Hello,
Thank you for your reply !
But now, I have an other problem since this morning... I can't connect on
the management interface (https://192.168.20.200:1443/configurator). I
don't understand why, it was working yesterday..
See below the command's result netstat -anp :
[root@localhost ~]# netstat -anp
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat
PID/Program name
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
1365/redis-server *
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
1/systemd
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
9908/X
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
1747/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
1364/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
1367/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
1609/master
tcp 0 0 192.168.2.200:43278 172.217.19.238:443
TIME_WAIT -
tcp 0 0 192.168.2.200:43282 172.217.19.238:443
TIME_WAIT -
tcp 0 0 192.168.2.200:44144 216.58.206.226:443
ESTABLISHED 21834/firefox
tcp 0 0 192.168.2.200:54210 216.58.212.131:443
ESTABLISHED 21834/firefox
tcp 0 0 192.168.2.200:40774 216.58.213.142:80
ESTABLISHED 21834/firefox
tcp 0 0 192.168.2.200:51166 216.58.208.227:443
TIME_WAIT -
tcp 0 0 192.168.2.200:51156 216.58.208.227:443
ESTABLISHED 21834/firefox
tcp 0 0 127.0.0.1:6379 127.0.0.1:35594
ESTABLISHED 1365/redis-server *
tcp 0 0 192.168.2.200:43276 172.217.19.238:443
TIME_WAIT -
tcp 0 0 192.168.2.200:46144 216.58.208.238:80
ESTABLISHED 21834/firefox
tcp 0 0 192.168.2.200:46194 216.58.212.142:443
ESTABLISHED 21834/firefox
tcp 0 1 192.168.2.200:50796 192.168.20.200:1443
SYN_SENT 21834/firefox
tcp 0 0 127.0.0.1:35594 127.0.0.1:6379
ESTABLISHED 1366/pfconfig
tcp 0 1 192.168.2.200:50794 192.168.20.200:1443
SYN_SENT 21834/firefox
tcp 0 0 192.168.2.200:43280 172.217.19.238:443
TIME_WAIT -
tcp 0 0 192.168.2.200:42510 172.217.19.228:443
ESTABLISHED 21834/firefox
I don't understand what is the problem...
Thank you for your return.
Regards,
Xavier TAURAN
2018-04-18 17:28 GMT+02:00 Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net>:
> Ok so the issue is because your management interface is not the same as
> the routing interface.
>
> You have to enable nat on the interface ens33 too. (conf/iptables.conf)
>
>
>
> Le 2018-04-18 à 09:17, Xav Tauran via PacketFence-users a écrit :
>
> And my interface management is ens33.20. VLAN 20 is the management's VLAN
> PacketFence run on a virtual machine on Centos 7, and I configured on this
> virtual machine, only one interface : ens33.
>
>
> see below :
>
> [root@localhost ~]# sysctl net.ipv4.ip_forward
> net.ipv4.ip_forward = 1
>
> [root@localhost ~]# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.2.200/24 brd 192.168.2.255 scope global ens33
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 3: ens33.20@ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.20.200/24 brd 192.168.20.255 scope global ens33.20
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 4: ens33.30@ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.30.200/24 brd 192.168.30.255 scope global ens33.30
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 5: ens33.40@ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.40.200/24 brd 192.168.40.255 scope global ens33.40
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 6: ens33.50@ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.50.200/24 brd 192.168.50.255 scope global ens33.50
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 7: ens33.60@ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.60.200/24 brd 192.168.60.255 scope global ens33.60
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 8: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
> state DOWN qlen 1000
> link/ether 52:54:00:10:65:62 brd ff:ff:ff:ff:ff:ff
> inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
> valid_lft forever preferred_lft forever
> 9: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master
> virbr0 state DOWN qlen 1000
> link/ether 52:54:00:10:65:62 brd ff:ff:ff:ff:ff:ff
> 22: S2008-b@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 62:66:fe:c4:60:6c brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet 169.254.0.2/30 brd 169.254.0.3 scope global S2008-b
> valid_lft forever preferred_lft forever
> inet6 fe80::6066:feff:fec4:606c/64 scope link
> valid_lft forever preferred_lft forever
>
>
> [root@localhost ~]# ping 192.168.6.200
> PING 192.168.6.200 (192.168.6.200) 56(84) bytes of data.
> 64 bytes from 192.168.6.200: icmp_seq=1 ttl=128 time=1.60 ms
> 64 bytes from 192.168.6.200: icmp_seq=2 ttl=128 time=0.535 ms
> 64 bytes from 192.168.6.200: icmp_seq=3 ttl=128 time=1.17 ms
> 64 bytes from 192.168.6.200: icmp_seq=4 ttl=128 time=0.739 ms
> ^C
> --- 192.168.6.200 ping statistics ---
> 4 packets transmitted, 4 received, 0% packet loss, time 3006ms
> rtt min/avg/max/mdev = 0.535/1.013/1.604/0.412 ms
> [root@localhost ~]#
>
> S2008 is the name of my Active Directory. This Active Directory is on a
> virtual machine (working on Windows Server 2008).
>
> Thank you for your help.
>
> Regards,
>
> Xavier
>
>
> 2018-04-18 14:38 GMT+02:00 Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net>:
>
>> Ok so do you have ipv4_forward enabled (sysctl net.ipv4.ip_forward).
>>
>> Can you paste : ip a
>>
>> Does the dns 192.168.6.200 answer ?
>> What is S2008 ?
>>
>>
>> Le 2018-04-18 à 08:33, Xav Tauran via PacketFence-users a écrit :
>>
>> Hello Fabrice,
>>
>> Thank you for your answer !
>> Yes I mean join PacketFence to my domain.
>>
>> See below the result :
>> [root@localhost ~]# ip route get 192.168.6.200
>> 192.168.6.200 via 192.168.2.254 dev ens33 src 192.168.2.200
>> cache
>> [root@localhost ~]#
>>
>> Regards,
>>
>> Xavier
>>
>>
>> 2018-04-18 14:17 GMT+02:00 Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net>:
>>
>>> Hello Xav,
>>>
>>> When you say bind , you mean join PacketFence to the domain ?
>>>
>>> Also what is your management interface and what is returned by : ip
>>> route get 192.168.6.200
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>> Le 2018-04-18 à 03:39, Xav Tauran via PacketFence-users a écrit :
>>>
>>> Hello,
>>>
>>> I made a mock-up to set up Packet Fence for a company. In attached, you
>>> will find a drawing to my mock-up with the differents subnets, and VLAN
>>> configured on Packet Fence. I use a Stomrshield Firewall, and a Cisco
>>> Switch which run on GNS3.
>>> My Active Directory Server is on the subnet 192.168.6.0/24 and Packet
>>> Fence, installed on a virtual machine's Centos 7 (run under VMWARE), is on
>>> the subnet 192.168.2.0/24.
>>> Every devices may to reach with a ping.
>>> My problem is when I want to bind Packet Fence to my Active Directory
>>> from the graphic interface. I have the same problem that this person, who
>>> has already posted a message on the support. (check on
>>> https://sourceforge.net/p/packetfence/mailman/message/36009451/) But
>>> the solution that the person give her, doesn't work for me... However I
>>> follow
>>> the instructions that this person gave him
>>>
>>> Can you help me please? :) I will give you, all the informations that
>>> you need !
>>>
>>> Ps : Sorry for my english i'm French
>>>
>>> Thank you.
>>>
>>> Kind regards,
>>>
>>> Xavier TAURAN
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing
>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>> --
>>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) ::
>>> www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>> (http://packetfence.org)
>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
