subject:"\\\\\\\[PacketFence\\\\\\\-users\\\\\\\] PF just refuses to join AD domain\\\\\\\?\\\\\\\?"

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-25 Thread Akala Kehinde via PacketFence-users

Hello Fabrice,

It worked!

Thanks a million:)
Want to know if the change affects anything else. And asked earlier what
your advice would be, if its a good idea to have the AD in same network as
the PF Mgmtn. interface.


Regards,
Kehinde

On Thu, Aug 24, 2017 at 8:58 AM, Akala Kehinde 
wrote:

> Hello Fabrice,
>
> But just 1 thing... Would you then advice me to have the return route for
> my domain pointing to 172.16.100.10?
>
> Regards,
> Kehinde
>
> On Thu, Aug 24, 2017 at 8:55 AM, Akala Kehinde 
> wrote:
>
>> Hello Fabrice,
>>
>> I guess PF was configured by default for all services, protocols and
>> routes via just 1 interface. I was actually routing my domain network
>> through a second interface which of course needed a tweak in the
>> iptables.conf file.
>>
>> Thanks a lot man. Will apply d fix and test again.
>>
>> See attached the files as requested.
>>
>> Regards,
>> Kehinde
>>
>> On Thu, Aug 24, 2017 at 4:58 AM, Durand fabrice 
>> wrote:
>>
>>> Ok your issue is there:
>>>
>>> -A POSTROUTING -s 169.254.0.0/16 -o eth0.100 -j SNAT --to-source
>>> 172.16.100.10
>>>
>>> it should be:
>>>
>>> -A POSTROUTING -s 169.254.0.0/16 -o eth1 -j SNAT --to-source 172.16.7.13
>>>
>>> a quick fix should be to add it in the conf/iptables.conf
>>>
>>> Also to understand what happen exactly i will need to have the pf.conf
>>> and networks.conf.
>>>
>>>
>>>
>>> Le 2017-08-23 à 22:24, Akala Kehinde a écrit :
>>>
>>> Hi Fab,
>>>
>>> See attached.
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Thu, Aug 24, 2017 at 4:13 AM, Durand fabrice 
>>> wrote:
>>>
 var/conf/iptables.conf not conf/iptables.conf

 Le 2017-08-23 à 22:12, Akala Kehinde a écrit :

 Hi Fabrice,

 Pls see attached..

 Regards,
 Kehinde

 On Thu, Aug 24, 2017 at 1:33 AM, Durand fabrice 
 wrote:

> no it's perfect, MYDOMAIN-b is the  link to the namespace.
>
> So the issue is probably iptables, can you paste the content of
> var/conf/iptables.conf ?
>
>
>
> Le 2017-08-23 à 17:20, Akala Kehinde a écrit :
>
> It appears  MYDOMAIN-b binds on the wrong interface?
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 11:17 PM, Akala Kehinde <
> kehindeak...@gmail.com> wrote:
>
>> Hi Fabrice,
>>
>> See below:
>>
>> [root@pfence sysctl.d]# ip route
>> default via 172.16.7.1 dev eth1
>> 169.254.0.0/30 dev MYDOMAIN-b  proto kernel  scope link  src
>> 169.254.0.2
>> 169.254.0.0/16 dev eth0  scope link  metric 1002
>> 169.254.0.0/16 dev eth1  scope link  metric 1003
>> 169.254.0.0/16 dev eth0.100  scope link  metric 1004
>> 169.254.0.0/16 dev eth0.101  scope link  metric 1005
>> 169.254.0.0/16 dev eth0.4  scope link  metric 1006
>> 169.254.0.0/16 dev eth0.5  scope link  metric 1007
>> 169.254.0.0/16 dev eth0.6  scope link  metric 1008
>> 169.254.0.0/16 dev eth0.98  scope link  metric 1009
>> 169.254.0.0/16 dev eth0.99  scope link  metric 1010
>> 172.16.4.0/24 dev eth0.4  proto kernel  scope link  src 172.16.4.2
>> 172.16.7.0/24 dev eth1  proto kernel  scope link  src 172.16.7.13
>> 172.16.98.0/24 dev eth0.98  proto kernel  scope link  src 172.16.98.1
>> 172.16.99.0/24 dev eth0.99  proto kernel  scope link  src 172.16.99.1
>> 172.16.100.0/24 dev eth0.100  proto kernel  scope link  src
>> 172.16.100.10
>> 172.16.101.0/24 dev eth0.101  proto kernel  scope link  src
>> 172.16.101.1
>> [root@pfence sysctl.d]#
>>
>> [root@pfence sysctl.d]# ip route get 172.16.7.10
>> 172.16.7.10 dev eth1  src 172.16.7.13
>> cache
>> [root@pfence sysctl.d]#
>>
>>
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 9:47 PM, Fabrice Durand 
>> wrote:
>>
>>> Ok so your issue is related to the route of the system.
>>>
>>> do:
>>>
>>> ip route
>>>
>>> and:
>>>
>>> ip route get 172.16.7.10
>>>
>>> restart iptables
>>>
>>>
>>>
>>> Le 2017-08-23 à 15:44, Akala Kehinde a écrit :
>>>
>>> Hi Fabrice,
>>>
>>> See below:
>>>
>>> [root@pfence sysctl.d]# ip netns exec MYDOMAIN ping 172.16.7.10
>>> PING 172.16.7.10 (172.16.7.10) 56(84) bytes of data.
>>>
>>> --- 172.16.7.10 ping statistics ---
>>> 22 packets transmitted, 0 received, 100% packet loss, time 21107ms
>>>
>>> [root@pfence sysctl.d]# ip netns exec MYDOMAIN nslookup
>>> www.google.de
>>> ;; connection timed out; trying next origin
>>> ;; connection timed out; no servers could be reached
>>>
>>> [root@pfence sysctl.d]#
>>>
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Wed, Aug 23, 2017 at 6:45 PM, Fabrice Durand via
>>> PacketFence-users  wrote:
>>>

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-24 Thread Akala Kehinde via PacketFence-users

Hello Fabrice,

But just 1 thing... Would you then advice me to have the return route for
my domain pointing to 172.16.100.10?

Regards,
Kehinde

On Thu, Aug 24, 2017 at 8:55 AM, Akala Kehinde 
wrote:

> Hello Fabrice,
>
> I guess PF was configured by default for all services, protocols and
> routes via just 1 interface. I was actually routing my domain network
> through a second interface which of course needed a tweak in the
> iptables.conf file.
>
> Thanks a lot man. Will apply d fix and test again.
>
> See attached the files as requested.
>
> Regards,
> Kehinde
>
> On Thu, Aug 24, 2017 at 4:58 AM, Durand fabrice 
> wrote:
>
>> Ok your issue is there:
>>
>> -A POSTROUTING -s 169.254.0.0/16 -o eth0.100 -j SNAT --to-source
>> 172.16.100.10
>>
>> it should be:
>>
>> -A POSTROUTING -s 169.254.0.0/16 -o eth1 -j SNAT --to-source 172.16.7.13
>>
>> a quick fix should be to add it in the conf/iptables.conf
>>
>> Also to understand what happen exactly i will need to have the pf.conf
>> and networks.conf.
>>
>>
>>
>> Le 2017-08-23 à 22:24, Akala Kehinde a écrit :
>>
>> Hi Fab,
>>
>> See attached.
>>
>> Regards,
>> Kehinde
>>
>> On Thu, Aug 24, 2017 at 4:13 AM, Durand fabrice 
>> wrote:
>>
>>> var/conf/iptables.conf not conf/iptables.conf
>>>
>>> Le 2017-08-23 à 22:12, Akala Kehinde a écrit :
>>>
>>> Hi Fabrice,
>>>
>>> Pls see attached..
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Thu, Aug 24, 2017 at 1:33 AM, Durand fabrice 
>>> wrote:
>>>
 no it's perfect, MYDOMAIN-b is the  link to the namespace.

 So the issue is probably iptables, can you paste the content of
 var/conf/iptables.conf ?



 Le 2017-08-23 à 17:20, Akala Kehinde a écrit :

 It appears  MYDOMAIN-b binds on the wrong interface?

