Re: [PacketFence-users] Can't link PacketFence with AD Server.

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello Adrian,

Some troubleshooting steps:
-----
Check log in PacketFence logs:
# grep domain /usr/local/pf/logs/httpd.admin.log

Check DNS configuration (in chroot):
# cat /chroots/<mydomain>/etc/resolv.conf

Check syntax of your current domain config (in chroot):
# testparm /etc/samba/<mydomain>.conf

Check if you can find a DC with your current configuration (in chroot):
# net ads info -s /etc/samba/<mydomain>.conf
## debug
# net ads info -s /etc/samba/<mydomain>.conf -d 10

Run a domain join manually (in chroot):
# net ads join -s /etc/samba/<mydomain>.conf -U user
## debug
# net ads join -s /etc/samba/<mydomain>.conf -U user -d 10

Check secured channel between PacketFence server and DC:
# chroot /chroots/ACME
# wbinfo -P
checking the NETLOGON for domain[mydomain] dc connection to 
"DC.mydomain.lan" succeeded

Check validity of machine account on DC:
# wbinfo -t
checking the trust secret for domain MY_DOMAIN via RPC calls succeeded
Check user list returned from DC:

# wbinfo -u --domain MY_DOMAIN
MY_DOMAIN\testaccount1
MY_DOMAIN\testaccount2

Check NTLM authentication for a user (found in previous list):
# ntlm_auth --request-nt-key --domain=MY_DOMAIN --username=testaccount1
Password:
NT_STATUS_OK: The operation completed successfully. (0x0)
-----
-- 
Nicolas Quiniou-Briand
nq...@in...  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)