integrated Technology Services Willamette University, Salem, OR Phone: 503.370.6016<tel:503.370.6016> ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