 Regards,
 Kehinde

 On Wed, Aug 23, 2017 at 11:17 PM, Akala Kehinde  wrote:

> Hi Fabrice,
>
> See below:
>
> [root@pfence sysctl.d]# ip route
> default via 172.16.7.1 dev eth1
> 169.254.0.0/30 dev MYDOMAIN-b  proto kernel  scope link  src
> 169.254.0.2
> 169.254.0.0/16 dev eth0  scope link  metric 1002
> 169.254.0.0/16 dev eth1  scope link  metric 1003
> 169.254.0.0/16 dev eth0.100  scope link  metric 1004
> 169.254.0.0/16 dev eth0.101  scope link  metric 1005
> 169.254.0.0/16 dev eth0.4  scope link  metric 1006
> 169.254.0.0/16 dev eth0.5  scope link  metric 1007
> 169.254.0.0/16 dev eth0.6  scope link  metric 1008
> 169.254.0.0/16 dev eth0.98  scope link  metric 1009
> 169.254.0.0/16 dev eth0.99  scope link  metric 1010
> 172.16.4.0/24 dev eth0.4  proto kernel  scope link  src 172.16.4.2
> 172.16.7.0/24 dev eth1  proto kernel  scope link  src 172.16.7.13
> 172.16.98.0/24 dev eth0.98  proto kernel  scope link  src 172.16.98.1
> 172.16.99.0/24 dev eth0.99  proto kernel  scope link  src 172.16.99.1
> 172.16.100.0/24 dev eth0.100  proto kernel  scope link  src
> 172.16.100.10
> 172.16.101.0/24 dev eth0.101  proto kernel  scope link  src
> 172.16.101.1
> [root@pfence sysctl.d]#
>
> [root@pfence sysctl.d]# ip route get 172.16.7.10
> 172.16.7.10 dev eth1  src 172.16.7.13
> cache
> [root@pfence sysctl.d]#
>
>
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 9:47 PM, Fabrice Durand 
> wrote:
>
>> Ok so your issue is related to the route of the system.
>>
>> do:
>>
>> ip route
>>
>> and:
>>
>> ip route get 172.16.7.10
>>
>> restart iptables
>>
>>
>>
>> Le 2017-08-23 à 15:44, Akala Kehinde a écrit :
>>
>> Hi Fabrice,
>>
>> See below:
>>
>> [root@pfence sysctl.d]# ip netns exec MYDOMAIN ping 172.16.7.10
>> PING 172.16.7.10 (172.16.7.10) 56(84) bytes of data.
>>
>> --- 172.16.7.10 ping statistics ---
>> 22 packets transmitted, 0 received, 100% packet loss, time 21107ms
>>
>> [root@pfence sysctl.d]# ip netns exec MYDOMAIN nslookup www.google.de
>> ;; connection timed out; trying next origin
>> ;; connection timed out; no servers could be reached
>>
>> [root@pfence sysctl.d]#
>>
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 6:45 PM, Fabrice Durand via PacketFence-users
>>  wrote:
>>
>>>
>>> Let's try that:
>>>
>>> ip netns exec MYDOMAIN ping 172.16.7.10
>>>
>>> ip netns exec MYDOMAIN nslookup www.google.de
>>>
>>> What is the result ?
>>>
>>> Le 2017-08-23 à 10:55, Akala Kehinde a écrit :
>>>
>>> Hello Fabrice,
>>>
>>> Was thinkig, could it be a problem with the winbindd itself.
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Wed, Aug 23, 2017 at 3:02 PM, Akala Kehinde <
>>> kehindeak...@gmail.com> wrote:

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-24 Thread Akala Kehinde via PacketFence-users

Hello Fabrice,

I guess PF was configured by default for all services, protocols and routes
via just 1 interface. I was actually routing my domain network through a
second interface which of course needed a tweak in the iptables.conf file.

Thanks a lot man. Will apply d fix and test again.

See attached the files as requested.

Regards,
Kehinde

On Thu, Aug 24, 2017 at 4:58 AM, Durand fabrice  wrote:

> Ok your issue is there:
>
> -A POSTROUTING -s 169.254.0.0/16 -o eth0.100 -j SNAT --to-source
> 172.16.100.10
>
> it should be:
>
> -A POSTROUTING -s 169.254.0.0/16 -o eth1 -j SNAT --to-source 172.16.7.13
>
> a quick fix should be to add it in the conf/iptables.conf
>
> Also to understand what happen exactly i will need to have the pf.conf and
> networks.conf.
>
>
>
> Le 2017-08-23 à 22:24, Akala Kehinde a écrit :
>
> Hi Fab,
>
> See attached.
>
> Regards,
> Kehinde
>
> On Thu, Aug 24, 2017 at 4:13 AM, Durand fabrice 
> wrote:
>
>> var/conf/iptables.conf not conf/iptables.conf
>>
>> Le 2017-08-23 à 22:12, Akala Kehinde a écrit :
>>
>> Hi Fabrice,
>>
>> Pls see attached..
>>
>> Regards,
>> Kehinde
>>
>> On Thu, Aug 24, 2017 at 1:33 AM, Durand fabrice 
>> wrote:
>>
>>> no it's perfect, MYDOMAIN-b is the  link to the namespace.
>>>
>>> So the issue is probably iptables, can you paste the content of
>>> var/conf/iptables.conf ?
>>>
>>>
>>>
>>> Le 2017-08-23 à 17:20, Akala Kehinde a écrit :
>>>
>>> It appears  MYDOMAIN-b binds on the wrong interface?
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Wed, Aug 23, 2017 at 11:17 PM, Akala Kehinde 
>>> wrote:
>>>
 Hi Fabrice,

 See below:

 [root@pfence sysctl.d]# ip route
 default via 172.16.7.1 dev eth1
 169.254.0.0/30 dev MYDOMAIN-b  proto kernel  scope link  src
 169.254.0.2
 169.254.0.0/16 dev eth0  scope link  metric 1002
 169.254.0.0/16 dev eth1  scope link  metric 1003
 169.254.0.0/16 dev eth0.100  scope link  metric 1004
 169.254.0.0/16 dev eth0.101  scope link  metric 1005
 169.254.0.0/16 dev eth0.4  scope link  metric 1006
 169.254.0.0/16 dev eth0.5  scope link  metric 1007
 169.254.0.0/16 dev eth0.6  scope link  metric 1008
 169.254.0.0/16 dev eth0.98  scope link  metric 1009
 169.254.0.0/16 dev eth0.99  scope link  metric 1010
 172.16.4.0/24 dev eth0.4  proto kernel  scope link  src 172.16.4.2
 172.16.7.0/24 dev eth1  proto kernel  scope link  src 172.16.7.13
 172.16.98.0/24 dev eth0.98  proto kernel  scope link  src 172.16.98.1
 172.16.99.0/24 dev eth0.99  proto kernel  scope link  src 172.16.99.1
 172.16.100.0/24 dev eth0.100  proto kernel  scope link  src
 172.16.100.10
 172.16.101.0/24 dev eth0.101  proto kernel  scope link  src
 172.16.101.1
 [root@pfence sysctl.d]#

 [root@pfence sysctl.d]# ip route get 172.16.7.10
 172.16.7.10 dev eth1  src 172.16.7.13
 cache
 [root@pfence sysctl.d]#



 Regards,
 Kehinde

 On Wed, Aug 23, 2017 at 9:47 PM, Fabrice Durand 
 wrote:

> Ok so your issue is related to the route of the system.
>
> do:
>
> ip route
>
> and:
>
> ip route get 172.16.7.10
>
> restart iptables
>
>
>
> Le 2017-08-23 à 15:44, Akala Kehinde a écrit :
>
> Hi Fabrice,
>
> See below:
>
> [root@pfence sysctl.d]# ip netns exec MYDOMAIN ping 172.16.7.10
> PING 172.16.7.10 (172.16.7.10) 56(84) bytes of data.
>
> --- 172.16.7.10 ping statistics ---
> 22 packets transmitted, 0 received, 100% packet loss, time 21107ms
>
> [root@pfence sysctl.d]# ip netns exec MYDOMAIN nslookup www.google.de
> ;; connection timed out; trying next origin
> ;; connection timed out; no servers could be reached
>
> [root@pfence sysctl.d]#
>
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 6:45 PM, Fabrice Durand via PacketFence-users
>  wrote:
>
>>
>> Let's try that:
>>
>> ip netns exec MYDOMAIN ping 172.16.7.10
>>
>> ip netns exec MYDOMAIN nslookup www.google.de
>>
>> What is the result ?
>>
>> Le 2017-08-23 à 10:55, Akala Kehinde a écrit :
>>
>> Hello Fabrice,
>>
>> Was thinkig, could it be a problem with the winbindd itself.
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 3:02 PM, Akala Kehinde <
>> kehindeak...@gmail.com> wrote:
>>
>>> Hallo Fabrice,
>>>
>>> [root@pfence sysctl.d]# cat 99-ip_forward.conf
>>> # ip forwarding enabled by packetfence
>>> net.ipv4.ip_forward = 1
>>>
>>> Checked timing already on both servers, it"s d same.
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via
>>> PacketFence-users

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-23 Thread Akala Kehinde via PacketFence-users

Hi Fabrice,

Pls see attached..

