I just had something strange happen with iptables. I wanted to try a change
in var/conf/iptables.conf, but "service iptables restart" wasn't available.
So I did a "yum install iptables-services". Was that a mistake? The change
I made to iptables.conf didn't work, so I changed it back. Now, with
iptables started, I can't get to the web interface until I stop iptables.
On Fri, Jun 15, 2018 at 9:45 AM, Fabrice Durand via PacketFence-users <
[email protected]> wrote:
> Ok so if the "ip netns exec dpsad ping 10.99.20.32" then you should be
> able to join the server to the domain.
>
> Also take care to set the domain and the dns name in upper case.
>
>
>
> Le 2018-06-15 à 09:25, Steven Pfister via PacketFence-users a écrit :
>
> We had an extra nic in this server, but it's causing a lot of problems, so
> we've just removed it altogether for now. The" ip netns exec dpsad ping"
> command worked just fine.
>
> [root@PacketFence-ZEN ~]# ip route get 10.99.20.32
> 10.99.20.32 dev eth0 src 10.99.19.240
> cache
>
> [root@PacketFence-ZEN ~]# ip route
> default via 10.99.20.1 dev eth0
> 10.99.16.0/21 dev eth0 proto kernel scope link src 10.99.19.240
> 169.254.0.0/30 dev dpsad-b proto kernel scope link src 169.254.0.2
> 169.254.0.0/16 dev eth0 scope link metric 1002
> 169.254.0.0/16 dev eth1 scope link metric 1003
> 169.254.0.0/16 dev eth2 scope link metric 1004
> 169.254.0.0/16 dev eth0.2 scope link metric 1005
> 169.254.0.0/16 dev eth0.3 scope link metric 1006
> 192.168.220.0/24 dev eth1 proto kernel scope link src 192.168.220.10
> 192.168.221.0/24 dev eth2 proto kernel scope link src 192.168.221.10
>
>
> On Fri, Jun 15, 2018 at 9:13 AM, Fabrice Durand via PacketFence-users <
> [email protected]> wrote:
>
>> It looks that you have 2 ip on the interface eth0 and packetfence use the
>> first one to nat the chroot traffic (10.99.19.240/21)
>>
>> You will probably need to remove the second one (10.99.21.1/21)
>>
>> Can you try the following (replace 10.0.0.1 by the AD ip address):
>>
>> ip netns exec dpsad ping 10.0.0.1
>>
>> and let me know if it works.
>>
>> Also can you do (and paste me the result):
>>
>> ip route get 10.0.0.1
>>
>> ip route
>>
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2018-06-15 à 09:03, Steven Pfister via PacketFence-users a écrit :
>>
>> By the way, the server was rebooted last night after I left and the
>> routing issues seem to have stopped. It still isn't able to join the domain
>> though. We need to join the server to the domain in order to authentication
>> against it, is that correct?
>>
>> On Thu, Jun 14, 2018 at 7:25 PM, Durand fabrice via PacketFence-users <
>> [email protected]> wrote:
>>
>>> Hello Steven,
>>>
>>> 169.254.0.0 is a virtual interface to be able to link a virtual network
>>> namespace used by the chroot where winbind is running.
>>>
>>> Can you post the result of:
>>>
>>> ip a
>>>
>>> and the content of /usr/local/pf/var/conf/iptables.conf
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>> Le 2018-06-14 à 17:39, Steven Pfister via PacketFence-users a écrit :
>>>
>>> We are in the middle of trying to join our AD server in order to
>>> authenticate against it. After adding our domain, it's not able to join it.
>>> It's added a virtual interface and some routing for the 169.254.0.0
>>> network. I'm not sure what the routing table is supposed to look like. I'm
>>> having trouble pinging addresses outside our network. Pinging addresses in
>>> the same subnet as the server is working. Has anyone seen this issue?
>>>
>>> Thanks!
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing
>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> --
>> Steve Pfister
>> Technology Services
>> Dayton Public Schools
>> 115 S Ludlow St
>> Dayton OH 45402„1812
>> 937„542„3149 office
>> 937„542„3154 ( tel:9375423154 ) fax
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> --
> Steve Pfister
> Technology Services
> Dayton Public Schools
> 115 S Ludlow St
> Dayton OH 45402„1812
> 937„542„3149 office
> 937„542„3154 ( tel:9375423154 ) fax
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Steve Pfister
Technology Services
Dayton Public Schools
115 S Ludlow St
Dayton OH 45402„1812
937„542„3149 office
937„542„3154 ( tel:9375423154 ) fax
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
