Menu
▾
▴
Re: [PacketFence-users] Can't link PacketFence with AD Server.
|
From: Christian M. <rcm...@gm...> - 2019-02-01 20:31:22
|
Have you tried the full distinguished name of the bind user? On Fri, Feb 1, 2019 at 2:56 PM Adrian Dessaigne via PacketFence-users < pac...@li...> wrote: > Anyone ? > > I have tryed on many different machine and distribution, with different > windows server version and I still have this probleme. Anyone ? > > ----- Mail original ----- > De: "packetfence-users" <pac...@li...> > À: "packetfence-users" <pac...@li...> > Cc: "ADE" <adr...@no...> > Envoyé: Vendredi 28 Décembre 2018 12:51:08 > Objet: [PacketFence-users] Can't link PacketFence with AD Server. > > Hello everyone, > > I'm a student in IT and I have a study contract. I'm working on a sketch > with PacketFence to set up 802.1X. > > I'm using an ESXi 6.7 with two VM: > -CentOS 7 with the last version of PacketFence. > -Windows Server 2012 with AD. > > I use the network 192.168.1.0/24 > PacketFence IP's: 192.168.1.202 > Windows AD IP's: 192.168.1.203 > Domain: novasyspf.coop > > I have followed all the instruction on the Installation Guide: > -Unique virtual network card > -Disabled Firewall > -Disabled SELinux > > -yum update. > > -Explicitly instruct NetworkManager to never interct with my DNS > configuration: > dns=none in 99-no-dns.conf file > > Then adding PF repository and installing it. > > During the configurator, I've choosed the folling option: > -Step 1 : Radius Only > -Step 2: Network, Interface set as Management with the IP 192.168.1.202 > and Gateway 192.168.1.1 > -Step 4 omain: "novasyspf.coop" | Hostname "radiuspf" |DHCP Server > "192.168.1.203" > -Step 6: No fingerbank > > Launching PF went good. Once on the admin page, I go > Configuration->Policies and Access Control->Domains->Active Directory > Domains. > > Here are the parameters I've choosed for adding new domain: > > ID: DomaineAD > Workgroup: novasyspf > DNS name of the domain: novasyspf.coop > This server name: radiuspf > AD Server: 192.168.1.203 > DNS Server 192.168.1.203 > Username: Adm...@no... (I tried with just "Administrator") > Password: secret > > Then I click on save and join. After a few moment I get this error: > "Error ! An error occurred while connecting with the server. Please try > again later" > > By following the troubleshooting guide, I have this in > /chroots/DomaineAD/var/log/sambaDomaineAD/log.winbindd: > [2018/12/28 11:14: [ 38.799687, 0 | 38.799687, 0 ] ] > ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache) > initialize_winbindd_cache: clearing cache and re-creating with version > number 2 > [2018/12/28 11:14: [ 38.804681, 0 | 38.804681, 0 ] ] > ../source3/winbindd/winbindd_util.c:1264(init_domain_list) > Could not fetch our SID - did we join? > [2018/12/28 11:14: [ 38.804724, 0 | 38.804724, 0 ] ] > ../source3/winbindd/winbindd.c:1360(winbindd_register_handlers) > unable to initialize domain list > > The command "chroot /chroots/DomaineAD/ wbinfo -u" return me this: > could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE > could not obtain winbind domain name! > Error looking up domain users > > The command chroot /chroots/DomaineAD/ ntlm_auth --username=Administrateur > return me this: > could not obtain winbind separator! > Reading winbind reply failed! (0x01) > : (0x0) > > Samba and Winbind services are botch Active and running. > > By doing "net ads lookup -S 192.168.1.203" I get all the AD information: > > > Information for Domain Controller: 192.168.1.203 > > > > > Response Type: LOGON_SAM_LOGON_RESPONSE_EX > > GUID: fc62aa13-7384-4707-99b9-ba7d1008113e > > Flags: > > Is a PDC: yes > > Is a GC of the forest: yes > > Is an LDAP server: yes > > Supports DS: yes > > Is running a KDC: yes > > Is running time services: yes > > Is the closest DC: yes > > Is writable: yes > > Has a hardware clock: yes > > Is a non-domain NC serviced by LDAP server: no > > Is NT6 DC that has some secrets: no > > Is NT6 DC that has all secrets: yes > > Runs Active Directory Web Services: yes > > Runs on Windows 2012 or later: yes > > Forest: novasyspf.coop > > Domain: novasyspf.coop > > Domain Controller: WIN-AD.novasyspf.coop > > Pre-Win2k Domain: NOVASYSPF > > Pre-Win2k Hostname: WIN-AD > > Server Site Name : Default-First-Site-Name > > Client Site Name : Default-First-Site-Name > > NT Version: 5 > > LMNT Token: ffff > > LM20 Token: ffff > > > > > same with "net ads info -s /etc/samba/DomaineAD.conf" > > LDAP server: 192.168.1.203 > > > LDAP server name: WIN-AD.novasyspf.coop > > Realm: NOVASYSPF.COOP > > Bind Path: dc=NOVASYSPF,dc=COOP > > LDAP port: 389 > > Server time: ven ., 28 déc. 2018 11:59:55 CET > > KDC server: 192.168.1.203 > > > Server time offset: -22 > > Last machine account password change: jeu ., 01 janv. 1970 01:00:00 CET > > The /etc/hosts file have this: > 127.0.0.1 localhost localhost.localdomain > 127.0.0.1 radiuspf radiuspf.novasyspf.coop > 192.168.1.203 WIN-AD WIN-AD.novasyspf.coop > 192.168.1.202 radiuspf radiuspf.novasyspf.coop > > The /etc/resolv.conf file have this: > nameserver 192.168.1.203 > nameserver 192.168.1.1 > search radiuspf > > I'm stuck and I don't know how I can resolve this problem. > > Best regards > > Adrian > > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- *R. Christian McDonald * M: (616) 856-9291 E: rcm...@gm... |
