Hello everyone, I'm a student in IT and I have a study contract. I'm working on a sketch with PacketFence to set up 802.1X.
I'm using an ESXi 6.7 with two VM: -CentOS 7 with the last version of PacketFence. -Windows Server 2012 with AD. I use the network 192.168.1.0/24 PacketFence IP's: 192.168.1.202 Windows AD IP's: 192.168.1.203 Domain: novasyspf.coop I have followed all the instruction on the Installation Guide: -Unique virtual network card -Disabled Firewall -Disabled SELinux -yum update. -Explicitly instruct NetworkManager to never interct with my DNS configuration: dns=none in 99-no-dns.conf file Then adding PF repository and installing it. During the configurator, I've choosed the folling option: -Step 1 : Radius Only -Step 2: Network, Interface set as Management with the IP 192.168.1.202 and Gateway 192.168.1.1 -Step 4 omain: "novasyspf.coop" | Hostname "radiuspf" |DHCP Server "192.168.1.203" -Step 6: No fingerbank Launching PF went good. Once on the admin page, I go Configuration->Policies and Access Control->Domains->Active Directory Domains. Here are the parameters I've choosed for adding new domain: ID: DomaineAD Workgroup: novasyspf DNS name of the domain: novasyspf.coop This server name: radiuspf AD Server: 192.168.1.203 DNS Server 192.168.1.203 Username: administra...@novasys.coop (I tried with just "Administrator") Password: secret Then I click on save and join. After a few moment I get this error: "Error ! An error occurred while connecting with the server. Please try again later" By following the troubleshooting guide, I have this in /chroots/DomaineAD/var/log/sambaDomaineAD/log.winbindd: [2018/12/28 11:14: [ 38.799687, 0 | 38.799687, 0 ] ] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache) initialize_winbindd_cache: clearing cache and re-creating with version number 2 [2018/12/28 11:14: [ 38.804681, 0 | 38.804681, 0 ] ] ../source3/winbindd/winbindd_util.c:1264(init_domain_list) Could not fetch our SID - did we join? [2018/12/28 11:14: [ 38.804724, 0 | 38.804724, 0 ] ] ../source3/winbindd/winbindd.c:1360(winbindd_register_handlers) unable to initialize domain list The command "chroot /chroots/DomaineAD/ wbinfo -u" return me this: could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! Error looking up domain users The command chroot /chroots/DomaineAD/ ntlm_auth --username=Administrateur return me this: could not obtain winbind separator! Reading winbind reply failed! (0x01) : (0x0) Samba and Winbind services are botch Active and running. By doing "net ads lookup -S 192.168.1.203" I get all the AD information: Information for Domain Controller: 192.168.1.203 Response Type: LOGON_SAM_LOGON_RESPONSE_EX GUID: fc62aa13-7384-4707-99b9-ba7d1008113e Flags: Is a PDC: yes Is a GC of the forest: yes Is an LDAP server: yes Supports DS: yes Is running a KDC: yes Is running time services: yes Is the closest DC: yes Is writable: yes Has a hardware clock: yes Is a non-domain NC serviced by LDAP server: no Is NT6 DC that has some secrets: no Is NT6 DC that has all secrets: yes Runs Active Directory Web Services: yes Runs on Windows 2012 or later: yes Forest: novasyspf.coop Domain: novasyspf.coop Domain Controller: WIN-AD.novasyspf.coop Pre-Win2k Domain: NOVASYSPF Pre-Win2k Hostname: WIN-AD Server Site Name : Default-First-Site-Name Client Site Name : Default-First-Site-Name NT Version: 5 LMNT Token: ffff LM20 Token: ffff same with "net ads info -s /etc/samba/DomaineAD.conf" LDAP server: 192.168.1.203 LDAP server name: WIN-AD.novasyspf.coop Realm: NOVASYSPF.COOP Bind Path: dc=NOVASYSPF,dc=COOP LDAP port: 389 Server time: ven ., 28 déc. 2018 11:59:55 CET KDC server: 192.168.1.203 Server time offset: -22 Last machine account password change: jeu ., 01 janv. 1970 01:00:00 CET The /etc/hosts file have this: 127.0.0.1 localhost localhost.localdomain 127.0.0.1 radiuspf radiuspf.novasyspf.coop 192.168.1.203 WIN-AD WIN-AD.novasyspf.coop 192.168.1.202 radiuspf radiuspf.novasyspf.coop The /etc/resolv.conf file have this: nameserver 192.168.1.203 nameserver 192.168.1.1 search radiuspf I'm stuck and I don't know how I can resolve this problem. Best regards Adrian _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