Regards,
Kehinde

On Thu, Aug 24, 2017 at 1:33 AM, Durand fabrice  wrote:

> no it's perfect, MYDOMAIN-b is the  link to the namespace.
>
> So the issue is probably iptables, can you paste the content of
> var/conf/iptables.conf ?
>
>
>
> Le 2017-08-23 à 17:20, Akala Kehinde a écrit :
>
> It appears  MYDOMAIN-b binds on the wrong interface?
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 11:17 PM, Akala Kehinde 
> wrote:
>
>> Hi Fabrice,
>>
>> See below:
>>
>> [root@pfence sysctl.d]# ip route
>> default via 172.16.7.1 dev eth1
>> 169.254.0.0/30 dev MYDOMAIN-b  proto kernel  scope link  src 169.254.0.2
>> 169.254.0.0/16 dev eth0  scope link  metric 1002
>> 169.254.0.0/16 dev eth1  scope link  metric 1003
>> 169.254.0.0/16 dev eth0.100  scope link  metric 1004
>> 169.254.0.0/16 dev eth0.101  scope link  metric 1005
>> 169.254.0.0/16 dev eth0.4  scope link  metric 1006
>> 169.254.0.0/16 dev eth0.5  scope link  metric 1007
>> 169.254.0.0/16 dev eth0.6  scope link  metric 1008
>> 169.254.0.0/16 dev eth0.98  scope link  metric 1009
>> 169.254.0.0/16 dev eth0.99  scope link  metric 1010
>> 172.16.4.0/24 dev eth0.4  proto kernel  scope link  src 172.16.4.2
>> 172.16.7.0/24 dev eth1  proto kernel  scope link  src 172.16.7.13
>> 172.16.98.0/24 dev eth0.98  proto kernel  scope link  src 172.16.98.1
>> 172.16.99.0/24 dev eth0.99  proto kernel  scope link  src 172.16.99.1
>> 172.16.100.0/24 dev eth0.100  proto kernel  scope link  src 172.16.100.10
>> 172.16.101.0/24 dev eth0.101  proto kernel  scope link  src 172.16.101.1
>> [root@pfence sysctl.d]#
>>
>> [root@pfence sysctl.d]# ip route get 172.16.7.10
>> 172.16.7.10 dev eth1  src 172.16.7.13
>> cache
>> [root@pfence sysctl.d]#
>>
>>
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 9:47 PM, Fabrice Durand 
>> wrote:
>>
>>> Ok so your issue is related to the route of the system.
>>>
>>> do:
>>>
>>> ip route
>>>
>>> and:
>>>
>>> ip route get 172.16.7.10
>>>
>>> restart iptables
>>>
>>>
>>>
>>> Le 2017-08-23 à 15:44, Akala Kehinde a écrit :
>>>
>>> Hi Fabrice,
>>>
>>> See below:
>>>
>>> [root@pfence sysctl.d]# ip netns exec MYDOMAIN ping 172.16.7.10
>>> PING 172.16.7.10 (172.16.7.10) 56(84) bytes of data.
>>>
>>> --- 172.16.7.10 ping statistics ---
>>> 22 packets transmitted, 0 received, 100% packet loss, time 21107ms
>>>
>>> [root@pfence sysctl.d]# ip netns exec MYDOMAIN nslookup www.google.de
>>> ;; connection timed out; trying next origin
>>> ;; connection timed out; no servers could be reached
>>>
>>> [root@pfence sysctl.d]#
>>>
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Wed, Aug 23, 2017 at 6:45 PM, Fabrice Durand via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>

 Let's try that:

 ip netns exec MYDOMAIN ping 172.16.7.10

 ip netns exec MYDOMAIN nslookup www.google.de

 What is the result ?

 Le 2017-08-23 à 10:55, Akala Kehinde a écrit :

 Hello Fabrice,

 Was thinkig, could it be a problem with the winbindd itself.

 Regards,
 Kehinde

 On Wed, Aug 23, 2017 at 3:02 PM, Akala Kehinde 
 wrote:

> Hallo Fabrice,
>
> [root@pfence sysctl.d]# cat 99-ip_forward.conf
> # ip forwarding enabled by packetfence
> net.ipv4.ip_forward = 1
>
> Checked timing already on both servers, it"s d same.
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via PacketFence-users
>  wrote:
>
>> Hello Akala,
>>
>> does ip_forward is enable ?
>>
>> does the time of the packetfence server is the same as the AD server ?
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2017-08-23 à 02:38, Akala Kehinde a écrit :
>>
>> Hello Fabrice,
>>
>> Kindly see below:
>>
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
>> could not obtain winbind interface details:
>> WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> Error looking up domain users
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
>> could not obtain winbind interface details:
>> WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
>> Error looking up domain groups
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
>> could not obtain winbind interface details:
>> WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> checking the trust secret for domain (null) via RPC calls failed
>> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
>> Could not check secret
>> [root@pfence pf]#
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
>> could not obtain winbind interface

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-23 Thread Akala Kehinde via PacketFence-users

Hi Fabrice,

See below:

[root@pfence sysctl.d]# ip route
default via 172.16.7.1 dev eth1
169.254.0.0/30 dev MYDOMAIN-b  proto kernel  scope link  src 169.254.0.2
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth1  scope link  metric 1003
169.254.0.0/16 dev eth0.100  scope link  metric 1004
169.254.0.0/16 dev eth0.101  scope link  metric 1005
169.254.0.0/16 dev eth0.4  scope link  metric 1006
169.254.0.0/16 dev eth0.5  scope link  metric 1007
169.254.0.0/16 dev eth0.6  scope link  metric 1008
169.254.0.0/16 dev eth0.98  scope link  metric 1009
169.254.0.0/16 dev eth0.99  scope link  metric 1010
172.16.4.0/24 dev eth0.4  proto kernel  scope link  src 172.16.4.2
172.16.7.0/24 dev eth1  proto kernel  scope link  src 172.16.7.13
172.16.98.0/24 dev eth0.98  proto kernel  scope link  src 172.16.98.1
172.16.99.0/24 dev eth0.99  proto kernel  scope link  src 172.16.99.1
172.16.100.0/24 dev eth0.100  proto kernel  scope link  src 172.16.100.10
172.16.101.0/24 dev eth0.101  proto kernel  scope link  src 172.16.101.1
[root@pfence sysctl.d]#

[root@pfence sysctl.d]# ip route get 172.16.7.10
172.16.7.10 dev eth1  src 172.16.7.13
cache
[root@pfence sysctl.d]#

Regards,
Kehinde

On Wed, Aug 23, 2017 at 9:47 PM, Fabrice Durand  wrote:

> Ok so your issue is related to the route of the system.
>
> do:
>
> ip route
>
> and:
>
> ip route get 172.16.7.10
>
> restart iptables
>
>
>
> Le 2017-08-23 à 15:44, Akala Kehinde a écrit :
>
> Hi Fabrice,
>
> See below:
>
> [root@pfence sysctl.d]# ip netns exec MYDOMAIN ping 172.16.7.10
> PING 172.16.7.10 (172.16.7.10) 56(84) bytes of data.
>
> --- 172.16.7.10 ping statistics ---
> 22 packets transmitted, 0 received, 100% packet loss, time 21107ms
>
> [root@pfence sysctl.d]# ip netns exec MYDOMAIN nslookup www.google.de
> ;; connection timed out; trying next origin
> ;; connection timed out; no servers could be reached
>
> [root@pfence sysctl.d]#
>
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 6:45 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>>
>> Let's try that:
>>
>> ip netns exec MYDOMAIN ping 172.16.7.10
>>
>> ip netns exec MYDOMAIN nslookup www.google.de
>>
>> What is the result ?
>>
>> Le 2017-08-23 à 10:55, Akala Kehinde a écrit :
>>
>> Hello Fabrice,
>>
>> Was thinkig, could it be a problem with the winbindd itself.
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 3:02 PM, Akala Kehinde 
>> wrote:
>>
>>> Hallo Fabrice,
>>>
>>> [root@pfence sysctl.d]# cat 99-ip_forward.conf
>>> # ip forwarding enabled by packetfence
>>> net.ipv4.ip_forward = 1
>>>
>>> Checked timing already on both servers, it"s d same.
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>
 Hello Akala,

 does ip_forward is enable ?

 does the time of the packetfence server is the same as the AD server ?

