Re: [PacketFence-users] Cant Connect to AD - Failed to join domain: failed to connect to AD: Client not found in Kerberos database

[Matthew Knott via PacketFence-users]

Thanks Fabrice

result of ps -edf|grep winbindd

root 11584 1  0 May31 ?00:00:09 /usr/sbin/winbindd --foreground 
--no-process-group
root 11586 11584  0 May31 ?00:00:12 /usr/sbin/winbindd --foreground 
--no-process-group
root 16389 16369  0 15:32 pts/000:00:00 grep --color=auto winbindd
root 27261 1  0 Jun07 ?00:00:04 winbindd-wrapper
root 27264 27261  0 Jun07 ?00:00:00 sudo chroot /chroots/JBSAD 
/usr/sbin/winbindd -s /etc/samba/JBSAD.conf -l /var/log/sambaJBSAD --foreground
root 27266 27264  0 Jun07 ?00:00:01 /usr/sbin/winbindd -s 
/etc/samba/JBSAD.conf -l /var/log/sambaJBSAD --foreground
root 27269 27266  0 Jun07 ?00:00:02 /usr/sbin/winbindd -s 
/etc/samba/JBSAD.conf -l /var/log/sambaJBSAD –foreground



[root@auqldrv00nac1ai ~]#
[root@auqldrv00nac1ai ~]# cd /usr/local/pf
[root@auqldrv00nac1ai pf]# chroot /chroots/JBSAD
bash-4.2# wbinfo -u
bash-4.2#


Yep,  the second one works.

I shall remove the Computer from the Domain in and try again.


Thanks for your Help!!


Matthew





From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Thursday, 7 June 2018 11:42 AM
To: Matthew Knott; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Cant Connect to AD - Failed to join domain: 
failed to connect to AD: Client not found in Kerberos database

Hello Matthew,
based on what i can see your server has been joined to the AD from the linux 
system directly and not from the Admin gui.
What is the result of :
ps -edf|grep winbindd
And if you do exactly that:
fabian81:/usr/local/pf$ chroot /chroots/JBSAD
fabian81:/$ wbinfo -u
versus:

[root@auqldrv00nac1ai logs]# wbinfo -u

Which one works ?

If the 2nd one works than you need to remove the computer from the OU computers 
in the AD and try to rejoin the domain from the admin gui.

Regards
Fabrice


Le 2018-06-06 à 20:36, Matthew Knott a écrit :
Hi Fabrice


  Yep,   I’m doing the wbinfo –u  in /chroots/JBSAD/bin  which 
works.

Read through that Forum post (thanks for that) and tried using the FQDN, the 
UPN and just the plain username.

Same result.

The account I’m trying to use to Join the Server to the main is the same one 
that I tried on the Command line of the box, I.E.


[root@auqldrv00nac1ai logs]# ntlm_auth --username=mk.adm
Password:
NT_STATUS_OK: The operation completed successfully. (0x0)

Which, as you can see,  also is successful.  I checked AD Suers and Computers 
and the Machine account Exists aswell ☺
Really Weird ☺

Matthew







Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au



T.
07 3810 2269
M.
0477733185
F.
07 3816 0535





JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au  .  LinkedIn

From: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Thursday, 7 June 2018 12:02 AM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Subject: Re: [PacketFence-users] Cant Connect to AD - Failed to join domain: 
failed to connect to AD: Client not found in Kerberos database

Hello Matthew,
are you doing wbinfo in the chroot ? (chroot /chroots/...)
Also (Error binding '80090308: LdapErr: DSID-0C0903D9, comment: 
AcceptSecurityContext error, data 52e, v2580) looks to be an error related to 
"Invalid credentials". 
https://social.technet.microsoft.com/Forums/ie/en-US/474abb8f-cfc6-4cac-af79-c3e80e80291f/ldap-authentication-error-ldap-error-code-49-80090308-ldaperr-dsid0c090334-comment?forum=winserverDS
Regards
Fabrice


Le 2018-06-05 à 01:50, Matthew Knott via PacketFence-users a écrit :
Hi,

Hoping someone can help be with this Error.

When trying to Connect to a Windows 2008R2 Level Domain, I receive this Error 
in the Web GUI.

