Hi Matt,
I have tried the different logon combinations with the same result. Thanks for the link, here is the outcome of those results: log.winbindd File: Copyright Andrew Tridgell and the Samba Team 1992-2021 [2022/03/05 07:17:29.442650, 0] ../../source3/winbindd/winbindd_cache.c:3087(initialize_winbindd_cache) initialize_winbindd_cache: clearing cache and re-creating with version number 2 [2022/03/05 07:17:29.444189, 0] ../../source3/winbindd/winbindd_util.c:1376(init_domain_list) Could not fetch our SID - did we join? [2022/03/05 07:17:29.444234, 0] ../../source3/winbindd/winbindd.c:1460(winbindd_register_handlers) unable to initialize domain list chroot /chroots/OURDOMAIN wbinfo -u could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! Error looking up domain users chroot /chroots/OURDOMAIN ntlm_auth --username=ouradmin could not obtain winbind separator! Reading winbind reply failed! (0x01) : (0x0) Winbind service is running, and have tried restarting. Kind Regards, Jamie From: DeSantos, Matthew <mdesan...@jordans.com> Sent: Friday, 4 March 2022 6:04 PM To: packetfence-users@lists.sourceforge.net; Jamie Hawkins <jr.hawkin...@gmail.com> Subject: RE: [PacketFence-users] AD Join Issues Hi Jamie, Did you try different logons usern...@domain.com <mailto:usern...@domain.com> domain\username username Check out the PF troubleshooting steps under the AD section, if you haven't already. https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_microso ft_active_directory_ad -- Thanks, Matt From: Jamie Hawkins via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> > Sent: Thursday, March 3, 2022 2:47 PM To: 'Zammit, Ludovic' <luza...@akamai.com <mailto:luza...@akamai.com> > Cc: Jamie Hawkins <jr.hawkin...@gmail.com <mailto:jr.hawkin...@gmail.com> >; packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] AD Join Issues CAUTION: This email originated from outside of Jordan's. Hi Ludovic, Yes, have restarted numerous times after ensuring correct time and sync. I see successful Kerberos logs in AD event viewer, however still seeing the same error on PF. Kind Regards, Jamie From: Zammit, Ludovic <luza...@akamai.com <mailto:luza...@akamai.com> > Sent: Thursday, 3 March 2022 2:28 PM To: Jamie Hawkins <jr.hawkin...@gmail.com <mailto:jr.hawkin...@gmail.com> > Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] AD Join Issues Hello Jamie, Did you reboot it after to make sure all processes are using the correct time? Time matters a lot with 802.1x / AD join. Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity .akamai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb7 08d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171 %7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw iLCJXVCI6Mn0%3D%7C3000&sdata=XbDabDgJ5k%2BNxTrb3aRtn%2F1JyPLXODErH87k%2BLUHe o4%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.akam ai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9f d53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUn known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX VCI6Mn0%3D%7C3000&sdata=qhTTK5izPUAN1KRC%2FglNnR7nR2%2Bvv8mMMkJliO5yPjk%3D&r eserved=0> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.c om%2Fakamai&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d 9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7C Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLC JXVCI6Mn0%3D%7C3000&sdata=w0kTI%2Bhw8A2VSXkNNIdSC2vtEzf9bpCAlvw4Z5EoUZI%3D&r eserved=0> <https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebo ok.com%2FAkamaiTechnologies&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e4 3468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C63781 9358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC JBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OjtrUzukiuYvw8ZBuKT5xwd6HBRD5O7%2B NrAou0ee7lY%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linked in.com%2Fcompany%2Fakamai-technologies&data=04%7C01%7Cmdesantos%40jordans.co m%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0% 7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=DKALc1Jm%2BUh5TZnykSpmT LxGGDiHxosL24aKFNhIRxU%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.youtub e.com%2Fuser%2Fakamaitechnologies%3Ffeature%3Dresults_main&data=04%7C01%7Cmd esantos%40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959 cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjo iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=lj8 y2Cr8G5q%2B9TuM%2BsWsyniqb3kXvIOGzz8X%2BV2cFBI%3D&reserved=0> On Mar 3, 2022, at 6:57 AM, Jamie Hawkins <jr.hawkin...@gmail.com <mailto:jr.hawkin...