 Regards

 Fabrice

 Le 2017-08-23 à 02:38, Akala Kehinde a écrit :

 Hello Fabrice,

 Kindly see below:

 [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
 could not obtain winbind interface details:
 WBC_ERR_WINBIND_NOT_AVAILABLE
 could not obtain winbind domain name!
 Error looking up domain users
 [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
 could not obtain winbind interface details:
 WBC_ERR_WINBIND_NOT_AVAILABLE
 could not obtain winbind domain name!
 failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
 Error looking up domain groups
 [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
 could not obtain winbind interface details:
 WBC_ERR_WINBIND_NOT_AVAILABLE
 could not obtain winbind domain name!
 checking the trust secret for domain (null) via RPC calls failed
 failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
 Could not check secret
 [root@pfence pf]#
 [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
 could not obtain winbind interface details:
 WBC_ERR_WINBIND_NOT_AVAILABLE
 could not obtain winbind domain name!
 checking the NETLOGON for domain[] dc connection to "" failed
 failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
 [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
 Ping to winbindd failed
 could not ping winbindd!
 [root@pfence pf]#

 Tested with TESTMAWOH.DE but still cannot join..
 It's driving me nuts:)

 Regards,
 Kehinde

 On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via PacketFence-users <
 packetfence-users@lists.sourceforge.net> wrote:

> Hello Akala,
>
> what happen if you do that:
>
> chroot /chroots/MYDOMAIN
>
> wbinfo -u
>
> wbinfo -g
>
> if there is no usernames or groups displayed then try :
>
>

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-23 Thread Akala Kehinde via PacketFence-users

Hi Fabrice,

See below:

[root@pfence sysctl.d]# ip netns exec MYDOMAIN ping 172.16.7.10
PING 172.16.7.10 (172.16.7.10) 56(84) bytes of data.

--- 172.16.7.10 ping statistics ---
22 packets transmitted, 0 received, 100% packet loss, time 21107ms

[root@pfence sysctl.d]# ip netns exec MYDOMAIN nslookup www.google.de
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached

[root@pfence sysctl.d]#


Regards,
Kehinde

On Wed, Aug 23, 2017 at 6:45 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

>
> Let's try that:
>
> ip netns exec MYDOMAIN ping 172.16.7.10
>
> ip netns exec MYDOMAIN nslookup www.google.de
>
> What is the result ?
>
> Le 2017-08-23 à 10:55, Akala Kehinde a écrit :
>
> Hello Fabrice,
>
> Was thinkig, could it be a problem with the winbindd itself.
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 3:02 PM, Akala Kehinde 
> wrote:
>
>> Hallo Fabrice,
>>
>> [root@pfence sysctl.d]# cat 99-ip_forward.conf
>> # ip forwarding enabled by packetfence
>> net.ipv4.ip_forward = 1
>>
>> Checked timing already on both servers, it"s d same.
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> Hello Akala,
>>>
>>> does ip_forward is enable ?
>>>
>>> does the time of the packetfence server is the same as the AD server ?
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>> Le 2017-08-23 à 02:38, Akala Kehinde a écrit :
>>>
>>> Hello Fabrice,
>>>
>>> Kindly see below:
>>>
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
>>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> Error looking up domain users
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
>>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> Error looking up domain groups
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
>>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> checking the trust secret for domain (null) via RPC calls failed
>>> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> Could not check secret
>>> [root@pfence pf]#
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
>>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> checking the NETLOGON for domain[] dc connection to "" failed
>>> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
>>> Ping to winbindd failed
>>> could not ping winbindd!
>>> [root@pfence pf]#
>>>
>>>
>>> Tested with TESTMAWOH.DE but still cannot join..
>>> It's driving me nuts:)
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>
 Hello Akala,

 what happen if you do that:

 chroot /chroots/MYDOMAIN

 wbinfo -u

 wbinfo -g

 if there is no usernames or groups displayed then try :

 dns_name=TESTMAWOH.DE
 and rejoin

 Regards
 Fabrice


 Le 2017-08-22 à 22:21, Akala Kehinde via PacketFence-users a écrit :


 Hello guys,

 I get this error when trying to join PF to an Active Directory Server:

 [root@pfence pf]# tail -f /chroots/MYDOMAIN/var/log/samb
 aMYDOMAIN/log.winbindd
 [2017/08/23 02:20:34.196193,  0] ../source3/winbindd/winbindd_u
 til.c:869(init_domain_list)
   Could not fetch our SID - did we join?
 [2017/08/23 02:20:34.196275,  0] ../source3/winbindd/winbindd.c
 :1408(winbindd_register_handlers)
   unable to initialize domain list
 [2017/08/23 02:20:34.324267,  0] ../source3/winbindd/winbindd_c
 ache.c:3245(initialize_winbindd_cache)
   initialize_winbindd_cache: clearing cache and re-creating with
 version number 2
 [2017/08/23 02:20:34.333731,  0] ../source3/winbindd/winbindd_u
 til.c:869(init_domain_list)
   Could not fetch our SID - did we join?

 [root@pfence pf]#

 Below is my domain.conf file:

 [MYDOMAIN]
 ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(u
 serAccountControl:1.2.840.113556.1.4.803:=2
 ntlm_cache=disabled
 registration=0
 ntlm_cache_expiry=3600
 dns_name=egelsbach.testmawoh.de
 dns_servers=172.16.7.10
 ou=Computers
 ntlm_cache_on_connection=disabled
 workgroup=TESTMAWOH
 ntlm_cache_batch_one_at_a_time=disabled
 sticky_dc=*
 ad_server=winserver.egelsbach.testmawoh.de
 ntlm_cache_batch=disabled
 server_name=pfence
 bind_pass=
 bind_dn=

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-23 Thread Akala Kehinde via PacketFence-users

Hello Fabrice,

Was thinkig, could it be a problem with the winbindd itself.

Regards,
Kehinde

On Wed, Aug 23, 2017 at 3:02 PM, Akala Kehinde 
wrote:

