Re: [PacketFence-users] Trying to join AD.... routing is having major issue

[Steven Pfister via PacketFence-users]

We had an extra nic in this server, but it's causing a lot of problems, so
we've just removed it altogether for now. The" ip netns exec dpsad ping"
command worked just fine.

[root@PacketFence-ZEN ~]# ip route get 10.99.20.32
10.99.20.32 dev eth0  src 10.99.19.240
    cache

[root@PacketFence-ZEN ~]# ip route
default via 10.99.20.1 dev eth0
10.99.16.0/21 dev eth0  proto kernel  scope link  src 10.99.19.240
169.254.0.0/30 dev dpsad-b  proto kernel  scope link  src 169.254.0.2
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth1  scope link  metric 1003
169.254.0.0/16 dev eth2  scope link  metric 1004
169.254.0.0/16 dev eth0.2  scope link  metric 1005
169.254.0.0/16 dev eth0.3  scope link  metric 1006
192.168.220.0/24 dev eth1  proto kernel  scope link  src 192.168.220.10
192.168.221.0/24 dev eth2  proto kernel  scope link  src 192.168.221.10


On Fri, Jun 15, 2018 at 9:13 AM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> It looks that you have 2 ip on the interface eth0 and packetfence use the
> first one to nat the chroot traffic (10.99.19.240/21)
>
> You will probably need to remove the second one (10.99.21.1/21)
>
> Can you try the following (replace 10.0.0.1 by the AD ip address):
>
> ip netns exec dpsad ping 10.0.0.1
>
> and let me know if it works.
>
> Also can you do (and paste me the result):
>
> ip route get 10.0.0.1
>
> ip route
>
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-06-15 à 09:03, Steven Pfister via PacketFence-users a écrit :
>
> By the way, the server was rebooted last night after I left and the
> routing issues seem to have stopped. It still isn't able to join the domain
> though. We need to join the server to the domain in order to authentication
> against it, is that correct?
>
> On Thu, Jun 14, 2018 at 7:25 PM, Durand fabrice via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Steven,
>>
>> 169.254.0.0 is a virtual interface to be able to link a virtual network
>> namespace used by the chroot where winbind is running.
>>
>> Can you post the result of:
>>
>> ip a
>>
>> and the content of /usr/local/pf/var/conf/iptables.conf
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2018-06-14 à 17:39, Steven Pfister via PacketFence-users a écrit :
>>
>> We are in the middle of trying to join our AD server in order to
>> authenticate against it. After adding our domain, it's not able to join it.
>> It's added a virtual interface and some routing for the 169.254.0.0
>> network. I'm not sure what the routing table is supposed to look like. I'm
>> having trouble pinging addresses outside our network. Pinging addresses in
>> the same subnet as the server is working. Has anyone seen this issue?
>>
>> Thanks!
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing 
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> --
> Steve Pfister
> Technology Services
> Dayton Public Schools
> 115 S Ludlow St
> Dayton OH 45402„1812
> 937„542„3149 office
> 937„542„3154 ( tel:9375423154 ) fax
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice durandfdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>


-- 
Steve Pfister
Technology Services
Dayton Public Schools
115 S Ludlow St
Dayton OH 45402„1812
937„542„3149 office
937„542„3154 ( tel:9375423154 ) fax

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users