Hello Damien, How many DC do you have ?
If you happen to remove an old DC in the past and never cleaned the DNS entry for that one it might create issue like this where when PF wants to contact a DC it has been given a non responsive DC and thus PF can’t join. Show me the conf/domain.conf Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Jul 22, 2021, at 10:37 AM, Damien Delay via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Good Afternoon, > > I’m currently in the process of trying to setup PacketFence in a lab > environment before deploying a setup to production. > > We have installed CentOS 7.9.2009 with PacketFence version 10.3.0 without any > issues and our LAB DC (DC1) is running windows server 2019 with DNS and DHCP > roles installed. > > However we are now attempting to join PacketFence to our LAB.LOCAL domain, > but are experiencing the below Error message when attempting a join: > > kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for > ldap/dc1.lab.local with user[USER.NAME] realm[LAB.LOCAL]: No logon servers > are currently available to service the logon request. kinit succeeded but > ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dc1.lab.local with > user[PACKETFENCE$] realm[LAB.LOCAL]: No logon servers are currently available > to service the logon request. DNS update failed: NT_STATUS_INVALID_PARAMETER > Using short domain name -- LAB Joined 'PACKETFENCE' to dns domain 'LAB.LOCAL' > No DNS domain configured for packetfence. Unable to perform DNS Update. > > I can see that the Server gets a Kerberos ticket from the server and even > creates a computer account, but the rest of the process just will not > complete. I have even attempted to run ‘net ads info’ which returns > information: > > LDAP Server: 192.168.1.3 > LDAP Server Name: DC1.LAB.LOCAL > Realm: LAB.LOCAL > Bind Path: dc=LAB,dc=LOCAL > LDAP Port: 389 > Server Time: Thu, 22 Jul 2021 15:28:40 BST > KDC Server: 192.168.1.3 > Server time offset: -24 > Last machine account password change: Thu, 01 Jan 1970 01:00:00 BST > > I’ve checked timezones on both DC and the PacketFence server to which is all > matches and the servers can communicate via ping. > > Can anyone advise how I can further troubleshoot this issue? > > Thanks in Advance > Damien. > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!EeIfANd9Gb8Yxs4VEWh-Iaz6PX0EHlHWicQb3_UZYHyO8Jyz4gSTDrls8uzUZ4Wm$ > > <https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!EeIfANd9Gb8Yxs4VEWh-Iaz6PX0EHlHWicQb3_UZYHyO8Jyz4gSTDrls8uzUZ4Wm$>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
