Hi Fabrice, Pls see attached..
Regards, Kehinde On Thu, Aug 24, 2017 at 1:33 AM, Durand fabrice <[email protected]> wrote: > no it's perfect, MYDOMAIN-b is the link to the namespace. > > So the issue is probably iptables, can you paste the content of > var/conf/iptables.conf ? > > > > Le 2017-08-23 à 17:20, Akala Kehinde a écrit : > > It appears MYDOMAIN-b binds on the wrong interface? > > Regards, > Kehinde > > On Wed, Aug 23, 2017 at 11:17 PM, Akala Kehinde <[email protected]> > wrote: > >> Hi Fabrice, >> >> See below: >> >> [root@pfence sysctl.d]# ip route >> default via 172.16.7.1 dev eth1 >> 169.254.0.0/30 dev MYDOMAIN-b proto kernel scope link src 169.254.0.2 >> 169.254.0.0/16 dev eth0 scope link metric 1002 >> 169.254.0.0/16 dev eth1 scope link metric 1003 >> 169.254.0.0/16 dev eth0.100 scope link metric 1004 >> 169.254.0.0/16 dev eth0.101 scope link metric 1005 >> 169.254.0.0/16 dev eth0.4 scope link metric 1006 >> 169.254.0.0/16 dev eth0.5 scope link metric 1007 >> 169.254.0.0/16 dev eth0.6 scope link metric 1008 >> 169.254.0.0/16 dev eth0.98 scope link metric 1009 >> 169.254.0.0/16 dev eth0.99 scope link metric 1010 >> 172.16.4.0/24 dev eth0.4 proto kernel scope link src 172.16.4.2 >> 172.16.7.0/24 dev eth1 proto kernel scope link src 172.16.7.13 >> 172.16.98.0/24 dev eth0.98 proto kernel scope link src 172.16.98.1 >> 172.16.99.0/24 dev eth0.99 proto kernel scope link src 172.16.99.1 >> 172.16.100.0/24 dev eth0.100 proto kernel scope link src 172.16.100.10 >> 172.16.101.0/24 dev eth0.101 proto kernel scope link src 172.16.101.1 >> [root@pfence sysctl.d]# >> >> [root@pfence sysctl.d]# ip route get 172.16.7.10 >> 172.16.7.10 dev eth1 src 172.16.7.13 >> cache >> [root@pfence sysctl.d]# >> >> >> >> Regards, >> Kehinde >> >> On Wed, Aug 23, 2017 at 9:47 PM, Fabrice Durand <[email protected]> >> wrote: >> >>> Ok so your issue is related to the route of the system. >>> >>> do: >>> >>> ip route >>> >>> and: >>> >>> ip route get 172.16.7.10 >>> >>> restart iptables >>> >>> >>> >>> Le 2017-08-23 à 15:44, Akala Kehinde a écrit : >>> >>> Hi Fabrice, >>> >>> See below: >>> >>> [root@pfence sysctl.d]# ip netns exec MYDOMAIN ping 172.16.7.10 >>> PING 172.16.7.10 (172.16.7.10) 56(84) bytes of data. >>> >>> --- 172.16.7.10 ping statistics --- >>> 22 packets transmitted, 0 received, 100% packet loss, time 21107ms >>> >>> [root@pfence sysctl.d]# ip netns exec MYDOMAIN nslookup www.google.de >>> ;; connection timed out; trying next origin >>> ;; connection timed out; no servers could be reached >>> >>> [root@pfence sysctl.d]# >>> >>> >>> Regards, >>> Kehinde >>> >>> On Wed, Aug 23, 2017 at 6:45 PM, Fabrice Durand via PacketFence-users < >>> [email protected]> wrote: >>> >>>> >>>> Let's try that: >>>> >>>> ip netns exec MYDOMAIN ping 172.16.7.10 >>>> >>>> ip netns exec MYDOMAIN nslookup www.google.de >>>> >>>> What is the result ? >>>> >>>> Le 2017-08-23 à 10:55, Akala Kehinde a écrit : >>>> >>>> Hello Fabrice, >>>> >>>> Was thinkig, could it be a problem with the winbindd itself. >>>> >>>> Regards, >>>> Kehinde >>>> >>>> On Wed, Aug 23, 2017 at 3:02 PM, Akala Kehinde <[email protected]> >>>> wrote: >>>> >>>>> Hallo Fabrice, >>>>> >>>>> [root@pfence sysctl.d]# cat 99-ip_forward.conf >>>>> # ip forwarding enabled by packetfence >>>>> net.ipv4.ip_forward = 1 >>>>> >>>>> Checked timing already on both servers, it"s d same. >>>>> >>>>> Regards, >>>>> Kehinde >>>>> >>>>> On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via PacketFence-users >>>>> <[email protected]> wrote: >>>>> >>>>>> Hello Akala, >>>>>> >>>>>> does ip_forward is enable ? >>>>>> >>>>>> does the time of the packetfence server is the same as the AD server ? >>>>>> >>>>>> Regards >>>>>> >>>>>> Fabrice >>>>>> >>>>>> >>>>>> >>>>>> Le 2017-08-23 à 02:38, Akala Kehinde a écrit : >>>>>> >>>>>> Hello Fabrice, >>>>>> >>>>>> Kindly see below: >>>>>> >>>>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u >>>>>> could not obtain winbind interface details: >>>>>> WBC_ERR_WINBIND_NOT_AVAILABLE >>>>>> could not obtain winbind domain name! >>>>>> Error looking up domain users >>>>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g >>>>>> could not obtain winbind interface details: >>>>>> WBC_ERR_WINBIND_NOT_AVAILABLE >>>>>> could not obtain winbind domain name! >>>>>> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE >>>>>> Error looking up domain groups >>>>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t >>>>>> could not obtain winbind interface details: >>>>>> WBC_ERR_WINBIND_NOT_AVAILABLE >>>>>> could not obtain winbind domain name! >>>>>> checking the trust secret for domain (null) via RPC calls failed >>>>>> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE >>>>>> Could not check secret >>>>>> [root@pfence pf]# >>>>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P >>>>>> could not obtain winbind interface details: >>>>>> WBC_ERR_WINBIND_NOT_AVAILABLE >>>>>> could not obtain winbind domain name! >>>>>> checking the NETLOGON for domain[] dc connection to "" failed >>>>>> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE >>>>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p >>>>>> Ping to winbindd failed >>>>>> could not ping winbindd! >>>>>> [root@pfence pf]# >>>>>> >>>>>> >>>>>> Tested with TESTMAWOH.DE but still cannot join.. >>>>>> It's driving me nuts:) >>>>>> >>>>>> Regards, >>>>>> Kehinde >>>>>> >>>>>> On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via PacketFence-users >>>>>> <[email protected]> wrote: >>>>>> >>>>>>> Hello Akala, >>>>>>> >>>>>>> what happen if you do that: >>>>>>> >>>>>>> chroot /chroots/MYDOMAIN >>>>>>> >>>>>>> wbinfo -u >>>>>>> >>>>>>> wbinfo -g >>>>>>> >>>>>>> if there is no usernames or groups displayed then try : >>>>>>> >>>>>>> dns_name=TESTMAWOH.DE >>>>>>> and rejoin >>>>>>> >>>>>>> Regards >>>>>>> Fabrice >>>>>>> >>>>>>> >>>>>>> Le 2017-08-22 à 22:21, Akala Kehinde via PacketFence-users a écrit : >>>>>>> >>>>>>> >>>>>>> Hello guys, >>>>>>> >>>>>>> I get this error when trying to join PF to an Active Directory >>>>>>> Server: >>>>>>> >>>>>>> [root@pfence pf]# tail -f /chroots/MYDOMAIN/var/log/samb >>>>>>> aMYDOMAIN/log.winbindd >>>>>>> [2017/08/23 02:20:34.196193, 0] ../source3/winbindd/winbindd_u >>>>>>> til.c:869(init_domain_list) >>>>>>> Could not fetch our SID - did we join? >>>>>>> [2017/08/23 02:20:34.196275, 0] ../source3/winbindd/winbindd.c >>>>>>> :1408(winbindd_register_handlers) >>>>>>> unable to initialize domain list >>>>>>> [2017/08/23 02:20:34.324267, 0] ../source3/winbindd/winbindd_c >>>>>>> ache.c:3245(initialize_winbindd_cache) >>>>>>> initialize_winbindd_cache: clearing cache and re-creating with >>>>>>> version number 2 >>>>>>> [2017/08/23 02:20:34.333731, 0] ../source3/winbindd/winbindd_u >>>>>>> til.c:869(init_domain_list) >>>>>>> Could not fetch our SID - did we join? >>>>>>> >>>>>>> [root@pfence pf]# >>>>>>> >>>>>>> Below is my domain.conf file: >>>>>>> >>>>>>> [MYDOMAIN] >>>>>>> ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(u >>>>>>> serAccountControl:1.2.840.113556.1.4.803:=2)))) >>>>>>> ntlm_cache=disabled >>>>>>> registration=0 >>>>>>> ntlm_cache_expiry=3600 >>>>>>> dns_name=egelsbach.testmawoh.de >>>>>>> dns_servers=172.16.7.10 >>>>>>> ou=Computers >>>>>>> ntlm_cache_on_connection=disabled >>>>>>> workgroup=TESTMAWOH >>>>>>> ntlm_cache_batch_one_at_a_time=disabled >>>>>>> sticky_dc=* >>>>>>> ad_server=winserver.egelsbach.testmawoh.de >>>>>>> ntlm_cache_batch=disabled >>>>>>> server_name=pfence >>>>>>> bind_pass= >>>>>>> bind_dn= >>>>>>> >>>>>>> [root@pfence pf]# ps -efd | grep winbindd >>>>>>> root 20052 1 7 04:15 ? 00:00:14 winbindd-wrapper >>>>>>> root 21912 20052 1 04:18 ? 00:00:00 sudo chroot >>>>>>> /chroots/MYDOMAIN /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf -l >>>>>>> /var/log/sambaMYDOMAIN --foreground >>>>>>> root 21913 21912 0 04:18 ? 00:00:00 /usr/sbin/winbindd >>>>>>> -s /etc/samba/MYDOMAIN.conf -l /var/log/sambaMYDOMAIN --foreground >>>>>>> root 21915 4173 0 04:18 ttyS0 00:00:00 grep --color=auto >>>>>>> winbindd >>>>>>> >>>>>>> [root@pfence pf]# /usr/local/pf/bin/pfcmd service winbindd status >>>>>>> service|shouldBeStarted|pid >>>>>>> winbindd|1|20052 >>>>>>> [root@pfence pf]# >>>>>>> >>>>>>> There is reachability between PF, the AD and DNS servers and all can >>>>>>> resolve DNS queries. >>>>>>> >>>>>>> I have tried everything but just refuses to bind..Whatelse could be >>>>>>> wrong pls? >>>>>>> >>>>>>> >>>>>>> Regards, >>>>>>> Kehinde >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> Check out the vibrant tech community on one of the world's most >>>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing >>>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------ >>>>>>> ------------------ >>>>>>> Check out the vibrant tech community on one of the world's most >>>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> Fabrice [email protected] :: +1.514.447.4918 >>>>>> <%28514%29%20447-4918> (x135) :: www.inverse.ca >>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>>> (http://packetfence.org) >>>>>> >>>>>> >>>>>> ------------------------------------------------------------ >>>>>> ------------------ >>>>>> Check out the vibrant tech community on one of the world's most >>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> >>>>> >>>> >>>> -- >>>> Fabrice [email protected] :: +1.514.447.4918 >>>> <%28514%29%20447-4918> (x135) :: www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> ------------------------------------------------------------ >>>> ------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>> >>> -- >>> Fabrice [email protected] :: +1.514.447.4918 <%28514%29%20447-4918> >>> (x135) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >> > >
iptables.conf
Description: Binary data
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