> Hallo Fabrice,
>
> [root@pfence sysctl.d]# cat 99-ip_forward.conf
> # ip forwarding enabled by packetfence
> net.ipv4.ip_forward = 1
>
> Checked timing already on both servers, it"s d same.
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Akala,
>>
>> does ip_forward is enable ?
>>
>> does the time of the packetfence server is the same as the AD server ?
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2017-08-23 à 02:38, Akala Kehinde a écrit :
>>
>> Hello Fabrice,
>>
>> Kindly see below:
>>
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> Error looking up domain users
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
>> Error looking up domain groups
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> checking the trust secret for domain (null) via RPC calls failed
>> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
>> Could not check secret
>> [root@pfence pf]#
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> checking the NETLOGON for domain[] dc connection to "" failed
>> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
>> Ping to winbindd failed
>> could not ping winbindd!
>> [root@pfence pf]#
>>
>>
>> Tested with TESTMAWOH.DE but still cannot join..
>> It's driving me nuts:)
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> Hello Akala,
>>>
>>> what happen if you do that:
>>>
>>> chroot /chroots/MYDOMAIN
>>>
>>> wbinfo -u
>>>
>>> wbinfo -g
>>>
>>> if there is no usernames or groups displayed then try :
>>>
>>> dns_name=TESTMAWOH.DE
>>> and rejoin
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le 2017-08-22 à 22:21, Akala Kehinde via PacketFence-users a écrit :
>>>
>>>
>>> Hello guys,
>>>
>>> I get this error when trying to join PF to an Active Directory Server:
>>>
>>> [root@pfence pf]# tail -f /chroots/MYDOMAIN/var/log/samb
>>> aMYDOMAIN/log.winbindd
>>> [2017/08/23 02:20:34.196193,  0] ../source3/winbindd/winbindd_u
>>> til.c:869(init_domain_list)
>>>   Could not fetch our SID - did we join?
>>> [2017/08/23 02:20:34.196275,  0] ../source3/winbindd/winbindd.c
>>> :1408(winbindd_register_handlers)
>>>   unable to initialize domain list
>>> [2017/08/23 02:20:34.324267,  0] ../source3/winbindd/winbindd_c
>>> ache.c:3245(initialize_winbindd_cache)
>>>   initialize_winbindd_cache: clearing cache and re-creating with version
>>> number 2
>>> [2017/08/23 02:20:34.333731,  0] ../source3/winbindd/winbindd_u
>>> til.c:869(init_domain_list)
>>>   Could not fetch our SID - did we join?
>>>
>>> [root@pfence pf]#
>>>
>>> Below is my domain.conf file:
>>>
>>> [MYDOMAIN]
>>> ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(u
>>> serAccountControl:1.2.840.113556.1.4.803:=2
>>> ntlm_cache=disabled
>>> registration=0
>>> ntlm_cache_expiry=3600
>>> dns_name=egelsbach.testmawoh.de
>>> dns_servers=172.16.7.10
>>> ou=Computers
>>> ntlm_cache_on_connection=disabled
>>> workgroup=TESTMAWOH
>>> ntlm_cache_batch_one_at_a_time=disabled
>>> sticky_dc=*
>>> ad_server=winserver.egelsbach.testmawoh.de
>>> ntlm_cache_batch=disabled
>>> server_name=pfence
>>> bind_pass=
>>> bind_dn=
>>>
>>> [root@pfence pf]# ps -efd | grep winbindd
>>> root 20052 1  7 04:15 ?00:00:14 winbindd-wrapper
>>> root 21912 20052  1 04:18 ?00:00:00 sudo chroot
>>> /chroots/MYDOMAIN /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf -l
>>> /var/log/sambaMYDOMAIN --foreground
>>> root 21913 21912  0 04:18 ?00:00:00 /usr/sbin/winbindd -s
>>> /etc/samba/MYDOMAIN.conf -l /var/log/sambaMYDOMAIN --foreground
>>> root 21915  4173  0 04:18 ttyS000:00:00 grep --color=auto
>>> winbindd
>>>
>>> [root@pfence pf]# /usr/local/pf/bin/pfcmd service winbindd status
>>> service|shouldBeStarted|pid
>>> winbindd|1|20052
>>> [root@pfence pf]#
>>>
>>> There is reachability between PF, the AD and DNS servers and all can
>>> resolve DNS queries.
>>>
>>> I have tried everything but just refuses to bind..Whatelse could be
>>> wrong pls?
>>>
>>>
>>> Regards,
>>> Kehinde
>>>
>>>
>>>

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-23 Thread Fabrice Durand via PacketFence-users

Ok so your issue is related to the route of the system.

do:

ip route

and:

ip route get 172.16.7.10

restart iptables



Le 2017-08-23 à 15:44, Akala Kehinde a écrit :
> Hi Fabrice,
>
> See below:
>
> [root@pfence sysctl.d]# ip netns exec MYDOMAIN ping 172.16.7.10
> PING 172.16.7.10 (172.16.7.10) 56(84) bytes of data.
>
> --- 172.16.7.10 ping statistics ---
> 22 packets transmitted, 0 received, 100% packet loss, time 21107ms
>
> [root@pfence sysctl.d]# ip netns exec MYDOMAIN nslookup www.google.de
> 
> ;; connection timed out; trying next origin
> ;; connection timed out; no servers could be reached
>
> [root@pfence sysctl.d]#
>
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 6:45 PM, Fabrice Durand via PacketFence-users
>  > wrote:
>
>
> Let's try that:
>
> ip netns exec MYDOMAIN ping 172.16.7.10
>
> ip netns exec MYDOMAIN nslookup www.google.de 
>
> What is the result ?
>
>
> Le 2017-08-23 à 10:55, Akala Kehinde a écrit :
>> Hello Fabrice,
>>
>> Was thinkig, could it be a problem with the winbindd itself.
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 3:02 PM, Akala Kehinde
>> > wrote:
>>
>> Hallo Fabrice,
>>
>> [root@pfence sysctl.d]# cat 99-ip_forward.conf
>> # ip forwarding enabled by packetfence
>> net.ipv4.ip_forward = 1
>>
>> Checked timing already on both servers, it"s d same.
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via
>> PacketFence-users > > wrote:
>>
>> Hello Akala,
>>
>> does ip_forward is enable ?
>>
>> does the time of the packetfence server is the same as
>> the AD server ?
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2017-08-23 à 02:38, Akala Kehinde a écrit :
>>> Hello Fabrice,
>>>
>>> Kindly see below:
>>>
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
>>> could not obtain winbind interface details:
>>> WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> Error looking up domain users
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
>>> could not obtain winbind interface details:
>>> WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> Error looking up domain groups
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
>>> could not obtain winbind interface details:
>>> WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> checking the trust secret for domain (null) via RPC
>>> calls failed
>>> failed to call wbcCheckTrustCredentials:
>>> WBC_ERR_WINBIND_NOT_AVAILABLE
>>> Could not check secret
>>> [root@pfence pf]#
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
>>> could not obtain winbind interface details:
>>> WBC_ERR_WINBIND_NOT_AVAILABLE
>>> could not obtain winbind domain name!
>>> checking the NETLOGON for domain[] dc connection to ""
>>> failed
>>> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
>>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
>>> Ping to winbindd failed
>>> could not ping winbindd!
>>> [root@pfence pf]#
>>>
>>>
>>> Tested with TESTMAWOH.DE  but still
>>> cannot join.. 
>>> It's driving me nuts:)
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via
>>> PacketFence-users
>>> >> > wrote:
>>>
>>> Hello Akala,
>>>
>>> what happen if you do that:
>>>
>>> chroot /chroots/MYDOMAIN
>>>
>>> wbinfo -u
>>>
>>> wbinfo -g
>>>
>>> if there is no usernames or groups displayed then try :
>>>
>>> dns_name=TESTMAWOH.DE 
>>>
>>> and rejoin
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le 2017-08-22 à 22:21, Akala Kehinde via
>>> PacketFence-users a écrit :

 Hello guys,

 I

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-23 Thread Fabrice Durand via PacketFence-users


Let's try that:

ip netns exec MYDOMAIN ping 172.16.7.10

ip netns exec MYDOMAIN nslookup www.google.de

What is the result ?


