Hello Steven,
var/conf/iptables.conf is a file generated from the template
conf/iptables.conf
If you want to restart iptables service you need to do the following
(pfcmd service iptables restart) and not use the iptables service from
the system.
Regards
Fabrice
Le 2018-06-15 à 10:03, Steven Pfister via PacketFence-users a écrit :
I just had something strange happen with iptables. I wanted to try a
change in var/conf/iptables.conf, but "service iptables restart"
wasn't available. So I did a "yum install iptables-services". Was that
a mistake? The change I made to iptables.conf didn't work, so I
changed it back. Now, with iptables started, I can't get to the web
interface until I stop iptables.
On Fri, Jun 15, 2018 at 9:45 AM, Fabrice Durand via PacketFence-users
<[email protected]
<mailto:[email protected]>> wrote:
Ok so if the "ip netns exec dpsad ping 10.99.20.32" then you
should be able to join the server to the domain.
Also take care to set the domain and the dns name in upper case.
Le 2018-06-15 à 09:25, Steven Pfister via PacketFence-users a écrit :
We had an extra nic in this server, but it's causing a lot of
problems, so we've just removed it altogether for now. The" ip
netns exec dpsad ping" command worked just fine.
[root@PacketFence-ZEN ~]# ip route get 10.99.20.32
10.99.20.32 dev eth0 src 10.99.19.240
cache
[root@PacketFence-ZEN ~]# ip route
default via 10.99.20.1 dev eth0
10.99.16.0/21 <http://10.99.16.0/21> dev eth0 proto kernel
scope link src 10.99.19.240
169.254.0.0/30 <http://169.254.0.0/30> dev dpsad-b proto kernel
scope link src 169.254.0.2
169.254.0.0/16 <http://169.254.0.0/16> dev eth0 scope link
metric 1002
169.254.0.0/16 <http://169.254.0.0/16> dev eth1 scope link
metric 1003
169.254.0.0/16 <http://169.254.0.0/16> dev eth2 scope link
metric 1004
169.254.0.0/16 <http://169.254.0.0/16> dev eth0.2 scope link
metric 1005
169.254.0.0/16 <http://169.254.0.0/16> dev eth0.3 scope link
metric 1006
192.168.220.0/24 <http://192.168.220.0/24> dev eth1 proto
kernel scope link src 192.168.220.10
192.168.221.0/24 <http://192.168.221.0/24> dev eth2 proto
kernel scope link src 192.168.221.10
On Fri, Jun 15, 2018 at 9:13 AM, Fabrice Durand via
PacketFence-users <[email protected]
<mailto:[email protected]>> wrote:
It looks that you have 2 ip on the interface eth0 and
packetfence use the first one to nat the chroot traffic
(10.99.19.240/21 <http://10.99.19.240/21>)
You will probably need to remove the second one
(10.99.21.1/21 <http://10.99.21.1/21>)
Can you try the following (replace 10.0.0.1 by the AD ip
address):
ip netns exec dpsad ping 10.0.0.1
and let me know if it works.
Also can you do (and paste me the result):
ip route get 10.0.0.1
ip route
Regards
Fabrice
Le 2018-06-15 à 09:03, Steven Pfister via PacketFence-users a
écrit :
By the way, the server was rebooted last night after I left
and the routing issues seem to have stopped. It still isn't
able to join the domain though. We need to join the server
to the domain in order to authentication against it, is that
correct?
On Thu, Jun 14, 2018 at 7:25 PM, Durand fabrice via
PacketFence-users <[email protected]
<mailto:[email protected]>> wrote:
Hello Steven,
169.254.0.0 is a virtual interface to be able to link a
virtual network namespace used by the chroot where
winbind is running.
Can you post the result of:
ip a
and the content of /usr/local/pf/var/conf/iptables.conf
Regards
Fabrice
Le 2018-06-14 à 17:39, Steven Pfister via
PacketFence-users a écrit :
We are in the middle of trying to join our AD server in
order to authenticate against it. After adding our
domain, it's not able to join it. It's added a virtual
interface and some routing for the 169.254.0.0 network.
I'm not sure what the routing table is supposed to look
like. I'm having trouble pinging addresses outside our
network. Pinging addresses in the same subnet as the
server is working. Has anyone seen this issue?
Thanks!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the
world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Steve Pfister
Technology Services
Dayton Public Schools
115 S Ludlow St
Dayton OH 45402„1812
937„542„3149 office
937„542„3154 ( tel:9375423154 ) fax
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Steve Pfister
Technology Services
Dayton Public Schools
115 S Ludlow St
Dayton OH 45402„1812
937„542„3149 office
937„542„3154 ( tel:9375423154 ) fax
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Steve Pfister
Technology Services
Dayton Public Schools
115 S Ludlow St
Dayton OH 45402„1812
937„542„3149 office
937„542„3154 ( tel:9375423154 ) fax
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
