Hi All, We want to achieve guest self-registration feature via sponsor email. I defined one authentication source type to AD with action "Mark as sponsor" . However, when I use guest signup and put the sponsor email in then it says "Email XX is not allowed to sponsor guest access", which I'm sure the email address should can sponsor the guest access. One side note is I used to be successfully join my PF box intoActive Directory domain. However, I un-joined it one time and ever since then, I have no luck to join the AD domain again. The error says: Enter packetfence$@X.X.COM's password:Join to domain is not valid: NT code 0xfffffff6. Would you please help so I can have the guest sponsor feature working? Please see some of the logs/ configuration below:
[root@packetfence PFdomain]# chroot /chroots/PFdomain wbinfo -u could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! Error looking up domain users [root@packetfence PFdomain]# wbinfo -t could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! checking the trust secret for domain (null) via RPC calls failed failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE Could not check secret Domain.conf: [Test] ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2)))) registration=0 ntlm_cache_expiry=3600 dns_name=x.x.com dns_servers=172.16.100.X ou=Computers ntlm_cache_on_connection=disabled workgroup=abc0 ntlm_cache_batch_one_at_a_time=disabled sticky_dc=* ad_server=172.16.100.X ntlm_cache_batch=disabled server_name=%h ~ Related info in Authentication.conf: [Admin_Sponsor] cache_match=0 read_timeout=10 realms= basedn=DC=x,DC=x,DC=com monitor=1 password=password shuffle=0 searchattributes= scope=sub email_attribute=mail usernameattribute=sAMAccountName connection_timeout=5 binddn=CN=wirelessauth,OU=System Function Account,OU=Special Account,DC=X,DC=X,DC=com encryption=none description=Group for sponsorship for guests port=389 host=172.16.100.X write_timeout=5 type=AD [Admin_Sponsor rule Sponsorship] action0=mark_as_sponsor=1 condition0=memberOf,equals,CN=WirelessSponsorGlobal,OU=Special Security Group,OU=Special Account,DC=X,DC=X,DC=com match=all class=administration description=Global Tech, US_Cooperate and SDU manager [Sponsor_RSP] create_local_account=no validate_sponsor=yes password_length=8 allow_localdomain=yes lang=en_US local_account_logins=0 description=Sponsor-based registration email_activation_timeout=30m hash_passwords=plaintext type=SponsorEmail [Sponsor_RSP rule Sponsor] action0=set_role=guest match=all class=authentication action1=set_access_duration=5D Please let me know if you need any other information. Thank you very much for your help, Helen This email (including any attachments) contains confidential information intended for a specific individual and purpose. If you have received this email in error please notify the sender immediately and delete this e-mail. If you are not the intended recipient any disclosing, distributing, copying, or taking any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
