Hi,
Hope this helps you:
The packetfence samba join process runs from a specific network
namespace. It's config is not your regular packetfence network config.
In our case, we also had a join-issue, because there was no routing
*back* to that network space.
So, on our router, we had to create a static route for 169.254.0.0 /
255.255.255.252, pointing to our packetfence install.
Without that, our router did not know what to do with traffic for
169.254.0.0, so join reply traffic never reached the packetfence instance.
Perhaps this is also your issue?
MJ
On 11-1-2020 1:17, Christian Hillebrand via PacketFence-users wrote:
Hi,
In the Hope to solve my issue I just downloaded and configured the ZEN. I
believed I may have missed something during the installation ore messed
something up while installing.
However I am running into the same issue.
I configured the ZEN to work only with one “physical” network interface and
configured my management interface as a VLAN.
To be honest I don’t really know how to troubleshoot this at this point.
Does anybody have good suggestions?
Regards
Christian
Am 07.01.2020 um 22:26 schrieb Christian Hillebrand via PacketFence-users
<packetfence-users@lists.sourceforge.net>:
Hi,
I just checked the settings:
The command " ip route get 10.0.1.101" returns:
10.0.1.101 dev ens192 src 10.0.1.2
I checked if ip forwarding is activated by executing sysctl net.ipv4.ip_forward
which returned:
net.ipv4.ip_forward = 1
so ip forwarding is activated at the moment.
Additionally here a quick overview of my network interfaces:
Name IP/Mask VLAN (name) Type
ens192 10.0.1.2/24 101 management Management
ens224.10 10.1.0.2/16 10 executive User none
ens224.20 10.2.0.2/16 20 users none
ens224.30 10.3.0.2/16 30 guests none
ens224.200 10.0.200.2/24 200 registration registration
ens224.201 10.0.201.2/24 201 isolation isolation
Packetfence is running as a virtual machine on an ESXi host.
Ens192 is connected to the virtual switch and sharing the port with esxi.
The Hardware port on this virtual switch connected to a tagged port on my
switch, so VLAN 101 is native here.
Ens224 is also connected to a virtual switch, but does not share the hardware.
-----Ursprüngliche Nachricht-----
Von: Durand fabrice via PacketFence-users
<packetfence-users@lists.sourceforge.net>
Gesendet: Sonntag, 5. Januar 2020 22:41
An: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice <fdur...@inverse.ca>
Betreff: Re: [PacketFence-users] Failed to join domain
Hello Christian,
can you try to see if the following command return the mgmt interface ?
ip route get 10.0.1.101
Also can you check if ip_forwarding is enabled on the packetfence server ?
Regards
Fabrice
Le 20-01-05 à 06 h 05, Christian Hillebrand via PacketFence-users a écrit :
Hi,
I am new to packetfence and currently trying to setup packetfence to
work as a VLAN enforcement and radius authenticationServer.
I worked through the installation documentation and everything went
fine so far.
However when trying to join my AD domain I am getting the Error:
Joining <domain> domain failed. Failed to join domain: failed to find
DC for domain <domain> - Undetermined error.
I first suspected that I am not getting any DNS responses by my AD DNS.
However a quick nslookup successfully returned correct DNS entries.
The entries which I tested are:
_msdcs.<domain>
_ldap._tcp.pdc._msdcs.<domain>
_ldap._tcp.gc._msdcs.<domain>
_ldap._tcp.dc._msdcs.<domain>
_kerberos._tcp.dc._msdcs.<domain>
<domainControllerFQDN>
<dsaGUID>._msdcs.<domain>
After some research I tried to join the domain manually by executing:
net ads join -U Administrator
However this also returned with an error:
Host is not configured as a member server.
Invalid configuration. Exiting....
Failed to join domain: This operation is only allowed for the PDC of
the domain.
So after researching a bit I checked that my Server is known by my DC,
which is the case.
I also checked that both system have the correct time and installed
and configured ntp on my packetfence machine.
However this did not resolve any of my issues.
Here my current setup:
Firewall/Router:
pfSense ( just a basic configuration to provide my VLAN's )
hostname: pfsense
Version: 2.4.4-RELEASE-p3
IP in Management VLAN: ^ 10.0.1.1
NAS with DC:
QNAP ts-432XU
Hostname: nas0
Firmware: 4.4.1.1146 build 20191206
IP: 10.0.1.101 (VLAN 101 Management) &
10.0.0.101 (VLAN 100)
My Users are in the main Users CN, the Computers are in the main "Computers"
CN, I did not configure any additional OU's
packetfence:
Debian 4.9.0-11-amd-64
Hostname: nac0
IP Management: 10.0.1.2 ( in all my VLAN's pfSense is assigned to
the second IP )
IP Registration: 10.0.253.2
IP Isolation: 10.0.254.2
...
AD Domain settings in packetfence:
Workgroup: <domain> (without tld)
DNS name of this domain: <domain>
This server's name: %h
Active Directory server: nas0.<domain>
DNS server(s): 10.0.1.101
OU: Computers
Ntlm2 only: false
Allow on registration: false
So what am I missing? Is packetfence searching for any additional DNS
entries to connect to the DC?
I tried joining the domain with realmd which worked, so I am not sure
where I am doing something wrong...
Thanks!
Best regards,
Christian
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