Failed to join domain: failed to connect to AD: Client not found in Kerberos 
database

And can see the Following in the Packetfence.log

Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) INFO: 
[mac:00:04:f2:86:1e:a6] Password validation failed for cisco: passwords don't 
match (pf::password::validate_password)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] Error binding '80090308: LdapErr: DSID-0C0903D9, 
comment: AcceptSecurityContext error, data 52e, v2580
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) WARN: 
[mac:00:04:f2:86:1e:a6] [JBSAD] Unable to connect to ldap.jbssa.com.au 
(pf::Authentication::Source::LDAPSource::_connect)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] [JBSAD] Unable to connect to any LDAP server 
(pf::Authentication::Source::LDAPSource::_connect)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] unable to read password file 
'/usr/local/pf/conf/admin.conf' 
(pf::Authentication::Source::HtpasswdSource::authenticate)

Looking in the log.winbind 

Re: [PacketFence-users] Cant Connect to AD - Failed to join domain: failed to connect to AD: Client not found in Kerberos database

[Fabrice Durand via PacketFence-users]

Hello Matthew,

the other option is to use this tool:
https://github.com/inverse-inc/packetfence/blob/devel/addons/AD/migrate.pl

Regards

Fabrice



Le 2018-06-08 à 01:35, Matthew Knott a écrit :

Thanks Fabrice

result of ps -edf|grep winbindd

root 11584 1  0 May31 ?00:00:09 /usr/sbin/winbindd --foreground 
--no-process-group
root 11586 11584  0 May31 ?00:00:12 /usr/sbin/winbindd --foreground 
--no-process-group
root 16389 16369  0 15:32 pts/000:00:00 grep --color=auto winbindd
root 27261 1  0 Jun07 ?00:00:04 winbindd-wrapper
root 27264 27261  0 Jun07 ?00:00:00 sudo chroot /chroots/JBSAD 
/usr/sbin/winbindd -s /etc/samba/JBSAD.conf -l /var/log/sambaJBSAD --foreground
root 27266 27264  0 Jun07 ?00:00:01 /usr/sbin/winbindd -s 
/etc/samba/JBSAD.conf -l /var/log/sambaJBSAD --foreground
root 27269 27266  0 Jun07 ?00:00:02 /usr/sbin/winbindd -s 
/etc/samba/JBSAD.conf -l /var/log/sambaJBSAD –foreground



[root@auqldrv00nac1ai ~]#
[root@auqldrv00nac1ai ~]# cd /usr/local/pf
[root@auqldrv00nac1ai pf]# chroot /chroots/JBSAD
bash-4.2# wbinfo -u
bash-4.2#


Yep,  the second one works.

I shall remove the Computer from the Domain in and try again.


Thanks for your Help!!


Matthew





From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Thursday, 7 June 2018 11:42 AM
To: Matthew Knott; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Cant Connect to AD - Failed to join domain: 
failed to connect to AD: Client not found in Kerberos database

Hello Matthew,
based on what i can see your server has been joined to the AD from the linux 
system directly and not from the Admin gui.
What is the result of :
ps -edf|grep winbindd
And if you do exactly that:
fabian81:/usr/local/pf$ chroot /chroots/JBSAD
fabian81:/$ wbinfo -u
versus:

[root@auqldrv00nac1ai logs]# wbinfo -u

Which one works ?

If the 2nd one works than you need to remove the computer from the OU computers 
in the AD and try to rejoin the domain from the admin gui.

Regards
Fabrice


Le 2018-06-06 à 20:36, Matthew Knott a écrit :
Hi Fabrice


   Yep,   I’m doing the wbinfo –u  in /chroots/JBSAD/bin  which 
works.

Read through that Forum post (thanks for that) and tried using the FQDN, the 
UPN and just the plain username.

Same result.

The account I’m trying to use to Join the Server to the main is the same one 
that I tried on the Command line of the box, I.E.


