Hello Matthew,
based on what i can see your server has been joined to the AD from the
linux system directly and not from the Admin gui.
What is the result of :
ps -edf|grep winbindd
And if you do exactly that:
fabian81:/usr/local/pf$ chroot /chroots/JBSAD
fabian81:/$ wbinfo -u
versus:
[root@auqldrv00nac1ai logs]# wbinfo -u
Which one works ?
If the 2nd one works than you need to remove the computer from the OU
computers in the AD and try to rejoin the domain from the admin gui.
Regards
Fabrice
Le 2018-06-06 à 20:36, Matthew Knott a écrit :
Hi Fabrice
Yep, I’m doing the wbinfo –u in /chroots/JBSAD/bin which works.
Read through that Forum post (thanks for that) and tried using the
FQDN, the UPN and just the plain username.
Same result.
The account I’m trying to use to Join the Server to the main is the
same one that I tried on the Command line of the box, I.E.
[root@auqldrv00nac1ai logs]# ntlm_auth --username=mkxxxx.adm
Password:
NT_STATUS_OK: The operation completed successfully. (0x0)
Which, as you can see, also is successful. I checked AD Suers and
Computers and the Machine account Exists aswell J
Really Weird J
Matthew
Matthew Knott
IT Network & Security Administrator
E. [email protected] <mailto:[email protected]>
JBS Australia <http://www.jbssa.com.au/>
T. 07 3810 2269
M. 0477733185
F. 07 3816 0535
JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304
jbssa.com.au <http://www.jbssa.com.au/> . LinkedIn
<https://www.linkedin.com/company/jbs-australia>
*From:*Fabrice Durand via PacketFence-users
[mailto:[email protected]]
*Sent:* Thursday, 7 June 2018 12:02 AM
*To:* [email protected]
*Cc:* Fabrice Durand
*Subject:* Re: [PacketFence-users] Cant Connect to AD - Failed to join
domain: failed to connect to AD: Client not found in Kerberos database
Hello Matthew,
are you doing wbinfo in the chroot ? (chroot /chroots/...)
Also (Error binding '80090308: LdapErr: DSID-0C0903D9, comment:
AcceptSecurityContext error, data 52e, v2580) looks to be an error
related to "Invalid credentials".
https://social.technet.microsoft.com/Forums/ie/en-US/474abb8f-cfc6-4cac-af79-c3e80e80291f/ldap-authentication-error-ldap-error-code-49-80090308-ldaperr-dsid0c090334-comment?forum=winserverDS
<https://urldefense.proofpoint.com/v2/url?u=https-3A__social.technet.microsoft.com_Forums_ie_en-2DUS_474abb8f-2Dcfc6-2D4cac-2Daf79-2Dc3e80e80291f_ldap-2Dauthentication-2Derror-2Dldap-2Derror-2Dcode-2D49-2D80090308-2Dldaperr-2Ddsid0c090334-2Dcomment-3Fforum-3DwinserverDS&d=DwMD-g&c=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho&r=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY&m=zgo8pwWfpN456rUhXlld0xyyCJWBePm775XbP7kaEKM&s=jND2NwNEticSqRud7id7txJ-UyGwd4sgToCyYqd78CI&e=>
Regards
Fabrice
Le 2018-06-05 à 01:50, Matthew Knott via PacketFence-users a écrit :
Hi,
Hoping someone can help be with this Error.
When trying to Connect to a Windows 2008R2 Level Domain, I receive
this Error in the Web GUI.
/Failed to join domain: failed to connect to AD: Client not found
in Kerberos database/
And can see the Following in the Packetfence.log
Jun 5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa:
httpd.aaa(13719) INFO: [mac:00:04:f2:86:1e:a6] Password validation
failed for cisco: passwords don't match
(pf::password::validate_password)
*Jun 5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa:
httpd.aaa(13719) ERROR: [mac:00:04:f2:86:1e:a6] Error binding
'80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext
error, data 52e, v2580*
Jun 5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa:
httpd.aaa(13719) WARN: [mac:00:04:f2:86:1e:a6] [JBSAD] Unable to
connect to ldap.jbssa.com.au
(pf::Authentication::Source::LDAPSource::_connect)
Jun 5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa:
httpd.aaa(13719) ERROR: [mac:00:04:f2:86:1e:a6] [JBSAD] Unable to
connect to any LDAP server
(pf::Authentication::Source::LDAPSource::_connect)
Jun 5 05:32:48 auqldrv00nac1ai packetfence_httpd.aaa:
httpd.aaa(13719) ERROR: [mac:00:04:f2:86:1e:a6] unable to read
password file '/usr/local/pf/conf/admin.conf'
(pf::Authentication::Source::HtpasswdSource::authenticate)
Looking in the log.winbind file in
/chroots/JBXAD/var/log/sambaJBXAD I can see the Following
[2018/05/31 06:22:43.266435, 0]
../lib/util/become_daemon.c:124(daemon_ready)
STATUS=daemon 'winbindd' finished starting up and ready to serve
connections
*[2018/05/31 06:22:43.409235, 0]
../source3/librpc/crypto/gse.c:214(gse_context_init)*
* Failed to initialize kerberos context! (Included profile
directory could not be read)*
[2018/05/31 22:23:12.606100, 0]
../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2018/05/31 22:23:12.607356, 0]
../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=1)
Wbinfo –u returns a list of users
ntlm_auth --username=mkxxxx.adm
Password:
NT_STATUS_OK: The operation completed successfully. (0x0)
Also Works.
