Hi Fabrice,
See below:
[root@pfence sysctl.d]# ip netns exec MYDOMAIN ping 172.16.7.10
PING 172.16.7.10 (172.16.7.10) 56(84) bytes of data.
--- 172.16.7.10 ping statistics ---
22 packets transmitted, 0 received, 100% packet loss, time 21107ms
[root@pfence sysctl.d]# ip netns exec MYDOMAIN nslookup www.google.de
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached
[root@pfence sysctl.d]#
Regards,
Kehinde
On Wed, Aug 23, 2017 at 6:45 PM, Fabrice Durand via PacketFence-users <
[email protected]> wrote:
>
> Let's try that:
>
> ip netns exec MYDOMAIN ping 172.16.7.10
>
> ip netns exec MYDOMAIN nslookup www.google.de
>
> What is the result ?
>
> Le 2017-08-23 à 10:55, Akala Kehinde a écrit :
>
> Hello Fabrice,
>
> Was thinkig, could it be a problem with the winbindd itself.
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 3:02 PM, Akala Kehinde <[email protected]>
> wrote:
>
>> Hallo Fabrice,
>>
>> [root@pfence sysctl.d]# cat 99-ip_forward.conf
>> # ip forwarding enabled by packetfence
>> net.ipv4.ip_forward = 1
>>
>> Checked timing already on both servers, it"s d same.
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via PacketFence-users <
>> [email protected]> wrote:
>>
>>> Hello Akala,
>>>
>>> does ip_forward is enable ?
>>>
>>> does the time of the packetfence server is the same as the AD server ?
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>> Le 2017-08-23 à 02:38, Akala Kehinde a écrit :
>>>
>>> Hello Fabrice,
>>>
>>> Kindly see below:
>>>
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
>>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> Error looking up domain users
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
>>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> Error looking up domain groups
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
>>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> checking the trust secret for domain (null) via RPC calls failed
>>> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> Could not check secret
>>> [root@pfence pf]#
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
>>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> checking the NETLOGON for domain[] dc connection to "" failed
>>> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
>>> Ping to winbindd failed
>>> could not ping winbindd!
>>> [root@pfence pf]#
>>>
>>>
>>> Tested with TESTMAWOH.DE but still cannot join..
>>> It's driving me nuts:)
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via PacketFence-users <
>>> [email protected]> wrote:
>>>
>>>> Hello Akala,
>>>>
>>>> what happen if you do that:
>>>>
>>>> chroot /chroots/MYDOMAIN
>>>>
>>>> wbinfo -u
>>>>
>>>> wbinfo -g
>>>>
>>>> if there is no usernames or groups displayed then try :
>>>>
>>>> dns_name=TESTMAWOH.DE
>>>> and rejoin
>>>>
>>>> Regards
>>>> Fabrice
>>>>
>>>>
>>>> Le 2017-08-22 à 22:21, Akala Kehinde via PacketFence-users a écrit :
>>>>
>>>>
>>>> Hello guys,
>>>>
>>>> I get this error when trying to join PF to an Active Directory Server:
>>>>
>>>> [root@pfence pf]# tail -f /chroots/MYDOMAIN/var/log/samb
>>>> aMYDOMAIN/log.winbindd
>>>> [2017/08/23 02:20:34.196193, 0] ../source3/winbindd/winbindd_u
>>>> til.c:869(init_domain_list)
>>>> Could not fetch our SID - did we join?
>>>> [2017/08/23 02:20:34.196275, 0] ../source3/winbindd/winbindd.c
>>>> :1408(winbindd_register_handlers)
>>>> unable to initialize domain list
>>>> [2017/08/23 02:20:34.324267, 0] ../source3/winbindd/winbindd_c
>>>> ache.c:3245(initialize_winbindd_cache)
>>>> initialize_winbindd_cache: clearing cache and re-creating with
>>>> version number 2
>>>> [2017/08/23 02:20:34.333731, 0] ../source3/winbindd/winbindd_u
>>>> til.c:869(init_domain_list)
>>>> Could not fetch our SID - did we join?
>>>>
>>>> [root@pfence pf]#
>>>>
>>>> Below is my domain.conf file:
>>>>
>>>> [MYDOMAIN]
>>>> ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(u
>>>> serAccountControl:1.2.840.113556.1.4.803:=2))))
>>>> ntlm_cache=disabled
>>>> registration=0
>>>> ntlm_cache_expiry=3600
>>>> dns_name=egelsbach.testmawoh.de
>>>> dns_servers=172.16.7.10
>>>> ou=Computers
>>>> ntlm_cache_on_connection=disabled
>>>> workgroup=TESTMAWOH
>>>> ntlm_cache_batch_one_at_a_time=disabled
>>>> sticky_dc=*
>>>> ad_server=winserver.egelsbach.testmawoh.de
>>>> ntlm_cache_batch=disabled
>>>> server_name=pfence
>>>> bind_pass=
>>>> bind_dn=
>>>>
>>>> [root@pfence pf]# ps -efd | grep winbindd
>>>> root 20052 1 7 04:15 ? 00:00:14 winbindd-wrapper
>>>> root 21912 20052 1 04:18 ? 00:00:00 sudo chroot
>>>> /chroots/MYDOMAIN /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf -l
>>>> /var/log/sambaMYDOMAIN --foreground
>>>> root 21913 21912 0 04:18 ? 00:00:00 /usr/sbin/winbindd -s
>>>> /etc/samba/MYDOMAIN.conf -l /var/log/sambaMYDOMAIN --foreground
>>>> root 21915 4173 0 04:18 ttyS0 00:00:00 grep --color=auto
>>>> winbindd
>>>>
>>>> [root@pfence pf]# /usr/local/pf/bin/pfcmd service winbindd status
>>>> service|shouldBeStarted|pid
>>>> winbindd|1|20052
>>>> [root@pfence pf]#
>>>>
>>>> There is reachability between PF, the AD and DNS servers and all can
>>>> resolve DNS queries.
>>>>
>>>> I have tried everything but just refuses to bind..Whatelse could be
>>>> wrong pls?
>>>>
>>>>
>>>> Regards,
>>>> Kehinde
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> PacketFence-users mailing
>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------
>>>> ------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>
>>> --
>>> Fabrice [email protected] :: +1.514.447.4918 <%28514%29%20447-4918>
>>> (x135) :: www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>> (http://packetfence.org)
>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 <(514)%20447-4918>
> (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