[root@auqldrv00nac1ai logs]# ntlm_auth --username=mk.adm
Password:
NT_STATUS_OK: The operation completed successfully. (0x0)

Which, as you can see,  also is successful.  I checked AD Suers and Computers 
and the Machine account Exists aswell ☺
Really Weird ☺

Matthew







Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au



T.
07 3810 2269
M.
0477733185
F.
07 3816 0535





JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au  .  LinkedIn

From: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Thursday, 7 June 2018 12:02 AM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Subject: Re: [PacketFence-users] Cant Connect to AD - Failed to join domain: 
failed to connect to AD: Client not found in Kerberos database

Hello Matthew,
are you doing wbinfo in the chroot ? (chroot /chroots/...)
Also (Error binding '80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext 
error, data 52e, v2580) looks to be an error related to "Invalid credentials". 
https://social.technet.microsoft.com/Forums/ie/en-US/474abb8f-cfc6-4cac-af79-c3e80e80291f/ldap-authentication-error-ldap-error-code-49-80090308-ldaperr-dsid0c090334-comment?forum=winserverDS
Regards
Fabrice


Le 2018-06-05 à 01:50, Matthew Knott via PacketFence-users a écrit :
Hi,

Hoping someone can help be with this Error.

When trying to Connect to a Windows 2008R2 Level Domain, I receive this Error 
in the Web GUI.

Failed to join domain: failed to connect to AD: Client not found in Kerberos 
database

And can see the Following in the Packetfence.log

Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) INFO: 
[mac:00:04:f2:86:1e:a6] Password validation failed for cisco: passwords don't 
match (pf::password::validate_password)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] Error binding '80090308: LdapErr: DSID-0C0903D9, 
comment: AcceptSecurityContext error, data 52e, v2580
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) WARN: 
[mac:00:04:f2:86:1e:a6] [JBSAD] Unable to connect to ldap.jbssa.com.au 
(pf::Authentication::Source::LDAPSource::_connect)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] [JBSAD] Unable to connect to any LDAP server 
(pf::Authentication::Source::LDAPSource::_connect)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: 

Re: [PacketFence-users] Cant Connect to AD - Failed to join domain: failed to connect to AD: Client not found in Kerberos database

[Durand fabrice via PacketFence-users]

Hello Matthew,

based on what i can see your server has been joined to the AD from the 
linux system directly and not from the Admin gui.


What is the result of :

ps -edf|grep winbindd

And if you do exactly that:

fabian81:/usr/local/pf$ chroot /chroots/JBSAD
fabian81:/$ wbinfo -u

versus:

[root@auqldrv00nac1ai logs]# wbinfo -u

Which one works ?

If the 2nd one works than you need to remove the computer from the OU 
computers in the AD and try to rejoin the domain from the admin gui.


Regards
Fabrice


Le 2018-06-06 à 20:36, Matthew Knott a écrit :


Hi Fabrice

Yep,   I’m doing the wbinfo –u  in /chroots/JBSAD/bin  which works.

Read through that Forum post (thanks for that) and tried using the 
FQDN, the UPN and just the plain username.


Same result.

The account I’m trying to use to Join the Server to the main is the 
same one that I tried on the Command line of the box, I.E.


[root@auqldrv00nac1ai logs]# ntlm_auth --username=mk.adm

Password:

NT_STATUS_OK: The operation completed successfully. (0x0)

Which, as you can see,  also is successful.  I checked AD Suers and 
Computers and the Machine account Exists aswell J


Really Weird J

Matthew

Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au 
JBS Australia   
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535

JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304
jbssa.com.au  . LinkedIn 



*From:*Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]

*Sent:* Thursday, 7 June 2018 12:02 AM
*To:* packetfence-users@lists.sourceforge.net
*Cc:* Fabrice Durand
*Subject:* Re: [PacketFence-users] Cant Connect to AD - Failed to join 
domain: failed to connect to AD: Client not found in Kerberos database


Hello Matthew,

are you doing wbinfo in the chroot ? (chroot /chroots/...)

Also (Error binding '80090308: LdapErr: DSID-0C0903D9, comment: 
AcceptSecurityContext error, data 52e, v2580) looks to be an error 
related to "Invalid credentials". 
https://social.technet.microsoft.com/Forums/ie/en-US/474abb8f-cfc6-4cac-af79-c3e80e80291f/ldap-authentication-error-ldap-error-code-49-80090308-ldaperr-dsid0c090334-comment?forum=winserverDS 



Regards

Fabrice

Le 2018-06-05 à 01:50, Matthew Knott via PacketFence-users a écrit :

Hi,

Hoping someone can help be with this Error.

When trying to Connect to a Windows 2008R2 Level Domain, I receive
this Error in the Web GUI.