Le 2017-08-23 à 10:55, Akala Kehinde a écrit :
> Hello Fabrice,
>
> Was thinkig, could it be a problem with the winbindd itself.
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 3:02 PM, Akala Kehinde  > wrote:
>
> Hallo Fabrice,
>
> [root@pfence sysctl.d]# cat 99-ip_forward.conf
> # ip forwarding enabled by packetfence
> net.ipv4.ip_forward = 1
>
> Checked timing already on both servers, it"s d same.
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via
> PacketFence-users  > wrote:
>
> Hello Akala,
>
> does ip_forward is enable ?
>
> does the time of the packetfence server is the same as the AD
> server ?
>
> Regards
>
> Fabrice
>
>
>
> Le 2017-08-23 à 02:38, Akala Kehinde a écrit :
>> Hello Fabrice,
>>
>> Kindly see below:
>>
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
>> could not obtain winbind interface details:
>> WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> Error looking up domain users
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
>> could not obtain winbind interface details:
>> WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
>> Error looking up domain groups
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
>> could not obtain winbind interface details:
>> WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> checking the trust secret for domain (null) via RPC calls failed
>> failed to call wbcCheckTrustCredentials:
>> WBC_ERR_WINBIND_NOT_AVAILABLE
>> Could not check secret
>> [root@pfence pf]#
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
>> could not obtain winbind interface details:
>> WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> checking the NETLOGON for domain[] dc connection to "" failed
>> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
>> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
>> Ping to winbindd failed
>> could not ping winbindd!
>> [root@pfence pf]#
>>
>>
>> Tested with TESTMAWOH.DE  but still
>> cannot join.. 
>> It's driving me nuts:)
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via
>> PacketFence-users > > wrote:
>>
>> Hello Akala,
>>
>> what happen if you do that:
>>
>> chroot /chroots/MYDOMAIN
>>
>> wbinfo -u
>>
>> wbinfo -g
>>
>> if there is no usernames or groups displayed then try :
>>
>> dns_name=TESTMAWOH.DE 
>>
>> and rejoin
>>
>> Regards
>> Fabrice
>>
>>
>> Le 2017-08-22 à 22:21, Akala Kehinde via
>> PacketFence-users a écrit :
>>>
>>> Hello guys,
>>>
>>> I get this error when trying to join PF to an Active
>>> Directory Server:
>>>
>>> [root@pfence pf]# tail -f
>>> /chroots/MYDOMAIN/var/log/sambaMYDOMAIN/log.winbindd
>>> [2017/08/23 02:20:34.196193,  0]
>>> ../source3/winbindd/winbindd_util.c:869(init_domain_list)
>>>   Could not fetch our SID - did we join?
>>> [2017/08/23 02:20:34.196275,  0]
>>> ../source3/winbindd/winbindd.c:1408(winbindd_register_handlers)
>>>   unable to initialize domain list
>>> [2017/08/23 02:20:34.324267,  0]
>>> 
>>> ../source3/winbindd/winbindd_cache.c:3245(initialize_winbindd_cache)
>>>   initialize_winbindd_cache: clearing cache and
>>> re-creating with version number 2
>>> [2017/08/23 02:20:34.333731,  0]
>>> ../source3/winbindd/winbindd_util.c:869(init_domain_list)
>>>   Could not fetch our SID - did we join?
>>>
>>> [root@pfence pf]#
>>>
>>> Below is my domain.conf file:
>>>
>>> [MYDOMAIN]
>>> 
>>> ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
>>> ntlm_cache=disabled
>>> registration=0
>>> ntlm_cache_expiry=3600
>>>

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-23 Thread Akala Kehinde via PacketFence-users

Hallo Fabrice,

[root@pfence sysctl.d]# cat 99-ip_forward.conf
# ip forwarding enabled by packetfence
net.ipv4.ip_forward = 1

Checked timing already on both servers, it"s d same.

Regards,
Kehinde

On Wed, Aug 23, 2017 at 2:32 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Akala,
>
> does ip_forward is enable ?
>
> does the time of the packetfence server is the same as the AD server ?
>
> Regards
>
> Fabrice
>
>
>
> Le 2017-08-23 à 02:38, Akala Kehinde a écrit :
>
> Hello Fabrice,
>
> Kindly see below:
>
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> Error looking up domain users
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
> Error looking up domain groups
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the trust secret for domain (null) via RPC calls failed
> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
> Could not check secret
> [root@pfence pf]#
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the NETLOGON for domain[] dc connection to "" failed
> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
> Ping to winbindd failed
> could not ping winbindd!
> [root@pfence pf]#
>
>
> Tested with TESTMAWOH.DE but still cannot join..
> It's driving me nuts:)
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Akala,
>>
>> what happen if you do that:
>>
>> chroot /chroots/MYDOMAIN
>>
>> wbinfo -u
>>
>> wbinfo -g
>>
>> if there is no usernames or groups displayed then try :
>>
>> dns_name=TESTMAWOH.DE
>> and rejoin
>>
>> Regards
>> Fabrice
>>
>>
>> Le 2017-08-22 à 22:21, Akala Kehinde via PacketFence-users a écrit :
>>
>>
>> Hello guys,
>>
>> I get this error when trying to join PF to an Active Directory Server:
>>
>> [root@pfence pf]# tail -f /chroots/MYDOMAIN/var/log/samb
>> aMYDOMAIN/log.winbindd
>> [2017/08/23 02:20:34.196193,  0] ../source3/winbindd/winbindd_u
>> til.c:869(init_domain_list)
>>   Could not fetch our SID - did we join?
>> [2017/08/23 02:20:34.196275,  0] ../source3/winbindd/winbindd.c
>> :1408(winbindd_register_handlers)
>>   unable to initialize domain list
>> [2017/08/23 02:20:34.324267,  0] ../source3/winbindd/winbindd_c
>> ache.c:3245(initialize_winbindd_cache)
>>   initialize_winbindd_cache: clearing cache and re-creating with version
>> number 2
>> [2017/08/23 02:20:34.333731,  0] ../source3/winbindd/winbindd_u
>> til.c:869(init_domain_list)
>>   Could not fetch our SID - did we join?
>>
>> [root@pfence pf]#
>>
>> Below is my domain.conf file:
>>
>> [MYDOMAIN]
>> ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(u
>> serAccountControl:1.2.840.113556.1.4.803:=2
>> ntlm_cache=disabled
>> registration=0
>> ntlm_cache_expiry=3600
>> dns_name=egelsbach.testmawoh.de
>> dns_servers=172.16.7.10
>> ou=Computers
>> ntlm_cache_on_connection=disabled
>> workgroup=TESTMAWOH
>> ntlm_cache_batch_one_at_a_time=disabled
>> sticky_dc=*
>> ad_server=winserver.egelsbach.testmawoh.de
>> ntlm_cache_batch=disabled
>> server_name=pfence
>> bind_pass=
>> bind_dn=
>>
>> [root@pfence pf]# ps -efd | grep winbindd
>> root 20052 1  7 04:15 ?00:00:14 winbindd-wrapper
>> root 21912 20052  1 04:18 ?00:00:00 sudo chroot
>> /chroots/MYDOMAIN /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf -l
>> /var/log/sambaMYDOMAIN --foreground
>> root 21913 21912  0 04:18 ?00:00:00 /usr/sbin/winbindd -s
>> /etc/samba/MYDOMAIN.conf -l /var/log/sambaMYDOMAIN --foreground
>> root 21915  4173  0 04:18 ttyS000:00:00 grep --color=auto winbindd
>>
>> [root@pfence pf]# /usr/local/pf/bin/pfcmd service winbindd status
>> service|shouldBeStarted|pid
>> winbindd|1|20052
>> [root@pfence pf]#
>>
>> There is reachability between PF, the AD and DNS servers and all can
>> resolve DNS queries.
>>
>> I have tried everything but just refuses to bind..Whatelse could be wrong
>> pls?
>>
>>
>> Regards,
>> Kehinde
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> ___
>> PacketFence-users mailing 
>>

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-23 Thread Fabrice Durand via PacketFence-users

Hello Akala,

does ip_forward is enable ?

does the time of the packetfence server is the same as the AD server ?

