Hi Jamie, Did you try different logons usern...@domain.com<mailto:usern...@domain.com> domain\username username
Check out the PF troubleshooting steps under the AD section, if you haven't already. https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_microsoft_active_directory_ad -- Thanks, Matt From: Jamie Hawkins via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Thursday, March 3, 2022 2:47 PM To: 'Zammit, Ludovic' <luza...@akamai.com> Cc: Jamie Hawkins <jr.hawkin...@gmail.com>; packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] AD Join Issues CAUTION: This email originated from outside of Jordan's. Hi Ludovic, Yes, have restarted numerous times after ensuring correct time and sync. I see successful Kerberos logs in AD event viewer, however still seeing the same error on PF. Kind Regards, Jamie From: Zammit, Ludovic <luza...@akamai.com> Sent: Thursday, 3 March 2022 2:28 PM To: Jamie Hawkins <jr.hawkin...@gmail.com> Cc: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] AD Join Issues Hello Jamie, Did you reboot it after to make sure all processes are using the correct time? Time matters a lot with 802.1x / AD join. Thanks, Ludovic Zammit Product Support Engineer Principal [Image removed by sender.] Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: [Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity.akamai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=XbDabDgJ5k%2BNxTrb3aRtn%2F1JyPLXODErH87k%2BLUHeo4%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.akamai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qhTTK5izPUAN1KRC%2FglNnR7nR2%2Bvv8mMMkJliO5yPjk%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fakamai&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=w0kTI%2Bhw8A2VSXkNNIdSC2vtEzf9bpCAlvw4Z5EoUZI%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FAkamaiTechnologies&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OjtrUzukiuYvw8ZBuKT5xwd6HBRD5O7%2BNrAou0ee7lY%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fakamai-technologies&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=DKALc1Jm%2BUh5TZnykSpmTLxGGDiHxosL24aKFNhIRxU%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.youtube.com%2Fuser%2Fakamaitechnologies%3Ffeature%3Dresults_main&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=lj8y2Cr8G5q%2B9TuM%2BsWsyniqb3kXvIOGzz8X%2BV2cFBI%3D&reserved=0> On Mar 3, 2022, at 6:57 AM, Jamie Hawkins <jr.hawkin...@gmail.com<mailto:jr.hawkin...@gmail.com>> wrote: Hi Ludovic, Yes time and date correct. And PF NTP set to AD Server. Kind Regards From: Zammit, Ludovic <luza...@akamai.com<mailto:luza...@akamai.com>> Sent: Wednesday, 2 March 2022 9:34 PM To: Jamie Hawkins <jr.hawkin...@gmail.com<mailto:jr.hawkin...@gmail.com>> Cc: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] AD Join Issues Jamie, Is the time and date are correct? Thanks, Ludovic Zammit Product Support Engineer Principal [Image removed by sender.] Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: [Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity.akamai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=XbDabDgJ5k%2BNxTrb3aRtn%2F1JyPLXODErH87k%2BLUHeo4%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.akamai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qhTTK5izPUAN1KRC%2FglNnR7nR2%2Bvv8mMMkJliO5yPjk%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Ftwitter.com%2Fakamai__%3B!!GjvTz_vk!AKGO1gwNwAJJnb1N-UjcUdnloRXgDdyyAhvK8u1rVhwijx4slnjNXcylFWmngQ%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=zE5PqtuhWzN2%2B8R%2FGjuRSbVE0Ke9hu3OeHYKtgVHMzk%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2Fwww.facebook.com%2FAkamaiTechnologies__%3B!!GjvTz_vk!AKGO1gwNwAJJnb1N-UjcUdnloRXgDdyyAhvK8u1rVhwijx4slnjNXczkwyLKDA%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=MH%2FnkgcdC0cXvhkPXFlgy7zYZey%2FqFL6uN2Czxbv8Vs%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2Fwww.linkedin.com%2Fcompany%2Fakamai-technologies__%3B!!GjvTz_vk!AKGO1gwNwAJJnb1N-UjcUdnloRXgDdyyAhvK8u1rVhwijx4slnjNXcyq5MTu1g%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9wYqKKhVWLHvWaUiW5GmANyrEkViwOrb6cuOp8pbOqM%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2Fwww.youtube.com%2Fuser%2Fakamaitechnologies%3Ffeature%3Dresults_main__%3B!!GjvTz_vk!AKGO1gwNwAJJnb1N-UjcUdnloRXgDdyyAhvK8u1rVhwijx4slnjNXczZtkGSIw%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=O%2BPNKa3u9dKfLspq3rdTle5uUjPtEYDFrh6GqP4%2Bu90%3D&reserved=0> On Mar 2, 2022, at 4:24 PM, Jamie Hawkins <jr.hawkin...@gmail.com<mailto:jr.hawkin...