Hi, I just checked the settings: The command " ip route get 10.0.1.101" returns: 10.0.1.101 dev ens192 src 10.0.1.2
I checked if ip forwarding is activated by executing sysctl net.ipv4.ip_forward which returned: net.ipv4.ip_forward = 1 so ip forwarding is activated at the moment. Additionally here a quick overview of my network interfaces: Name IP/Mask VLAN (name) Type ens192 10.0.1.2/24 101 management Management ens224.10 10.1.0.2/16 10 executive User none ens224.20 10.2.0.2/16 20 users none ens224.30 10.3.0.2/16 30 guests none ens224.200 10.0.200.2/24 200 registration registration ens224.201 10.0.201.2/24 201 isolation isolation Packetfence is running as a virtual machine on an ESXi host. Ens192 is connected to the virtual switch and sharing the port with esxi. The Hardware port on this virtual switch connected to a tagged port on my switch, so VLAN 101 is native here. Ens224 is also connected to a virtual switch, but does not share the hardware. -----Ursprüngliche Nachricht----- Von: Durand fabrice via PacketFence-users <packetfence-users@lists.sourceforge.net> Gesendet: Sonntag, 5. Januar 2020 22:41 An: packetfence-users@lists.sourceforge.net Cc: Durand fabrice <fdur...@inverse.ca> Betreff: Re: [PacketFence-users] Failed to join domain Hello Christian, can you try to see if the following command return the mgmt interface ? ip route get 10.0.1.101 Also can you check if ip_forwarding is enabled on the packetfence server ? Regards Fabrice Le 20-01-05 à 06 h 05, Christian Hillebrand via PacketFence-users a écrit : > Hi, > > I am new to packetfence and currently trying to setup packetfence to > work as a VLAN enforcement and radius authenticationServer. > I worked through the installation documentation and everything went > fine so far. > However when trying to join my AD domain I am getting the Error: > > Joining <domain> domain failed. Failed to join domain: failed to find > DC for domain <domain> - Undetermined error. > > I first suspected that I am not getting any DNS responses by my AD DNS. > However a quick nslookup successfully returned correct DNS entries. > The entries which I tested are: > _msdcs.<domain> > _ldap._tcp.pdc._msdcs.<domain> > _ldap._tcp.gc._msdcs.<domain> > _ldap._tcp.dc._msdcs.<domain> > _kerberos._tcp.dc._msdcs.<domain> > <domainControllerFQDN> > <dsaGUID>._msdcs.<domain> > > After some research I tried to join the domain manually by executing: > net ads join -U Administrator > However this also returned with an error: > > Host is not configured as a member server. > Invalid configuration. Exiting.... > Failed to join domain: This operation is only allowed for the PDC of > the domain. > > So after researching a bit I checked that my Server is known by my DC, > which is the case. > I also checked that both system have the correct time and installed > and configured ntp on my packetfence machine. > However this did not resolve any of my issues. > Here my current setup: > > Firewall/Router: > pfSense ( just a basic configuration to provide my VLAN's ) > hostname: pfsense > Version: 2.4.4-RELEASE-p3 > IP in Management VLAN: ^ 10.0.1.1 > > NAS with DC: > QNAP ts-432XU > Hostname: nas0 > Firmware: 4.4.1.1146 build 20191206 > IP: 10.0.1.101 (VLAN 101 Management) & > 10.0.0.101 (VLAN 100) > > My Users are in the main Users CN, the Computers are in the main "Computers" > CN, I did not configure any additional OU's > > packetfence: > Debian 4.9.0-11-amd-64 > Hostname: nac0 > IP Management: 10.0.1.2 ( in all my VLAN's pfSense is assigned > to > the second IP ) > IP Registration: 10.0.253.2 > IP Isolation: 10.0.254.2 > ... > > AD Domain settings in packetfence: > Workgroup: <domain> (without tld) > DNS name of this domain: <domain> > This server's name: %h > Active Directory server: nas0.<domain> > DNS server(s): 10.0.1.101 > OU: Computers > Ntlm2 only: false > Allow on registration: false > > So what am I missing? Is packetfence searching for any additional DNS > entries to connect to the DC? > I tried joining the domain with realmd which worked, so I am not sure > where I am doing something wrong... > Thanks! > > Best regards, > Christian > > > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
