Do we have any documentation as far as what groups/permissions these would be and where they could be set?
I am going to dig into the source code for the NTLM setup and see what it attempted to setup after I gave it my domain admin username but if there are any helpful hints I would appreciate it so much. On Fri, Dec 5, 2025 at 2:25 PM Fabrice Durand <[email protected]> wrote: > Hi Mark, > > Thanks for providing the logs. This line confirms the issue originates on > the Active Directory (AD) side: > > {Access Denied} A process has requested access to an object but has not > been granted those access rights. > > This strongly suggests a permissions issue with the computer account > PacketFence is using to join the domain and perform authentication. The > machine account does not have the necessary access rights in AD. > > You should investigate the permissions of the PacketFence machine account > in Active Directory to ensure it has the required access rights for NTLM > authentication. > > Best regards, > > Fabrice > > Le ven. 5 déc. 2025 à 15:15, Mark Amber via PacketFence-users < > [email protected]> a écrit : > >> Hello >> >> I am having difficulty with setting up AD authentication for Radius. I am >> looking for assistance. I believe my issue is on the side of the AD servers >> but I have very little insight into what could be going on or what help >> tools are available to run and test on the host. What I just did was >> recreate this issue: >> >> I am in a *non*-clustered (standalone packetfence) environment, v >> 15.0.0. Installed from the ISO recently. >> >> I am trying to base my work on these sections of the docs >> >> >> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_connecting_packetfence_to_microsoft_active_directory >> >> >> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_microsoft_active_directory_ad >> >> There are issues with these docs - for instance the testing command does >> not exist anymore >> >> spladmin@uspwk1-netops-pf:~$ /usr/local/pf/bin/ntlm_auth_wrapper >> --username=mark >> /usr/local/pf/bin/ntlm_auth_wrapper: unrecognized option '--username=mark' >> Try `ntlm_auth_wrapper --help' or `ntlm_auth_wrapper --usage' for more >> information. >> >> 1. Remove any / old Active Directory Domains items >> 2. Restart ntlm-auth-api and radiusd-auth >> 3. Restart packetfence entirely >> 4. Clear browser cache (there is a bug where the client will prevent >> adding new AD sources with the same name I observe) >> 5. Add back the AD join, with a new computer account name, and new >> computer account password - no errors! it adds the machine account to my AD >> (See logs) >> 6. start ntlm-auth-api and restart radiusd-auth (see logs) >> 7. Create an AD Authentication source and enter a binding user, test it >> and it works. >> 8. Set the realms up to use the NTLM and test radius and it does not work. >> >> What I do know - there is another 'hacky' way I can get this to work by >> setting packetfence to strip the username and password and look up the user >> over LDAPS - when I turn on stripping in the realms and use TTLS-PAP on a >> mac and enter my sAMAccountName and password in a radius tester I get >> Action-Accept. I can observe it knows the proper username/password and >> there is no firewall/router between these hosts. >> >> But when that realm is setup per the guide using the 'domain' rather than >> funneling via AD as an LDAP server 'hack' which is how it should be setup - >> I get issues (see logs below) >> >> Also the 'Sticky DC' field does not seem to honor a hostname, or I do not >> know maybe I need to use DC=X,DC=Y type format there. But now even the >> single AD server which was working is also not working. I mention this >> because for a while only one of the AD servers worked and I could see >> accept messages from it but failures from the other 3. So I went down that >> rabbit hole. But now the latest attempt none of them work so it is moot. >> >> The main warnings are [sic]: >> Is this machine account is shared by another ntlm_auth process (or >> another cluster node)? >> >> and >> >> {Access Denied} A process has requested access to an object but has not >> been granted those access rights.' >> >> >> I have seen several threads about this which related to the following and >> gone down that rabbit hole without any success: >> >> 1. https://github.com/inverse-inc/packetfence/issues/8370 - solutions >> such as ones related to clustered environments, and also bad machine >> account password were raised >> 2. >> https://sourceforge.net/p/packetfence/mailman/packetfence-users/thread/sj2pr02mb100520bf1b55cf2f6a3a5ab31a2...@sj2pr02mb10052.namprd02.prod.outlook.com/ >> - no response >> 3. >> https://www.reddit.com/r/PacketFence/comments/1iv3i9t/cant_get_pf_joined_to_the_domain/ >> - NTLM v2 - tried this no help >> 4. >> https://sourceforge.net/p/packetfence/mailman/packetfence-users/thread/0d8be4356ac2efbe0656141bb26338da%40mail.gmail.com/#msg59228778 >> seemed like user error - not too relevant maybe >> >> Here are some scrubbed logs removing my hostnames but might have been >> overzealous in scrubbing these please let me know if anything needs to be >> cleared up: >> >> 2025-12-05T10:51:58.370841-06:00 *** ntlm-auth-api-docker-wrapper[21965]: >> Checking sub service for domain [ad]: http://***:5000/ping, response = >> []. Not ready. Skipped checking for other domains. >> 2025-12-05T10:51:59.429186-06:00 *** ntlm-auth-api-docker-wrapper[21965]: >> Checking sub service for domain [ad]: http://***:5000/ping, response = >> []. Not ready. Skipped checking for other domains. >> 2025-12-05T10:52:00.424741-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:00 -0600] [7] [INFO] ntlm-auth-api@ad is starting on >> port 5000. >> 2025-12-05T10:52:00.426231-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:00 -0600] [7] [DEBUG] loading domain config from >> /usr/local/pf/conf/domain.conf >> 2025-12-05T10:52:00.426231-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:00 -0600] [7] [INFO] Load database config from >> /usr/local/pf/var/conf/ntlm-auth-api.d/db.ini >> 2025-12-05T10:52:00.426231-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:00 -0600] [7] [DEBUG] using cache: redis://***:6379 >> 2025-12-05T10:52:00.426231-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:00 -0600] [7] [INFO] database config: *** >> 2025-12-05T10:52:00.426231-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:00 -0600] [7] [INFO] starting ntlm-auth-api@*** ad >> 2025-12-05T10:52:00.472661-06:00 *** ntlm-auth-api-docker-wrapper[21965]: >> Checking sub service for domain [ad]: http://***:5000/ping, response = >> []. Not ready. Skipped checking for other domains. >> 2025-12-05T10:52:01.439482-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] AD FQDN: *** resolved with IP: ***. >> 2025-12-05T10:52:01.439482-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] NTLM Auth API started with the >> following parameters: >> 2025-12-05T10:52:01.439482-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] ad_fqdn *** >> 2025-12-05T10:52:01.439482-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] ad_server *** >> 2025-12-05T10:52:01.440801-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] server_name *** >> 2025-12-05T10:52:01.440801-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] server_name (parsed) *** >> 2025-12-05T10:52:01.440801-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] dns_name *** >> 2025-12-05T10:52:01.440801-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] workgroup ad >> 2025-12-05T10:52:01.440801-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] machine_account_password *** >> 2025-12-05T10:52:01.440801-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] dns_servers *** >> 2025-12-05T10:52:01.440801-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] nt_key_cache_enabled disabled >> 2025-12-05T10:52:01.440801-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] nt_key_cache_expire 12000 >> 2025-12-05T10:52:01.440801-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] NT Key cache enabled: False >> 2025-12-05T10:52:01.441692-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] loaded global variables >> 2025-12-05T10:52:01.441692-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] ---- Domain profile settings ---- >> 2025-12-05T10:52:01.441692-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_server_name >> *** >> 2025-12-05T10:52:01.441692-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_ad_server >> *** >> 2025-12-05T10:52:01.442060-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_realm >> *** >> 2025-12-05T10:52:01.442060-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_workgroup >> ad >> 2025-12-05T10:52:01.442312-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_username >> *** >> 2025-12-05T10:52:01.442439-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_password >> *** >> 2025-12-05T10:52:01.442439-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] >> global_vars.c_additional_machine_accounts 0 >> 2025-12-05T10:52:01.442627-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_netbios_name >> *** >> 2025-12-05T10:52:01.443031-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_workstation >> *** >> 2025-12-05T10:52:01.443031-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_server_string >> *** >> 2025-12-05T10:52:01.443031-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_domain >> ad >> 2025-12-05T10:52:01.443501-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_dns_servers >> *** >> 2025-12-05T10:52:01.443501-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] ---- NT Key cache ---- >> 2025-12-05T10:52:01.443501-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_nt_key_cache_enabled >> False >> 2025-12-05T10:52:01.443770-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_nt_key_cache_expire >> 12000 >> 2025-12-05T10:52:01.443770-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] >> global_vars.c_ad_account_lockout_threshold 0 >> 2025-12-05T10:52:01.443996-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] >> global_vars.c_ad_account_lockout_duration 30 >> 2025-12-05T10:52:01.443996-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] >> global_vars.c_ad_reset_account_lockout_counter_after 30 >> 2025-12-05T10:52:01.444188-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] >> global_vars.c_ad_old_password_allowed_period 60 >> 2025-12-05T10:52:01.444188-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] >> global_vars.c_max_allowed_password_attempts_per_device 0 >> 2025-12-05T10:52:01.444188-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] ---- Database ---- >> 2025-12-05T10:52:01.444188-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_db_host >> localhost >> 2025-12-05T10:52:01.444555-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_db_port 3306 >> 2025-12-05T10:52:01.444555-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_db_user *** >> 2025-12-05T10:52:01.444555-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_db_pass *** >> 2025-12-05T10:52:01.444806-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_db *** >> 2025-12-05T10:52:01.444904-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_db_unix_socket >> /var/lib/mysql/mysql.sock >> 2025-12-05T10:52:01.445186-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] ---- Multi workers ---- >> 2025-12-05T10:52:01.445575-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_cache_host *** >> 2025-12-05T10:52:01.445575-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.c_cache_port 6379 >> 2025-12-05T10:52:01.445895-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] global_vars.s_computer_account_base >> *** >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] Current configuration: >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> config: /usr/local/pf/bin/pyntlm_auth/gunicorn.conf.py >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> wsgi_app: entrypoint:app >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: bind: >> ['0.0.0.0:5000'] >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> backlog: 2048 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> workers: 1 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> worker_class: sync >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> threads: 1 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> worker_connections: 1000 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> max_requests: 10000 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> max_requests_jitter: 50 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> timeout: 30 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> graceful_timeout: 10 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> keepalive: 2 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> limit_request_line: 4094 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> limit_request_fields: 100 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> limit_request_field_size: 8190 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> reload: False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> reload_engine: auto >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> reload_extra_files: [] >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: spew: >> False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> check_config: False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> print_config: False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> preload_app: False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> sendfile: None >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> reuse_port: False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: chdir: >> /usr/local/pf/bin/pyntlm_auth >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> daemon: False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> raw_env: [] >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> pidfile: None >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> worker_tmp_dir: None >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: user: 0 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: group: >> 0 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: umask: >> 0 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> initgroups: False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> tmp_upload_dir: None >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> secure_scheme_headers: {'X-FORWARDED-PROTOCOL': 'ssl', >> 'X-FORWARDED-PROTO': 'https', 'X-FORWARDED-SSL': 'on'} >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> forwarded_allow_ips: ['127.0.0.1'] >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> accesslog: - >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> disable_redirect_access_to_syslog: False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> access_log_format: %(h)s %(l)s %(u)s %(p)s %(t)s "%(r)s" %(s)s %(b)s >> "%(f)s" "%(a)s" >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> errorlog: - >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> loglevel: debug >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> capture_output: False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> logger_class: <class '__config__.CustomGunicornLogger'> >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> logconfig: None >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> logconfig_dict: {} >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> syslog_addr: udp://localhost:514 >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> syslog: False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> syslog_prefix: None >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> syslog_facility: user >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> enable_stdio_inheritance: False >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> statsd_host: None >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> dogstatsd_tags: >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> statsd_prefix: >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> proc_name: None >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> default_proc_name: gunicorn >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> pythonpath: None >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: paste: >> None >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> on_starting: <function on_starting at 0x7f1a1afa0900> >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> on_reload: <function OnReload.on_reload at 0x7f1a20cfe160> >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> when_ready: <function WhenReady.when_ready at 0x7f1a20cfe2a0> >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> pre_fork: <function Prefork.pre_fork at 0x7f1a20cfe3e0> >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> post_fork: <function post_fork at 0x7f1a1afa0680> >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> post_worker_init: <function PostWorkerInit.post_worker_init at >> 0x7f1a20cfe660> >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> worker_int: <function WorkerInt.worker_int at 0x7f1a20cfe7a0> >> 2025-12-05T10:52:01.473043-06:00 *** ntlm-auth-api-domain[22005]: >> worker_abort: <function WorkerAbort.worker_abort at 0x7f1a20cfe8e0> >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> pre_exec: <function PreExec.pre_exec at 0x7f1a20cfea20> >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> pre_request: <function PreRequest.pre_request at 0x7f1a20cfeb60> >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> post_request: <function PostRequest.post_request at 0x7f1a20cfec00> >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> child_exit: <function ChildExit.child_exit at 0x7f1a20cfed40> >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> worker_exit: <function worker_exit at 0x7f1a1afa0400> >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> nworkers_changed: <function