@gmail.com>> wrote: Hi Ludovic, Thanks for your e-mail. I have tried numerous accounts, all with domain administrator priviliges, but all give the same error. The PF server is time synced to AD via NTP. And OU is set to Computers. Kind Regards, Jamie From: Zammit, Ludovic <luza...@akamai.com<mailto:luza...@akamai.com>> Sent: Wednesday, 2 March 2022 9:12 PM To: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Cc: Jamie Hawkins <jr.hawkin...@gmail.com<mailto:jr.hawkin...@gmail.com>> Subject: Re: [PacketFence-users] AD Join Issues Hello Jamie, This is a one time join to join the PF server to the AD to do EAP PEAP authentication. Use a domain admin account to join your PF server to your domain and you should be good. Keep in mind that if you are putting the PF object into another OU than Computer, you will need to have full access. Thanks, Ludovic Zammit Product Support Engineer Principal [Image removed by sender.] Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: [Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity.akamai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=XbDabDgJ5k%2BNxTrb3aRtn%2F1JyPLXODErH87k%2BLUHeo4%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.akamai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qhTTK5izPUAN1KRC%2FglNnR7nR2%2Bvv8mMMkJliO5yPjk%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Ftwitter.com%2Fakamai__%3B!!GjvTz_vk!FoRGTlmtT0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQScHAh5VPQ%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=B42mw6r3VPbKdHfida5q9ATSjcCwP6tF4Kz2gwEi6gk%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2Fwww.facebook.com%2FAkamaiTechnologies__%3B!!GjvTz_vk!FoRGTlmtT0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQScehcJVxA%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=7IcSE6zE3KcgS2YC2EnM8VguF0PmZHlKM3b1cMOAqzY%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2Fwww.linkedin.com%2Fcompany%2Fakamai-technologies__%3B!!GjvTz_vk!FoRGTlmtT0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSfpT_gaXg%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=630LMd%2F2iY79Bz8U2RP6EQBbmLgpRCkaCkBar2F2Czw%3D&reserved=0>[Image removed by sender.]<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2Fwww.youtube.com%2Fuser%2Fakamaitechnologies%3Ffeature%3Dresults_main__%3B!!GjvTz_vk!FoRGTlmtT0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSdk4t4FwA%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0i%2F9hJbOMTkUB7ICubdOtEIgp%2FTC%2FQDCG3qykmtqIe8%3D&reserved=0> On Mar 2, 2022, at 12:15 PM, Jamie Hawkins via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Hi, I am trying to join PacketFence to our domain controller, however I am running in to the following error when trying to join with correct credentials (with domain admin privileges): gse_get_client_auth_token: gss_init_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: Message stream modified](2529638953) ads_sasl_spnego_bind: kinit succeeded but SPNEGO bind with Kerberos failed for ldap/mya-main.my-anna1.com<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2Fmya-main.my-anna1.com__%3B!!GjvTz_vk!FoRGTlmtT0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSdzakFHSw%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=29dPuCz52QY%2FeXTyuFQ6CA0S16pvlRG%2BSoHaWWTahcI%3D&reserved=0> - user[packetfence], realm[OUR-DOMAIN.COM<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2FOUR-DOMAIN.COM__%3B!!GjvTz_vk!FoRGTlmtT0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSfWS3eIKQ%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Rk1wvFqd6KR2itvQmVVBs3pH3cFG1KQbYrbV3mucHyM%3D&reserved=0>]: The attempted logon is invalid. This is either due to a bad username or authentication information. Failed to join domain: failed to connect to AD: Invalid credentials If I do put in incorrect credentials, I receive this error: Failed to join domain: failed to lookup DC info for domain 'OUR-DOMAIN.COM<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2FOUR-DOMAIN.COM__%3B!!GjvTz_vk!FoRGTlmtT0KNx_Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSfWS3eIKQ%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Rk1wvFqd6KR2itvQmVVBs3pH3cFG1KQbYrbV3mucHyM%3D&reserved=0>' over rpc: The attempted logon is invalid. This is either due to a bad username or authentication information. Appreciate any assistance, Kind Regards _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!BW8yHkuKstu_s4rtHNY5-uqxPrCiYQiPFcNfjnIXdGHLmrpwPjE3-UrpwPeZ8Zpl$<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users__%3B!!GjvTz_vk!BW8yHkuKstu_s4rtHNY5-uqxPrCiYQiPFcNfjnIXdGHLmrpwPjE3-UrpwPeZ8Zpl%24&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=I%2BMhjIdc2RscmjSpNEN7Db%2BXIXmLDWQ7t%2FzdpmXU8FQ%3D&reserved=0>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
