Ok so your issue is related to the route of the system.
do:
ip route
and:
ip route get 172.16.7.10
restart iptables
Le 2017-08-23 à 15:44, Akala Kehinde a écrit :
> Hi Fabrice,
>
> See below:
>
> [root@pfence sysctl.d]# ip netns exec MYDOMAIN ping 172.16.7.10
> PING 172.16.7.10 (172.16.7.10) 56(84) bytes of data.
>
> --- 172.16.7.10 ping statistics ---
> 22 packets transmitted, 0 received, 100% packet loss, time 21107ms
>
> [root@pfence sysctl.d]# ip netns exec MYDOMAIN nslookup www.google.de
> <http://www.google.de>
> ;; connection timed out; trying next origin
> ;; connection timed out; no servers could be reached
>
> [root@pfence sysctl.d]#
>
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 6:45 PM, Fabrice Durand via PacketFence-users
> <packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>> wrote:
>
>
> Let's try that:
>
> ip netns exec MYDOMAIN ping 172.16.7.10
>
> ip netns exec MYDOMAIN nslookup www.google.de <http://www.google.de>
>
> What is the result ?
>
>
> Le 2017-08-23 à 10:55, Akala Kehinde a écrit :
>> Hello Fabrice,
>>
>> Was thinkig, could it be a problem with the winbindd itself.
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 3:02 PM, Akala Kehinde
>> <kehindeak...@gmail.com <mailto:kehindeak...@gmail.com>> wrote:
>>
>> Hallo Fabrice,
>>
>> [root@pfence sysctl.d]# cat 99-ip_forward.conf
>> # ip forwarding enabled by packetfence
>> net.ipv4.ip_forward = 1
>>
>> Checked timing already on both servers, it"s d same.
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via
>> PacketFence-users <packetfence-users@lists.sourceforge.net
>> <mailto:packetfence-users@lists.sourceforge.net>> wrote:
>>
>> Hello Akala,
>>
>> does ip_forward is enable ?
>>
>> does the time of the packetfence server is the same as
>> the AD server ?
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2017-08-23 à 02:38, Akala Kehinde a écrit :
>>> Hello Fabrice,
>>>
>>> Kindly see below:
>>>
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
>>> could not obtain winbind interface details:
>>> WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> Error looking up domain users
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
>>> could not obtain winbind interface details:
>>> WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> Error looking up domain groups
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
>>> could not obtain winbind interface details:
>>> WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> checking the trust secret for domain (null) via RPC
>>> calls failed
>>> failed to call wbcCheckTrustCredentials:
>>> WBC_ERR_WINBIND_NOT_AVAILABLE
>>> Could not check secret
>>> [root@pfence pf]#
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
>>> could not obtain winbind interface details:
>>> WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> checking the NETLOGON for domain[] dc connection to ""
>>> failed
>>> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
>>> Ping to winbindd failed
>>> could not ping winbindd!
>>> [root@pfence pf]#
>>>
>>>
>>> Tested with TESTMAWOH.DE <http://TESTMAWOH.DE> but still
>>> cannot join..
>>> It's driving me nuts:)
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via
>>> PacketFence-users
>>> <packetfence-users@lists.sourceforge.net
>>> <mailto:packetfence-users@lists.sourceforge.net>> wrote:
>>>
>>> Hello Akala,
>>>
>>> what happen if you do that:
>>>
>>> chroot /chroots/MYDOMAIN
>>>
>>> wbinfo -u
>>>
>>> wbinfo -g
>>>
>>> if there is no usernames or groups displayed then try :
>>>
>>> dns_name=TESTMAWOH.DE <http://TESTMAWOH.DE>
>>>
>>> and rejoin
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le 2017-08-22 à 22:21, Akala Kehinde via
>>> PacketFence-users a écrit :
>>>>
>>>> Hello guys,
>>>>
>>>> I get this error when trying to join PF to an
>>>> Active Directory Server:
>>>>
>>>> [root@pfence pf]# tail -f
>>>> /chroots/MYDOMAIN/var/log/sambaMYDOMAIN/log.winbindd
>>>> [2017/08/23 02:20:34.196193, 0]
>>>> ../source3/winbindd/winbindd_util.c:869(init_domain_list)
>>>> Could not fetch our SID - did we join?