Regards

Fabrice



Le 2017-08-23 à 02:38, Akala Kehinde a écrit :
> Hello Fabrice,
>
> Kindly see below:
>
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> Error looking up domain users
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
> Error looking up domain groups
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the trust secret for domain (null) via RPC calls failed
> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
> Could not check secret
> [root@pfence pf]#
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the NETLOGON for domain[] dc connection to "" failed
> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
> Ping to winbindd failed
> could not ping winbindd!
> [root@pfence pf]#
>
>
> Tested with TESTMAWOH.DE  but still cannot join.. 
> It's driving me nuts:)
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via PacketFence-users
>  > wrote:
>
> Hello Akala,
>
> what happen if you do that:
>
> chroot /chroots/MYDOMAIN
>
> wbinfo -u
>
> wbinfo -g
>
> if there is no usernames or groups displayed then try :
>
> dns_name=TESTMAWOH.DE 
>
> and rejoin
>
> Regards
> Fabrice
>
>
> Le 2017-08-22 à 22:21, Akala Kehinde via PacketFence-users a écrit :
>>
>> Hello guys,
>>
>> I get this error when trying to join PF to an Active Directory
>> Server:
>>
>> [root@pfence pf]# tail -f
>> /chroots/MYDOMAIN/var/log/sambaMYDOMAIN/log.winbindd
>> [2017/08/23 02:20:34.196193,  0]
>> ../source3/winbindd/winbindd_util.c:869(init_domain_list)
>>   Could not fetch our SID - did we join?
>> [2017/08/23 02:20:34.196275,  0]
>> ../source3/winbindd/winbindd.c:1408(winbindd_register_handlers)
>>   unable to initialize domain list
>> [2017/08/23 02:20:34.324267,  0]
>> ../source3/winbindd/winbindd_cache.c:3245(initialize_winbindd_cache)
>>   initialize_winbindd_cache: clearing cache and re-creating with
>> version number 2
>> [2017/08/23 02:20:34.333731,  0]
>> ../source3/winbindd/winbindd_util.c:869(init_domain_list)
>>   Could not fetch our SID - did we join?
>>
>> [root@pfence pf]#
>>
>> Below is my domain.conf file:
>>
>> [MYDOMAIN]
>> 
>> ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
>> ntlm_cache=disabled
>> registration=0
>> ntlm_cache_expiry=3600
>> dns_name=egelsbach.testmawoh.de 
>> dns_servers=172.16.7.10
>> ou=Computers
>> ntlm_cache_on_connection=disabled
>> workgroup=TESTMAWOH
>> ntlm_cache_batch_one_at_a_time=disabled
>> sticky_dc=*
>> ad_server=winserver.egelsbach.testmawoh.de
>> 
>> ntlm_cache_batch=disabled
>> server_name=pfence
>> bind_pass=
>> bind_dn=
>>
>> [root@pfence pf]# ps -efd | grep winbindd
>> root 20052 1  7 04:15 ?00:00:14 winbindd-wrapper
>> root 21912 20052  1 04:18 ?00:00:00 sudo chroot
>> /chroots/MYDOMAIN /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf
>> -l /var/log/sambaMYDOMAIN --foreground
>> root 21913 21912  0 04:18 ?00:00:00
>> /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf -l
>> /var/log/sambaMYDOMAIN --foreground
>> root 21915  4173  0 04:18 ttyS000:00:00 grep --color=auto
>> winbindd
>>
>> [root@pfence pf]# /usr/local/pf/bin/pfcmd service winbindd status
>> service|shouldBeStarted|pid
>> winbindd|1|20052
>> [root@pfence pf]#
>>
>> There is reachability between PF, the AD and DNS servers and all
>> can resolve DNS queries. 
>>
>> I have tried everything but just refuses to bind..Whatelse could
>> be wrong pls?
>>
>>
>> Regards,
>> Kehinde
>>
>>
>> 
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-23 Thread Akala Kehinde via PacketFence-users

Hello Fabrice,

Kindly see below:

[root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Error looking up domain users
[root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
Error looking up domain groups
[root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret
[root@pfence pf]#
[root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the NETLOGON for domain[] dc connection to "" failed
failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
[root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
Ping to winbindd failed
could not ping winbindd!
[root@pfence pf]#

Tested with TESTMAWOH.DE but still cannot join..
It's driving me nuts:)

Regards,
Kehinde

On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Akala,
>
> what happen if you do that:
>
> chroot /chroots/MYDOMAIN
>
> wbinfo -u
>
> wbinfo -g
>
> if there is no usernames or groups displayed then try :
>
> dns_name=TESTMAWOH.DE
> and rejoin
>
> Regards
> Fabrice
>
>
> Le 2017-08-22 à 22:21, Akala Kehinde via PacketFence-users a écrit :
>
>
> Hello guys,
>
> I get this error when trying to join PF to an Active Directory Server:
>
> [root@pfence pf]# tail -f /chroots/MYDOMAIN/var/log/
> sambaMYDOMAIN/log.winbindd
> [2017/08/23 02:20:34.196193,  0] ../source3/winbindd/winbindd_
> util.c:869(init_domain_list)
>   Could not fetch our SID - did we join?
> [2017/08/23 02:20:34.196275,  0] ../source3/winbindd/winbindd.
> c:1408(winbindd_register_handlers)
>   unable to initialize domain list
> [2017/08/23 02:20:34.324267,  0] ../source3/winbindd/winbindd_
> cache.c:3245(initialize_winbindd_cache)
>   initialize_winbindd_cache: clearing cache and re-creating with version
> number 2
> [2017/08/23 02:20:34.333731,  0] ../source3/winbindd/winbindd_
> util.c:869(init_domain_list)
>   Could not fetch our SID - did we join?
>
> [root@pfence pf]#
>
> Below is my domain.conf file:
>
> [MYDOMAIN]
> ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(
> userAccountControl:1.2.840.113556.1.4.803:=2
> ntlm_cache=disabled
> registration=0
> ntlm_cache_expiry=3600
> dns_name=egelsbach.testmawoh.de
> dns_servers=172.16.7.10
> ou=Computers
> ntlm_cache_on_connection=disabled
> workgroup=TESTMAWOH
> ntlm_cache_batch_one_at_a_time=disabled
> sticky_dc=*
> ad_server=winserver.egelsbach.testmawoh.de
> ntlm_cache_batch=disabled
> server_name=pfence
> bind_pass=
> bind_dn=
>
> [root@pfence pf]# ps -efd | grep winbindd
> root 20052 1  7 04:15 ?00:00:14 winbindd-wrapper
> root 21912 20052  1 04:18 ?00:00:00 sudo chroot
> /chroots/MYDOMAIN /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf -l
> /var/log/sambaMYDOMAIN --foreground
> root 21913 21912  0 04:18 ?00:00:00 /usr/sbin/winbindd -s
> /etc/samba/MYDOMAIN.conf -l /var/log/sambaMYDOMAIN --foreground
> root 21915  4173  0 04:18 ttyS000:00:00 grep --color=auto winbindd
>
> [root@pfence pf]# /usr/local/pf/bin/pfcmd service winbindd status
> service|shouldBeStarted|pid
> winbindd|1|20052
> [root@pfence pf]#
>
> There is reachability between PF, the AD and DNS servers and all can
> resolve DNS queries.
>
> I have tried everything but just refuses to bind..Whatelse could be wrong
> pls?
>
>
> Regards,
> Kehinde
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-23 Thread Akala Kehinde via PacketFence-users

Hell Fabrice,

And actually the FQDN of my domain name is EGELSBACH.TESTMAWOH.DE and not
TESTMAWOH.DE. None works for me.

Regards,
Kehinde

On Wed, Aug 23, 2017 at 8:38 AM, Akala Kehinde 
wrote:

