Hello Akala,
does ip_forward is enable ?
does the time of the packetfence server is the same as the AD server ?
Regards
Fabrice
Le 2017-08-23 à 02:38, Akala Kehinde a écrit :
> Hello Fabrice,
>
> Kindly see below:
>
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> Error looking up domain users
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
> Error looking up domain groups
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the trust secret for domain (null) via RPC calls failed
> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
> Could not check secret
> [root@pfence pf]#
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the NETLOGON for domain[] dc connection to "" failed
> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
> Ping to winbindd failed
> could not ping winbindd!
> [root@pfence pf]#
>
>
> Tested with TESTMAWOH.DE <http://TESTMAWOH.DE> but still cannot join..
> It's driving me nuts:)
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via PacketFence-users
> <packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>> wrote:
>
> Hello Akala,
>
> what happen if you do that:
>
> chroot /chroots/MYDOMAIN
>
> wbinfo -u
>
> wbinfo -g
>
> if there is no usernames or groups displayed then try :
>
> dns_name=TESTMAWOH.DE <http://TESTMAWOH.DE>
>
> and rejoin
>
> Regards
> Fabrice
>
>
> Le 2017-08-22 à 22:21, Akala Kehinde via PacketFence-users a écrit :
>>
>> Hello guys,
>>
>> I get this error when trying to join PF to an Active Directory
>> Server:
>>
>> [root@pfence pf]# tail -f
>> /chroots/MYDOMAIN/var/log/sambaMYDOMAIN/log.winbindd
>> [2017/08/23 02:20:34.196193, 0]
>> ../source3/winbindd/winbindd_util.c:869(init_domain_list)
>> Could not fetch our SID - did we join?
>> [2017/08/23 02:20:34.196275, 0]
>> ../source3/winbindd/winbindd.c:1408(winbindd_register_handlers)
>> unable to initialize domain list
>> [2017/08/23 02:20:34.324267, 0]
>> ../source3/winbindd/winbindd_cache.c:3245(initialize_winbindd_cache)
>> initialize_winbindd_cache: clearing cache and re-creating with
>> version number 2
>> [2017/08/23 02:20:34.333731, 0]
>> ../source3/winbindd/winbindd_util.c:869(init_domain_list)
>> Could not fetch our SID - did we join?
>>
>> [root@pfence pf]#
>>
>> Below is my domain.conf file:
>>
>> [MYDOMAIN]
>>
>> ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2))))
>> ntlm_cache=disabled
>> registration=0
>> ntlm_cache_expiry=3600
>> dns_name=egelsbach.testmawoh.de <http://egelsbach.testmawoh.de>
>> dns_servers=172.16.7.10
>> ou=Computers
>> ntlm_cache_on_connection=disabled
>> workgroup=TESTMAWOH
>> ntlm_cache_batch_one_at_a_time=disabled
>> sticky_dc=*
>> ad_server=winserver.egelsbach.testmawoh.de
>> <http://winserver.egelsbach.testmawoh.de>
>> ntlm_cache_batch=disabled
>> server_name=pfence
>> bind_pass=
>> bind_dn=
>>
>> [root@pfence pf]# ps -efd | grep winbindd
>> root 20052 1 7 04:15 ? 00:00:14 winbindd-wrapper
>> root 21912 20052 1 04:18 ? 00:00:00 sudo chroot
>> /chroots/MYDOMAIN /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf
>> -l /var/log/sambaMYDOMAIN --foreground
>> root 21913 21912 0 04:18 ? 00:00:00
>> /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf -l
>> /var/log/sambaMYDOMAIN --foreground
>> root 21915 4173 0 04:18 ttyS0 00:00:00 grep --color=auto
>> winbindd
>>
>> [root@pfence pf]# /usr/local/pf/bin/pfcmd service winbindd status
>> service|shouldBeStarted|pid
>> winbindd|1|20052
>> [root@pfence pf]#
>>
>> There is reachability between PF, the AD and DNS servers and all
>> can resolve DNS queries.
>>
>> I have tried everything but just refuses to bind..Whatelse could
>> be wrong pls?
>>
>>
>> Regards,
>> Kehinde
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> <mailto:PacketFence-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> <mailto:PacketFence-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
>
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users