/Failed to join domain: failed to connect to AD: Client not found
in Kerberos database/

And can see the Following in the Packetfence.log

Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa:
httpd.aaa(13719) INFO: [mac:00:04:f2:86:1e:a6] Password validation
failed for cisco: passwords don't match
(pf::password::validate_password)

*Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa:
httpd.aaa(13719) ERROR: [mac:00:04:f2:86:1e:a6] Error binding
'80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext
error, data 52e, v2580*

Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa:
httpd.aaa(13719) WARN: [mac:00:04:f2:86:1e:a6] [JBSAD] Unable to
connect to ldap.jbssa.com.au
(pf::Authentication::Source::LDAPSource::_connect)

Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa:
httpd.aaa(13719) ERROR: [mac:00:04:f2:86:1e:a6] [JBSAD] Unable to
connect to any LDAP server
(pf::Authentication::Source::LDAPSource::_connect)

Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa:
httpd.aaa(13719) ERROR: [mac:00:04:f2:86:1e:a6] unable to read
password file '/usr/local/pf/conf/admin.conf'
(pf::Authentication::Source::HtpasswdSource::authenticate)

Looking in the log.winbind file in
/chroots/JBXAD/var/log/sambaJBXAD I can see the Following

[2018/05/31 06:22:43.266435,  0]
../lib/util/become_daemon.c:124(daemon_ready)

  STATUS=daemon 'winbindd' finished starting up and ready to serve
connections

*[2018/05/31 06:22:43.409235,  0]
../source3/librpc/crypto/gse.c:214(gse_context_init)*

*  Failed to initialize kerberos context! (Included profile
directory could not be read)*

[2018/05/31 22:23:12.606100,  0]
../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)

  Got sig[15] terminate (is_parent=0)

[2018/05/31 22:23:12.607356,  0]

Re: [PacketFence-users] Cant Connect to AD - Failed to join domain: failed to connect to AD: Client not found in Kerberos database

[Matthew Knott via PacketFence-users]

Hi Fabrice


  Yep,   I'm doing the wbinfo -u  in /chroots/JBSAD/bin  which 
works.

Read through that Forum post (thanks for that) and tried using the FQDN, the 
UPN and just the plain username.

Same result.

The account I'm trying to use to Join the Server to the main is the same one 
that I tried on the Command line of the box, I.E.


[root@auqldrv00nac1ai logs]# ntlm_auth --username=mk.adm
Password:
NT_STATUS_OK: The operation completed successfully. (0x0)

Which, as you can see,  also is successful.  I checked AD Suers and Computers 
and the Machine account Exists aswell :)
Really Weird :)

Matthew







Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au

[JBS Australia]
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535




JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au  .  
LinkedIn

From: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Thursday, 7 June 2018 12:02 AM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand
Subject: Re: [PacketFence-users] Cant Connect to AD - Failed to join domain: 
failed to connect to AD: Client not found in Kerberos database


Hello Matthew,

are you doing wbinfo in the chroot ? (chroot /chroots/...)

Also (Error binding '80090308: LdapErr: DSID-0C0903D9, comment: 
AcceptSecurityContext error, data 52e, v2580) looks to be an error related to 
"Invalid credentials". 
https://social.technet.microsoft.com/Forums/ie/en-US/474abb8f-cfc6-4cac-af79-c3e80e80291f/ldap-authentication-error-ldap-error-code-49-80090308-ldaperr-dsid0c090334-comment?forum=winserverDS

Regards

Fabrice



Le 2018-06-05 à 01:50, Matthew Knott via PacketFence-users a écrit :
Hi,

Hoping someone can help be with this Error.

When trying to Connect to a Windows 2008R2 Level Domain, I receive this Error 
in the Web GUI.