NTP is in Sync
Yet I still can’t perform 802.1x Auth nor can I Use AD as a
Authentication Source.
Anyone have any Idea’s????
Thanks
In advance
Matthew
*Matthew Knott*
/IT Network & Security Administrator/
E. [email protected] <mailto:[email protected]>
JBS Australia <http://www.jbssa.com.au/>
T.
07 3810 2269
M.
0477733185
F.
07 3816 0535
JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304
jbssa.com.au <http://www.jbssa.com.au/> . LinkedIn
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_jbs-2Daustralia&d=DwMD-g&c=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho&r=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY&m=zgo8pwWfpN456rUhXlld0xyyCJWBePm775XbP7kaEKM&s=EojMqsDHQYR6-PMUU4XnpI5DZBhjbyYVMqjiAUMuqs8&e=>
------------------------------------------------------------------------
Important Notice:
The contents of this electronic message and any attachments are
intended only for the addressee and may contain legally privileged
or confidential information. They may be only used for the
purposes for which they were supplied. If you are not the
addressee, you are notified that any transmission, distribution,
downloading, printing or photocopying of the contents of this
message or attachments is strictly prohibited. Any privilege
and/or confidentiality attached to this message and attachments is
not waived, lost or destroyed by reason of mistaken delivery to
you. If you have received this message in error you should notify
the sender by return e-mail or telephone +61 7 3810 2100, and
destroy all copies of the message and any attachments.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
<https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwMD-g&c=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho&r=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY&m=zgo8pwWfpN456rUhXlld0xyyCJWBePm775XbP7kaEKM&s=MjXenTeV3WQuNhhH7tJLD3Jof720mjGKt3xvCyGF_7c&e=>
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers&d=DwMD-g&c=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho&r=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY&m=zgo8pwWfpN456rUhXlld0xyyCJWBePm775XbP7kaEKM&s=IAStPWN4xVKZDm6jAn1Mj_6c192Zg3aP2m5tGM2AE0E&e=>
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135) ::www.inverse.ca
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.inverse.ca&d=DwMD-g&c=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho&r=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY&m=zgo8pwWfpN456rUhXlld0xyyCJWBePm775XbP7kaEKM&s=AHKSIponcTq49NMHj3Jh0wN_BfJHkrWDkoWLnLaY3p8&e=>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.sogo.nu&d=DwMD-g&c=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho&r=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY&m=zgo8pwWfpN456rUhXlld0xyyCJWBePm775XbP7kaEKM&s=p4CKJRlanNMYL3rwhMX6u8uSv7ah3U5YmHd7VbW45CQ&e=>) and PacketFence (http://packetfence.org
<https://urldefense.proofpoint.com/v2/url?u=http-3A__packetfence.org&d=DwMD-g&c=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho&r=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY&m=zgo8pwWfpN456rUhXlld0xyyCJWBePm775XbP7kaEKM&s=lIuMvnGN3bDpzL4APp-4s3Cxa1n5xg2CQqDTDYZVCug&e=>)
------------------------------------------------------------------------
Important Notice:
The contents of this electronic message and any attachments are
intended only for the addressee and may contain legally privileged or
confidential information. They may be only used for the purposes for
which they were supplied. If you are not the addressee, you are
notified that any transmission, distribution, downloading, printing or
photocopying of the contents of this message or attachments is
strictly prohibited. Any privilege and/or confidentiality attached to
this message and attachments is not waived, lost or destroyed by
reason of mistaken delivery to you. If you have received this message
in error you should notify the sender by return e-mail or telephone
+61 7 3810 2100, and destroy all copies of the message and any
attachments.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
