Hi Luca,
As you can see the domain join process creates chroot directories.
Those are required to be able to join multiple AD domains separately because
there is no way to configure winbindd to listen to a different (unix) socket.
Be very careful trying to remove those directories.
Their contents are actually just the system directories mounted under a
different name, so if you were to delete them you would destroy your system.
I suggest leaving them alone. They are not using much if any space and they
will only be recreated if you rejoin the domains using the PacketFence GUI.
If you want to troubleshoot the actual join, the logs will be in the chroots,
not in the usual /var/log.
I suggest you take a look at lib/pf/domain.pm.
It will show some of what's going on during the join.
In short, the "net ads join" is done inside the chroot, in a separate network
namespace.
The simplest way to troubleshoot it is to replicate that by running a shell in
the same chroot and namespace:
# /sbin/ip netns exec $domain /usr/sbin/chroot $chroot_path /bin/bash
You will then be able to run the same commands that PF would and see the output
if any.
The logs will also be available.
From there it's just a regular domain join, just like it would if there was no
chroot or namespace involved.
The other thing to be careful about is iptables.
Since the join is running inside a separate network namespace, NAT must be
implemented between the inside of the chroot and the outside.
PacketFence will automatically create the rules for that if you have configured
the domain, so make sure you configure it in the GUI (even if the join fails)
and then check that the packetfence-iptables service has run.
I hope this helps.
Regards,
--
Louis Munro
[email protected] <mailto:[email protected]> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (www.packetfence.org <http://www.packetfence.org/>)
> On Jun 26, 2017, at 02:45, luca comes via PacketFence-users
> <[email protected]> wrote:
>
> Hi all,
> any help on how can I troubleshoot the AD Join problem? Also I need to remove
> all the folders inside /chroot/ created for my numerous tests, is that
> possible?
>
> Luca
>
> Inviato da Outlook <http://aka.ms/weboutlook>
>
>
> Da: luca comes via PacketFence-users <[email protected]
> <mailto:[email protected]>>
> Inviato: giovedì 22 giugno 2017 14:56
> A: [email protected]
> <mailto:[email protected]>
> Cc: luca comes
> Oggetto: Re: [PacketFence-users] Active Directory Domains problem
>
> Hi ABfrice,
> I've partiallys lved the admin problem removing all the configurations from
> domain.conf file. After that the admin portal is reachable again, the big
> problem is that I cannot join the server to my domain. I tried many times and
> I can't see useful logs in log.winbindd. Also I've noticed that all my test
> with different names remin inside /chroot/ directory how can I remove those
> folders without disrupting my machine?
>
> Luca
>
> Inviato da Outlook <http://aka.ms/weboutlook>
>
>
> Da: Durand fabrice via PacketFence-users
> <[email protected]
> <mailto:[email protected]>>
> Inviato: mercoledì 21 giugno 2017 01:17
> A: [email protected]
> <mailto:[email protected]>
> Cc: Durand fabrice
> Oggetto: Re: [PacketFence-users] Active Directory Domains problem
>
> Hello Luca,
> check for the httpd.admin.* logs files , there is probably something that
> explain the error.
> Regards
> Fabrice
>
>
> Le 2017-06-19 à 11:11, luca comes via PacketFence-users a écrit :
>> Hi all,
>> I'm going crazy to configure active directory domain as part of freeradius
>> configuration. I'm running PF 7.1.0 on a CentOS 7 fresh minimal install.
>> When I try to add the domain I've got error from the gui no useful log in
>> log.winbindd. After that is impossible to access the again the active
>> directory domains configuratio it display Error!An error occured while
>> contacting the server. Please try again later.
>> How can I solve the problem?
>>
>> Thank you in advance
>>
>> Luca
>>
>>
>> Inviato da Outlook <http://aka.ms/weboutlook>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org <http://slashdot.org/>!
>> http://sdm.link/slashdot <http://sdm.link/slashdot>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> <mailto:[email protected]>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org <http://slashdot.org/>!
> http://sdm.link/slashdot_______________________________________________
> <http://sdm.link/slashdot_______________________________________________>
> PacketFence-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