> Hello Fabrice,
>
> Kindly see below:
>
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -u
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> Error looking up domain users
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -g
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
> Error looking up domain groups
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -t
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the trust secret for domain (null) via RPC calls failed
> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
> Could not check secret
> [root@pfence pf]#
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -P
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the NETLOGON for domain[] dc connection to "" failed
> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
> [root@pfence pf]# chroot /chroots/MYDOMAIN wbinfo -p
> Ping to winbindd failed
> could not ping winbindd!
> [root@pfence pf]#
>
>
> Tested with TESTMAWOH.DE but still cannot join..
> It's driving me nuts:)
>
> Regards,
> Kehinde
>
> On Wed, Aug 23, 2017 at 4:44 AM, Durand fabrice via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Akala,
>>
>> what happen if you do that:
>>
>> chroot /chroots/MYDOMAIN
>>
>> wbinfo -u
>>
>> wbinfo -g
>>
>> if there is no usernames or groups displayed then try :
>>
>> dns_name=TESTMAWOH.DE
>> and rejoin
>>
>> Regards
>> Fabrice
>>
>>
>> Le 2017-08-22 à 22:21, Akala Kehinde via PacketFence-users a écrit :
>>
>>
>> Hello guys,
>>
>> I get this error when trying to join PF to an Active Directory Server:
>>
>> [root@pfence pf]# tail -f /chroots/MYDOMAIN/var/log/samb
>> aMYDOMAIN/log.winbindd
>> [2017/08/23 02:20:34.196193,  0] ../source3/winbindd/winbindd_u
>> til.c:869(init_domain_list)
>>   Could not fetch our SID - did we join?
>> [2017/08/23 02:20:34.196275,  0] ../source3/winbindd/winbindd.c
>> :1408(winbindd_register_handlers)
>>   unable to initialize domain list
>> [2017/08/23 02:20:34.324267,  0] ../source3/winbindd/winbindd_c
>> ache.c:3245(initialize_winbindd_cache)
>>   initialize_winbindd_cache: clearing cache and re-creating with version
>> number 2
>> [2017/08/23 02:20:34.333731,  0] ../source3/winbindd/winbindd_u
>> til.c:869(init_domain_list)
>>   Could not fetch our SID - did we join?
>>
>> [root@pfence pf]#
>>
>> Below is my domain.conf file:
>>
>> [MYDOMAIN]
>> ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(u
>> serAccountControl:1.2.840.113556.1.4.803:=2
>> ntlm_cache=disabled
>> registration=0
>> ntlm_cache_expiry=3600
>> dns_name=egelsbach.testmawoh.de
>> dns_servers=172.16.7.10
>> ou=Computers
>> ntlm_cache_on_connection=disabled
>> workgroup=TESTMAWOH
>> ntlm_cache_batch_one_at_a_time=disabled
>> sticky_dc=*
>> ad_server=winserver.egelsbach.testmawoh.de
>> ntlm_cache_batch=disabled
>> server_name=pfence
>> bind_pass=
>> bind_dn=
>>
>> [root@pfence pf]# ps -efd | grep winbindd
>> root 20052 1  7 04:15 ?00:00:14 winbindd-wrapper
>> root 21912 20052  1 04:18 ?00:00:00 sudo chroot
>> /chroots/MYDOMAIN /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf -l
>> /var/log/sambaMYDOMAIN --foreground
>> root 21913 21912  0 04:18 ?00:00:00 /usr/sbin/winbindd -s
>> /etc/samba/MYDOMAIN.conf -l /var/log/sambaMYDOMAIN --foreground
>> root 21915  4173  0 04:18 ttyS000:00:00 grep --color=auto winbindd
>>
>> [root@pfence pf]# /usr/local/pf/bin/pfcmd service winbindd status
>> service|shouldBeStarted|pid
>> winbindd|1|20052
>> [root@pfence pf]#
>>
>> There is reachability between PF, the AD and DNS servers and all can
>> resolve DNS queries.
>>
>> I have tried everything but just refuses to bind..Whatelse could be wrong
>> pls?
>>
>>
>> Regards,
>> Kehinde
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> ___
>> PacketFence-users mailing 
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> 
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>

Re: [PacketFence-users] PF just refuses to join AD domain??

2017-08-22 Thread Durand fabrice via PacketFence-users


Hello Akala,

what happen if you do that:

chroot /chroots/MYDOMAIN

wbinfo -u

wbinfo -g

if there is no usernames or groups displayed then try :

dns_name=TESTMAWOH.DE

and rejoin

Regards
Fabrice

Le 2017-08-22 à 22:21, Akala Kehinde via PacketFence-users a écrit :


Hello guys,

I get this error when trying to join PF to an Active Directory Server:

[root@pfence pf]# tail -f 
/chroots/MYDOMAIN/var/log/sambaMYDOMAIN/log.winbindd
[2017/08/23 02:20:34.196193,  0] 
../source3/winbindd/winbindd_util.c:869(init_domain_list)

  Could not fetch our SID - did we join?
[2017/08/23 02:20:34.196275,  0] 
../source3/winbindd/winbindd.c:1408(winbindd_register_handlers)

  unable to initialize domain list
[2017/08/23 02:20:34.324267,  0] 
../source3/winbindd/winbindd_cache.c:3245(initialize_winbindd_cache)
  initialize_winbindd_cache: clearing cache and re-creating with 
version number 2
[2017/08/23 02:20:34.333731,  0] 
../source3/winbindd/winbindd_util.c:869(init_domain_list)

  Could not fetch our SID - did we join?

[root@pfence pf]#

Below is my domain.conf file:

[MYDOMAIN]
ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
ntlm_cache=disabled
registration=0
ntlm_cache_expiry=3600
dns_name=egelsbach.testmawoh.de 
dns_servers=172.16.7.10
ou=Computers
ntlm_cache_on_connection=disabled
workgroup=TESTMAWOH
ntlm_cache_batch_one_at_a_time=disabled
sticky_dc=*
ad_server=winserver.egelsbach.testmawoh.de 


ntlm_cache_batch=disabled
server_name=pfence
bind_pass=
bind_dn=

[root@pfence pf]# ps -efd | grep winbindd
root 20052 1  7 04:15 ?00:00:14 winbindd-wrapper
root 21912 20052  1 04:18 ?00:00:00 sudo chroot 
/chroots/MYDOMAIN /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf -l 
/var/log/sambaMYDOMAIN --foreground
root 21913 21912  0 04:18 ?00:00:00 /usr/sbin/winbindd -s 
/etc/samba/MYDOMAIN.conf -l /var/log/sambaMYDOMAIN --foreground

root 21915  4173  0 04:18 ttyS000:00:00 grep --color=auto winbindd

[root@pfence pf]# /usr/local/pf/bin/pfcmd service winbindd status
service|shouldBeStarted|pid
winbindd|1|20052
[root@pfence pf]#

There is reachability between PF, the AD and DNS servers and all can 
resolve DNS queries.


I have tried everything but just refuses to bind..Whatelse could be 
wrong pls?



Regards,
Kehinde


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] PF just refuses to join AD domain??

2017-08-22 Thread Akala Kehinde via PacketFence-users

Hello guys,

I get this error when trying to join PF to an Active Directory Server:

[root@pfence pf]# tail -f
/chroots/MYDOMAIN/var/log/sambaMYDOMAIN/log.winbindd
[2017/08/23 02:20:34.196193,  0]
../source3/winbindd/winbindd_util.c:869(init_domain_list)
  Could not fetch our SID - did we join?
[2017/08/23 02:20:34.196275,  0]
../source3/winbindd/winbindd.c:1408(winbindd_register_handlers)
  unable to initialize domain list
[2017/08/23 02:20:34.324267,  0]
../source3/winbindd/winbindd_cache.c:3245(initialize_winbindd_cache)
  initialize_winbindd_cache: clearing cache and re-creating with version
number 2
[2017/08/23 02:20:34.333731,  0]
../source3/winbindd/winbindd_util.c:869(init_domain_list)
  Could not fetch our SID - did we join?

[root@pfence pf]#

Below is my domain.conf file:

[MYDOMAIN]
ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
ntlm_cache=disabled
registration=0
ntlm_cache_expiry=3600
dns_name=egelsbach.testmawoh.de
dns_servers=172.16.7.10
ou=Computers
ntlm_cache_on_connection=disabled
workgroup=TESTMAWOH
ntlm_cache_batch_one_at_a_time=disabled
sticky_dc=*
ad_server=winserver.egelsbach.testmawoh.de
ntlm_cache_batch=disabled
server_name=pfence
bind_pass=
bind_dn=

[root@pfence pf]# ps -efd | grep winbindd
root 20052 1  7 04:15 ?00:00:14 winbindd-wrapper
root 21912 20052  1 04:18 ?00:00:00 sudo chroot
/chroots/MYDOMAIN /usr/sbin/winbindd -s /etc/samba/MYDOMAIN.conf -l
/var/log/sambaMYDOMAIN --foreground
root 21913 21912  0 04:18 ?00:00:00 /usr/sbin/winbindd -s
/etc/samba/MYDOMAIN.conf -l /var/log/sambaMYDOMAIN --foreground
root 21915  4173  0 04:18 ttyS000:00:00 grep --color=auto winbindd

[root@pfence pf]# /usr/local/pf/bin/pfcmd service winbindd status
service|shouldBeStarted|pid
winbindd|1|20052
[root@pfence pf]#

There is reachability between PF, the AD and DNS servers and all can
resolve DNS queries.

I have tried everything but just refuses to bind..Whatelse could be wrong
pls?


Regards,
Kehinde
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

Re: [PacketFence-users] PF just refuses to join AD domain??

[PacketFence-users] PF just refuses to join AD domain??

15 matches

Site Navigation

Mail list logo

Footer information