Failed to join domain: failed to connect to AD: Client not found in Kerberos 
database

And can see the Following in the Packetfence.log

Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) INFO: 
[mac:00:04:f2:86:1e:a6] Password validation failed for cisco: passwords don't 
match (pf::password::validate_password)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] Error binding '80090308: LdapErr: DSID-0C0903D9, 
comment: AcceptSecurityContext error, data 52e, v2580
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) WARN: 
[mac:00:04:f2:86:1e:a6] [JBSAD] Unable to connect to ldap.jbssa.com.au 
(pf::Authentication::Source::LDAPSource::_connect)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] [JBSAD] Unable to connect to any LDAP server 
(pf::Authentication::Source::LDAPSource::_connect)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] unable to read password file 
'/usr/local/pf/conf/admin.conf' 
(pf::Authentication::Source::HtpasswdSource::authenticate)

Looking in the log.winbind file in /chroots/JBXAD/var/log/sambaJBXAD I can see 
the Following

[2018/05/31 06:22:43.266435,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'winbindd' finished starting up and ready to serve connections
[2018/05/31 06:22:43.409235,  0] 
../source3/librpc/crypto/gse.c:214(gse_context_init)
  Failed to initialize kerberos context! (Included profile directory could not 
be read)
[2018/05/31 22:23:12.606100,  0] 
../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)
  Got sig[15] terminate (is_parent=0)
[2018/05/31 22:23:12.607356,  0] 
../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)
  Got sig[15] terminate (is_parent=1)

Wbinfo -u  returns a list of users

ntlm_auth --username=mk.adm
Password:
NT_STATUS_OK: The operation completed successfully. (0x0)


Also Works.
NTP is in Sync

Yet I still can't perform 802.1x Auth nor can I Use AD as a Authentication 
Source.

Anyone have any Idea's

Thanks
In advance

Matthew




Matthew Knott

IT Network & Security Administrator

E. matthew.kn...@jbssa.com.au



[JBS Australia]



T.

07 3810 2269

M.

0477733185

F.

07 3816 0535








JBS Australia

1 Lock Way, Riverview QLD 4303

P.O. Box 139 Booval Qld 4304

Re: [PacketFence-users] Cant Connect to AD - Failed to join domain: failed to connect to AD: Client not found in Kerberos database

[Fabrice Durand via PacketFence-users]

Hello Matthew,

are you doing wbinfo in the chroot ? (chroot /chroots/...)

Also (Error binding '80090308: LdapErr: DSID-0C0903D9, comment: 
AcceptSecurityContext error, data 52e, v2580) looks to be an error 
related to "Invalid credentials". 
https://social.technet.microsoft.com/Forums/ie/en-US/474abb8f-cfc6-4cac-af79-c3e80e80291f/ldap-authentication-error-ldap-error-code-49-80090308-ldaperr-dsid0c090334-comment?forum=winserverDS


Regards

Fabrice



Le 2018-06-05 à 01:50, Matthew Knott via PacketFence-users a écrit :


Hi,

Hoping someone can help be with this Error.

When trying to Connect to a Windows 2008R2 Level Domain, I receive 
this Error in the Web GUI.


/Failed to join domain: failed to connect to AD: Client not found in 
Kerberos database/


And can see the Following in the Packetfence.log

Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: 
httpd.aaa(13719) INFO: [mac:00:04:f2:86:1e:a6] Password validation 
failed for cisco: passwords don't match (pf::password::validate_password)


*Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: 
httpd.aaa(13719) ERROR: [mac:00:04:f2:86:1e:a6] Error binding 
'80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext 
error, data 52e, v2580*


Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: 
httpd.aaa(13719) WARN: [mac:00:04:f2:86:1e:a6] [JBSAD] Unable to 
connect to ldap.jbssa.com.au 
(pf::Authentication::Source::LDAPSource::_connect)


Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: 
httpd.aaa(13719) ERROR: [mac:00:04:f2:86:1e:a6] [JBSAD] Unable to 
connect to any LDAP server 
(pf::Authentication::Source::LDAPSource::_connect)


Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: 
httpd.aaa(13719) ERROR: [mac:00:04:f2:86:1e:a6] unable to read 
password file '/usr/local/pf/conf/admin.conf' 
(pf::Authentication::Source::HtpasswdSource::authenticate)


Looking in the log.winbind file in /chroots/JBXAD/var/log/sambaJBXAD I 
can see the Following


[2018/05/31 06:22:43.266435,  0] 
../lib/util/become_daemon.c:124(daemon_ready)


  STATUS=daemon 'winbindd' finished starting up and ready to serve 
connections


*[2018/05/31 06:22:43.409235,  0] 
../source3/librpc/crypto/gse.c:214(gse_context_init)*


*  Failed to initialize kerberos context! (Included profile directory 
could not be read)*


[2018/05/31 22:23:12.606100,  0] 
../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)


  Got sig[15] terminate (is_parent=0)

[2018/05/31 22:23:12.607356,  0] 
../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)


  Got sig[15] terminate (is_parent=1)

Wbinfo –u  returns a list of users

ntlm_auth --username=mk.adm

Password:

NT_STATUS_OK: The operation completed successfully. (0x0)

Also Works.

