So any Idea on what could be the problem? I did some more testing, after fixing permissions (mail history shows this) . still had the same problem , then I saw this on the web gui:
https://i.imgur.com/0en7bZm.png So then I tried to manually join the domain: #chroot /chroots/NOMBRE/ # net -v ads join -s /etc/samba/NOMBRE.conf -U pfence (this takes some time) Enter pfence's password: Using short domain name -- NOMBRE Joined 'HOSTNAME' to dns domain 'XXXXX.XXXXXXX.com.XX' And now the webgui just hangs when I atry to acceess active directory section This is the winbind log: STATUS=daemon 'winbindd' finished starting up and ready to serve connections [2018/10/05 11:14:02.409923, 0] ../source3/lib/util_tdb.c:493(tdb_chainlock_with_timeout_internal) tdb_chainlock_with_timeout_internal: alarm (40) timed out for key w2k12-pdc-2.ose-ad.winose.com.uy in tdb /var/cache/samba/mutex.tdb [2018/10/05 11:14:02.410074, 0] ../source3/winbindd/winbindd_cm.c:918(cm_prepare_connection) cm_prepare_connection: mutex grab failed for w2k12-pdc-2.ose-ad.winose.com.uy [2018/10/05 11:14:43.568416, 0] ../source3/lib/util_tdb.c:493(tdb_chainlock_with_timeout_internal) tdb_chainlock_with_timeout_internal: alarm (40) timed out for key w2k12-pdc-2.ose-ad.winose.com.uy in tdb /var/cache/samba/mutex.tdb [2018/10/05 11:14:43.568646, 0] ../source3/winbindd/winbindd_cm.c:918(cm_prepare_connection) cm_prepare_connection: mutex grab failed for w2k12-pdc-2.ose-ad.winose.com.uy [2018/10/05 11:15:24.401170, 0] ../source3/lib/util_tdb.c:493(tdb_chainlock_with_timeout_internal) tdb_chainlock_with_timeout_internal: alarm (40) timed out for key w2k12-pdc-2.ose-ad.winose.com.uy in tdb /var/cache/samba/mutex.tdb [2018/10/05 11:15:24.401378, 0] ../source3/winbindd/winbindd_cm.c:918(cm_prepare_connection) cm_prepare_connection: mutex grab failed for w2k12-pdc-2.ose-ad.winose.com.u On Thu, Oct 4, 2018 at 2:12 PM Juan Upboat <[email protected]> wrote: > Thanks, > > I tried all solutions and have the same problem. > > # testparm /etc/samba/NAMEDOMAIN.conf > Load smb config files from /etc/samba/NAMEDOMAIN.conf > WARNING: The "idmap uid" option is deprecated > WARNING: The "idmap gid" option is deprecated > Loaded services file OK. > WARNING: lock directory /var/cache/samba should have permissions 0755 for > browsing to work > > WARNING: state directory /var/lib/samba should have permissions 0755 for > browsing to work > > WARNING: cache directory /var/cache/samba should have permissions 0755 for > browsing to work > > WARNING: The setting 'security=ads' should NOT be combined with the > 'password server' parameter. > (by default Samba will discover the correct DC to contact automatically). > > Server role: ROLE_DOMAIN_MEMBER > > > # chmod -R 0755 /var/cache/samba/ > # chmod -R 0755 /var/lib/samba/ > > /# testparm /etc/samba/NAMEDOMAIN.conf > Load smb config files from /etc/samba/NAMEDOMAIN.conf > WARNING: The "idmap uid" option is deprecated > WARNING: The "idmap gid" option is deprecated > Loaded services file OK. > WARNING: The setting 'security=ads' should NOT be combined with the > 'password server' parameter. > (by default Samba will discover the correct DC to contact automatically). > > Server role: ROLE_DOMAIN_MEMBER > > Press enter to see a dump of your service definitions > > > The log.winbindd complained about /var/cache/samba/msg/ not being 0700 and > changed that too. > > > # testparm /etc/samba/NAMEDOMAIN.conf > Load smb config files from /etc/samba/NAMEDOMAIN.conf > WARNING: The "idmap uid" option is deprecated > WARNING: The "idmap gid" option is deprecated > Loaded services file OK. > WARNING: The setting 'security=ads' should NOT be combined with the > 'password server' parameter. > (by default Samba will discover the correct DC to contact automatically). > > Server role: ROLE_DOMAIN_MEMBER > > Press enter to see a dump of your service definitions > > # Global parameters > > Then: > > # /usr/local/pf/bin/pfcmd fixpermissions > Fixed permissions. > # /usr/local/pf/bin/pfcmd configreload hard > keys on reference is experimental at > /usr/local/pf/lib/pfconfig/namespaces/config/Stats.pm line 41. > # /usr/local/pf/bin/pfcmd generatedomainconfig > # /usr/local/pf/bin/pfcmd service winbindd restart > Service Status PID > packetfence-winbindd.service stopped 0 > Checking configuration sanity... > packetfence-winbindd.service started 11252 > # > > > And same problem winbind log > > > > More info : > > (inside the chroot) > > # net ads lookup -S 10.1.1.1 > Information for Domain Controller: 10.1.1.1 > > Response Type: LOGON_SAM_LOGON_RESPONSE_EX > GUID: 71e5951c-2e95-4502-98e0-XXXXXXXXXXXXX > Flags: > Is a PDC: yes > Is a GC of the forest: yes > Is an LDAP server: yes > Supports DS: yes > Is running a KDC: yes > Is running time services: yes > Is the closest DC: yes > Is writable: yes > Has a hardware clock: yes > Is a non-domain NC serviced by LDAP server: no > Is NT6 DC that has some secrets: no > Is NT6 DC that has all secrets: yes > Forest: XXXX.XXXXX.com.XX > Domain: XXXX.XXXXX.com.XX > Domain Controller: w2k12-pdc.XXXX.XXXXX.com.XX > Pre-Win2k Domain: XXXXX > Pre-Win2k Hostname: W2K12-PDC > Server Site Name : Default-First-Site-Name > Client Site Name : Default-First-Site-Name > NT Version: 5 > LMNT Token: ffff > LM20 Token: ffff > > # net ads info -S 10.1.1.1 > LDAP server: 10.1.1.1 > LDAP server name: w2k12-pdc.XXXX.XXXXX.com.XX > Realm: XXXX.XXXXX.com > Bind Path: dc=XXXX,dc=XXXXX,dc=COM,dc=XX > LDAP port: 389 > Server time: Thu, 04 Oct 2018 14:09:32 -03 > KDC server: 10.1.1.1 > Server time offset: 0 > > # net ads info -s /etc/samba/NAMEDOMAIN.conf > LDAP server: 10.1.1.1 > LDAP server name: w2k12-pdc.XXXX.XXXXX.com.XX > Realm: XXXX.XXXXX.COM.XX > Bind Path: dc=XXXX,dc=XXXXX,dc=COM,dc=XX > LDAP port: 389 > Server time: Thu, 04 Oct 2018 14:11:04 -03 > KDC server: 10.1.1.1 > Server time offset: 0 > > > > > > > > > > > > > > > > > > On Thu, Oct 4, 2018 at 1:09 PM Nicolas Quiniou-Briand via > PacketFence-users <[email protected]> wrote: > >> Hello, >> >> See my previous posts on this mailing list to help debugging: >> >> >> https://www.mail-archive.com/packetfence-users%40lists.sourceforge.net/msg15761.html >> -- >> Nicolas Quiniou-Briand >> [email protected] :: +1.514.447.4918 *140 :: https://inverse.ca >> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence >> (https://packetfence.org) and Fingerbank (http://fingerbank.org) >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