NumWorkersChanged.nworkers_changed at >> 0x7f1a20cfefc0> >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> on_exit: <function on_exit at 0x7f1a1afa0720> >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> proxy_protocol: False >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> proxy_allow_ips: ['127.0.0.1'] >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> keyfile: None >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> certfile: None >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> ssl_version: 2 >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> cert_reqs: 0 >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> ca_certs: None >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> suppress_ragged_eofs: True >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> do_handshake_on_connect: False >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> ciphers: None >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> raw_paste_global_conf: [] >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> strip_header_spaces: False >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> tolerate_dangerous_framing: False >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [INFO] Starting gunicorn 20.1.0 >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [INFO] master process starting, machine >> account binding cleanup started. >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [INFO] cleaning up machine account binding. >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] cleaning up machine account bind: >> key = 'ntlm-auth:ad:machine-account-bind:***' >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [INFO] machine account binding clean up >> done. >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [INFO] default logger set to >> 'gunicorn.error'. >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] Arbiter booted >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [INFO] Listening at: http://0.0.0.0:5000 >> (7) >> 2025-12-05T10:52:01.476243-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [INFO] Using worker: sync >> 2025-12-05T10:52:01.486384-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [9] [INFO] Booting worker with pid: 9 >> 2025-12-05T10:52:01.486512-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [9] [INFO] post fork hook: worker spawned with >> PID of 9 by master 7 >> 2025-12-05T10:52:01.490941-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [9] [INFO] primary worker is registered on PID: >> 9. >> 2025-12-05T10:52:01.562009-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:01 -0600] [7] [DEBUG] 1 workers >> 2025-12-05T10:52:03.152078-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:03 -0600] [9] [DEBUG] cleaning up machine account bind: >> key = 'ntlm-auth:ad:machine-account-bind:***' >> 2025-12-05T10:52:03.153451-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:03 -0600] [9] [INFO] successfully registered with machine >> account '***', ready to handle requests. >> 2025-12-05T10:52:03.167391-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:03 -0600] [9] [DEBUG] GET /ping >> 2025-12-05T10:52:03.171868-06:00 *** ntlm-auth-api-docker-wrapper[21965]: >> Checking sub service for domain [ad]: http://***:5000/ping, response = >> [pong]. Ready. >> 2025-12-05T10:52:13.227760-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:13 -0600] [9] [DEBUG] GET /ping >> 2025-12-05T10:52:23.282132-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:23 -0600] [9] [DEBUG] GET /ping >> 2025-12-05T10:52:33.337577-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:33 -0600] [9] [DEBUG] GET /ping >> 2025-12-05T10:52:43.393777-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:43 -0600] [9] [DEBUG] GET /ping >> 2025-12-05T10:52:53.448908-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:52:53 -0600] [9] [DEBUG] GET /ping >> 2025-12-05T10:53:03.504960-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:03 -0600] [9] [DEBUG] GET /ping >> 2025-12-05T10:53:13.552310-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:13 -0600] [9] [DEBUG] GET /ping >> 2025-12-05T10:53:23.608954-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:23 -0600] [9] [DEBUG] GET /ping >> 2025-12-05T10:53:33.669311-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:33 -0600] [9] [DEBUG] GET /ping >> 2025-12-05T10:53:43.411873-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:43 -0600] [9] [DEBUG] POST /ntlm/auth >> 2025-12-05T10:53:43.421022-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:43 -0600] [9] [DEBUG] lp: netbios = ***, realm = ***, >> server_str = ***, workgroup = ad >> 2025-12-05T10:53:43.421022-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:43 -0600] [9] [DEBUG] find_dc using dns servers: *** >> 2025-12-05T10:53:43.455332-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:43 -0600] [9] [DEBUG] find dc: pdc_dns_name = ***, e = 0, >> m = >> 2025-12-05T10:53:43.463161-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:43 -0600] [9] [DEBUG] establish secure channel, context = >> ncacn_np:***[schannel,seal] >> 2025-12-05T10:53:43.518233-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:43 -0600] [9] [DEBUG] secure connection established >> successfully. >> 2025-12-05T10:53:43.536075-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:43 -0600] [9] [WARNING] auth failed: user = '***', e = >> 3221225506, m = NT Error: code: 3221225506, message: (3221225506, '{Access >> Denied} A process has requested access to an object but has not been >> granted those access rights.') using ***\*** >> 2025-12-05T10:53:43.536075-06:00 *** ntlm-auth-api-domain[22005]: >> [2025-12-05 10:53:43 -0600] [9] [WARNING] Is this machine account is shared >> by another ntlm_auth process (or another cluster node)? >> 2025-12-05T10:53:43.539010-06:00 *** ntlm-auth-api-domain[22005]: *** - - >> <9> [05/Dec/2025:10:53:43 -0600] "POST /ntlm/auth HTTP/1.1" 400 158 "-" "-" >> >> >> Mark Amber >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