NTP is in Sync

Yet I still can’t perform 802.1x Auth nor can I Use AD as a 
Authentication Source.


Anyone have any Idea’s

Thanks

In advance

Matthew

Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au 
JBS Australia   
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535

JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304
jbssa.com.au  . LinkedIn 






Important Notice:

The contents of this electronic message and any attachments are 
intended only for the addressee and may contain legally privileged or 
confidential information. They may be only used for the purposes for 
which they were supplied. If you are not the addressee, you are 
notified that any transmission, distribution, downloading, printing or 
photocopying of the contents of this message or attachments is 
strictly prohibited. Any privilege and/or confidentiality attached to 
this message and attachments is not waived, lost or destroyed by 
reason of mistaken delivery to you. If you have received this message 
in error you should notify the sender by return e-mail or telephone 
+61 7 3810 2100, and destroy all copies of the message and any 
attachments.




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___

[PacketFence-users] Cant Connect to AD - Failed to join domain: failed to connect to AD: Client not found in Kerberos database

[Matthew Knott via PacketFence-users]

Hi,

Hoping someone can help be with this Error.

When trying to Connect to a Windows 2008R2 Level Domain, I receive this Error 
in the Web GUI.

Failed to join domain: failed to connect to AD: Client not found in Kerberos 
database

And can see the Following in the Packetfence.log

Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) INFO: 
[mac:00:04:f2:86:1e:a6] Password validation failed for cisco: passwords don't 
match (pf::password::validate_password)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] Error binding '80090308: LdapErr: DSID-0C0903D9, 
comment: AcceptSecurityContext error, data 52e, v2580
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) WARN: 
[mac:00:04:f2:86:1e:a6] [JBSAD] Unable to connect to ldap.jbssa.com.au 
(pf::Authentication::Source::LDAPSource::_connect)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] [JBSAD] Unable to connect to any LDAP server 
(pf::Authentication::Source::LDAPSource::_connect)
Jun  5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa: httpd.aaa(13719) ERROR: 
[mac:00:04:f2:86:1e:a6] unable to read password file 
'/usr/local/pf/conf/admin.conf' 
(pf::Authentication::Source::HtpasswdSource::authenticate)

Looking in the log.winbind file in /chroots/JBXAD/var/log/sambaJBXAD I can see 
the Following

[2018/05/31 06:22:43.266435,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'winbindd' finished starting up and ready to serve connections
[2018/05/31 06:22:43.409235,  0] 
../source3/librpc/crypto/gse.c:214(gse_context_init)
  Failed to initialize kerberos context! (Included profile directory could not 
be read)
[2018/05/31 22:23:12.606100,  0] 
../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)
  Got sig[15] terminate (is_parent=0)
[2018/05/31 22:23:12.607356,  0] 
../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)
  Got sig[15] terminate (is_parent=1)

Wbinfo -u  returns a list of users

ntlm_auth --username=mk.adm
Password:
NT_STATUS_OK: The operation completed successfully. (0x0)


Also Works.
NTP is in Sync

Yet I still can't perform 802.1x Auth nor can I Use AD as a Authentication 
Source.

Anyone have any Idea's

Thanks
In advance

Matthew



Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au

[JBS Australia]
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535




JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au  .  
LinkedIn



Important Notice:

The contents of this electronic message and any attachments are intended only 
for the addressee and may contain legally privileged or confidential 
information. They may be only used for the purposes for which they were 
supplied. If you are not the addressee, you are notified that any transmission, 
distribution, downloading, printing or photocopying of the contents of this 
message or attachments is strictly prohibited. Any privilege and/or 
confidentiality attached to this message and attachments is not waived, lost or 
destroyed by reason of mistaken delivery to you. If you have received this 
message in error you should notify the sender by return e-mail or telephone +61 
7 3810 2100, and destroy all copies of the message and any attachments.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users