Hi Ludovic,
Yes, have restarted numerous times after ensuring correct time and sync. I see successful Kerberos logs in AD event viewer, however still seeing the same error on PF. Kind Regards, Jamie From: Zammit, Ludovic <luza...@akamai.com> Sent: Thursday, 3 March 2022 2:28 PM To: Jamie Hawkins <jr.hawkin...@gmail.com> Cc: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] AD Join Issues Hello Jamie, Did you reboot it after to make sure all processes are using the correct time? Time matters a lot with 802.1x / AD join. Thanks, Ludovic Zammit Product Support Engineer Principal <https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x4 5.png> Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> On Mar 3, 2022, at 6:57 AM, Jamie Hawkins <jr.hawkin...@gmail.com <mailto:jr.hawkin...@gmail.com> > wrote: Hi Ludovic, Yes time and date correct. And PF NTP set to AD Server. Kind Regards From: Zammit, Ludovic <luza...@akamai.com <mailto:luza...@akamai.com> > Sent: Wednesday, 2 March 2022 9:34 PM To: Jamie Hawkins <jr.hawkin...@gmail.com <mailto:jr.hawkin...@gmail.com> > Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] AD Join Issues Jamie, Is the time and date are correct? Thanks, Ludovic Zammit Product Support Engineer Principal <https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x4 5.png> Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://urldefense.com/v3/__https:/twitter.com/akamai__;!!GjvTz_vk!AKGO1gwN wAJJnb1N-UjcUdnloRXgDdyyAhvK8u1rVhwijx4slnjNXcylFWmngQ$> <https://urldefense.com/v3/__http:/www.facebook.com/AkamaiTechnologies__;!!G jvTz_vk!AKGO1gwNwAJJnb1N-UjcUdnloRXgDdyyAhvK8u1rVhwijx4slnjNXczkwyLKDA$> <https://urldefense.com/v3/__http:/www.linkedin.com/company/akamai-technolog ies__;!!GjvTz_vk!AKGO1gwNwAJJnb1N-UjcUdnloRXgDdyyAhvK8u1rVhwijx4slnjNXcyq5MT u1g$> <https://urldefense.com/v3/__http:/www.youtube.com/user/akamaitechnologies?f eature=results_main__;!!GjvTz_vk!AKGO1gwNwAJJnb1N-UjcUdnloRXgDdyyAhvK8u1rVhw ijx4slnjNXczZtkGSIw$> On Mar 2, 2022, at 4:24 PM, Jamie Hawkins <jr.hawkin...@gmail.com <mailto:jr.hawkin...@gmail.com> > wrote: Hi Ludovic, Thanks for your e-mail. I have tried numerous accounts, all with domain administrator priviliges, but all give the same error. The PF server is time synced to AD via NTP. And OU is set to Computers. Kind Regards, Jamie From: Zammit, Ludovic <luza...@akamai.com <mailto:luza...@akamai.com> > Sent: Wednesday, 2 March 2022 9:12 PM To: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Cc: Jamie Hawkins <jr.hawkin...@gmail.com <mailto:jr.hawkin...@gmail.com> > Subject: Re: [PacketFence-users] AD Join Issues Hello Jamie, This is a one time join to join the PF server to the AD to do EAP PEAP authentication. Use a domain admin account to join your PF server to your domain and you should be good. Keep in mind that if you are putting the PF object into another OU than Computer, you will need to have full access. Thanks, Ludovic Zammit Product Support Engineer Principal <https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x4 5.png> Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://urldefense.com/v3/__https:/twitter.com/akamai__;!!GjvTz_vk!FoRGTlmt T0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQScHAh5VPQ$> <https://urldefense.com/v3/__http:/www.facebook.com/AkamaiTechnologies__;!!G jvTz_vk!FoRGTlmtT0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQScehcJVxA$> <https://urldefense.com/v3/__http:/www.linkedin.com/company/akamai-technolog ies__;!!GjvTz_vk!FoRGTlmtT0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSfpT_g aXg$> <https://urldefense.com/v3/__http:/www.youtube.com/user/akamaitechnologies?f eature=results_main__;!!GjvTz_vk!FoRGTlmtT0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF 185Aukz9xQSdk4t4FwA$> On Mar 2, 2022, at 12:15 PM, Jamie Hawkins via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> > wrote: Hi, I am trying to join PacketFence to our domain controller, however I am running in to the following error when trying to join with correct credentials (with domain admin privileges): gse_get_client_auth_token: gss_init_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: Message stream modified](2529638953) ads_sasl_spnego_bind: kinit succeeded but SPNEGO bind with Kerberos failed for ldap/mya-main.my-anna1.com <https://urldefense.com/v3/__http:/mya-main.my-anna1.com__;!!GjvTz_vk!FoRGTl mtT0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSdzakFHSw$> - user[packetfence], realm[OUR-DOMAIN.COM <https://urldefense.com/v3/__http:/OUR-DOMAIN.COM__;!!GjvTz_vk!FoRGTlmtT0KNx _Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSfWS3eIKQ$> ]: The attempted logon is invalid. This is either due to a bad username or authentication information. Failed to join domain: failed to connect to AD: Invalid credentials If I do put in incorrect credentials, I receive this error: Failed to join domain: failed to lookup DC info for domain 'OUR-DOMAIN.COM <https://urldefense.com/v3/__http:/OUR-DOMAIN.COM__;!!GjvTz_vk!FoRGTlmtT0KNx _Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSfWS3eIKQ$> ' over rpc: The attempted logon is invalid. This is either due to a bad username or authentication information. Appreciate any assistance, Kind Regards _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/pac ketfence-users__;!!GjvTz_vk!BW8yHkuKstu_s4rtHNY5-uqxPrCiYQiPFcNfjnIXdGHLmrpw PjE3-UrpwPeZ8Zpl$ <https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/pac ketfence-users__;!!GjvTz_vk!BW8yHkuKstu_s4rtHNY5-uqxPrCiYQiPFcNfjnIXdGHLmrpw PjE3-UrpwPeZ8Zpl$>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users