>>>> [2017/08/23 02:20:34.196275, 0]
>>>>
>>>> ../source3/winbindd/winbindd.c:1408(winbindd_register_handlers)
>>>> unable to initialize domain list
>>>> [2017/08/23 02:20:34.324267, 0]
>>>>
>>>> ../source3/winbindd/winbindd_cache.c:3245(initialize_winbindd_cache)
>>>> initialize_winbindd_cache: clearing cache and
>>>> re-creating with version number 2
>>>> [2017/08/23 02:20:34.333731, 0]
>>>> ../source3/winbindd/winbindd_util.c:869(init_domain_list)
>>>> Could not fetch our SID - did we join?
>>>>
>>>> [root@pfence pf]#
>>>>
>>>> Below is my domain.conf file:
>>>>
>>>> [MYDOMAIN]
>>>>
>>>> ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2))))
>>>> ntlm_cache=disabled
>>>> registration=0
>>>> ntlm_cache_expiry=3600
>>>> dns_name=egelsbach.testmawoh.de
>>>> <http://egelsbach.testmawoh.de>
>>>> dns_servers=172.16.7.10
>>>> ou=Computers
>>>> ntlm_cache_on_connection=disabled
>>>> workgroup=TESTMAWOH
>>>> ntlm_cache_batch_one_at_a_time=disabled
>>>> sticky_dc=*
>>>> ad_server=winserver.egelsbach.testmawoh.de
>>>> <http://winserver.egelsbach.testmawoh.de>
>>>> ntlm_cache_batch=disabled
>>>> server_name=pfence
>>>> bind_pass=
>>>> bind_dn=
>>>>
>>>> [root@pfence pf]# ps -efd | grep winbindd
>>>> root 20052 1 7 04:15 ? 00:00:14
>>>> winbindd-wrapper
>>>> root 21912 20052 1 04:18 ? 00:00:00
>>>> sudo chroot /chroots/MYDOMAIN /usr/sbin/winbindd -s
>>>> /etc/samba/MYDOMAIN.conf -l /var/log/sambaMYDOMAIN
>>>> --foreground
>>>> root 21913 21912 0 04:18 ? 00:00:00
>>>> /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf -l
>>>> /var/log/sambaMYDOMAIN --foreground
>>>> root 21915 4173 0 04:18 ttyS0 00:00:00
>>>> grep --color=auto winbindd
>>>>
>>>> [root@pfence pf]# /usr/local/pf/bin/pfcmd service
>>>> winbindd status
>>>> service|shouldBeStarted|pid
>>>> winbindd|1|20052
>>>> [root@pfence pf]#
>>>>
>>>> There is reachability between PF, the AD and DNS
>>>> servers and all can resolve DNS queries.
>>>>
>>>> I have tried everything but just refuses to
>>>> bind..Whatelse could be wrong pls?
>>>>
>>>>
>>>> Regards,
>>>> Kehinde
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world's
>>>> most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>
>>>>
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> PacketFence-users@lists.sourceforge.net
>>>> <mailto:PacketFence-users@lists.sourceforge.net>
>>>>
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the
>>> world's most
>>> engaging tech sites, Slashdot.org!
>>> http://sdm.link/slashdot
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> <mailto:PacketFence-users@lists.sourceforge.net>
>>>
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>>
>>>
>>
>> --
>> Fabrice Durand
>> fdur...@inverse.ca <mailto:fdur...@inverse.ca> ::
>> +1.514.447.4918 <tel:%28514%29%20447-4918> (x135) :: www.inverse.ca
>> <http://www.inverse.ca>
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
>> PacketFence (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the
>> world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> <mailto:PacketFence-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>
>>
>>
>
> --
> Fabrice Durand
> fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918
> <tel:%28514%29%20447-4918> (x135) :: www.inverse.ca <http://www.inverse.ca>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> <mailto:PacketFence-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
>
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users