@gmail.com> > wrote: Hi Ludovic, Yes time and date correct. And PF NTP set to AD Server. Kind Regards From: Zammit, Ludovic <luza...@akamai.com <mailto:luza...@akamai.com> > Sent: Wednesday, 2 March 2022 9:34 PM To: Jamie Hawkins <jr.hawkin...@gmail.com <mailto:jr.hawkin...@gmail.com> > Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] AD Join Issues Jamie, Is the time and date are correct? Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity .akamai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb7 08d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171 %7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw iLCJXVCI6Mn0%3D%7C3000&sdata=XbDabDgJ5k%2BNxTrb3aRtn%2F1JyPLXODErH87k%2BLUHe o4%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.akam ai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9f d53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUn known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX VCI6Mn0%3D%7C3000&sdata=qhTTK5izPUAN1KRC%2FglNnR7nR2%2Bvv8mMMkJliO5yPjk%3D&r eserved=0> On Mar 2, 2022, at 4:24 PM, Jamie Hawkins <jr.hawkin...@gmail.com <mailto:jr.hawkin...@gmail.com> > wrote: Hi Ludovic, Thanks for your e-mail. I have tried numerous accounts, all with domain administrator priviliges, but all give the same error. The PF server is time synced to AD via NTP. And OU is set to Computers. Kind Regards, Jamie From: Zammit, Ludovic <luza...@akamai.com <mailto:luza...@akamai.com> > Sent: Wednesday, 2 March 2022 9:12 PM To: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Cc: Jamie Hawkins <jr.hawkin...@gmail.com> Subject: Re: [PacketFence-users] AD Join Issues Hello Jamie, This is a one time join to join the PF server to the AD to do EAP PEAP authentication. Use a domain admin account to join your PF server to your domain and you should be good. Keep in mind that if you are putting the PF object into another OU than Computer, you will need to have full access. Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity .akamai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb7 08d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171 %7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw iLCJXVCI6Mn0%3D%7C3000&sdata=XbDabDgJ5k%2BNxTrb3aRtn%2F1JyPLXODErH87k%2BLUHe o4%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.akam ai.com%2F&data=04%7C01%7Cmdesantos%40jordans.com%7C52028e43468c44d70cb708d9f d53bcd3%7C61563252c11c4b959cd290e8276b2bc1%7C0%7C0%7C637819358377149171%7CUn known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX VCI6Mn0%3D%7C3000&sdata=qhTTK5izPUAN1KRC%2FglNnR7nR2%2Bvv8mMMkJliO5yPjk%3D&r eserved=0> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefens e.com%2Fv3%2F__https%3A%2Ftwitter.com%2Fakamai__%3B!!GjvTz_vk!FoRGTlmtT0KNx_ Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQScHAh5VPQ%24&data=04%7C01%7Cmdesantos %40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8 276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=B42mw6r3VP bKdHfida5q9ATSjcCwP6tF4Kz2gwEi6gk%3D&reserved=0> On Mar 2, 2022, at 12:15 PM, Jamie Hawkins via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> > wrote: Hi, I am trying to join PacketFence to our domain controller, however I am running in to the following error when trying to join with correct credentials (with domain admin privileges): gse_get_client_auth_token: gss_init_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: Message stream modified](2529638953) ads_sasl_spnego_bind: kinit succeeded but SPNEGO bind with Kerberos failed for ldap/mya-main.my-anna1.com <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefens e.com%2Fv3%2F__http%3A%2Fmya-main.my-anna1.com__%3B!!GjvTz_vk!FoRGTlmtT0KNx_ Xbwt3p9nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSdzakFHSw%24&data=04%7C01%7Cmdesantos %40jordans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8 276b2bc1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=29dPuCz52Q Y%2FeXTyuFQ6CA0S16pvlRG%2BSoHaWWTahcI%3D&reserved=0> - user[packetfence], realm[OUR-DOMAIN.COM <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefens e.com%2Fv3%2F__http%3A%2FOUR-DOMAIN.COM__%3B!!GjvTz_vk!FoRGTlmtT0KNx_Xbwt3p9 nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSfWS3eIKQ%24&data=04%7C01%7Cmdesantos%40jord ans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc 1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL CJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Rk1wvFqd6KR2itvQm VVBs3pH3cFG1KQbYrbV3mucHyM%3D&reserved=0> ]: The attempted logon is invalid. This is either due to a bad username or authentication information. Failed to join domain: failed to connect to AD: Invalid credentials If I do put in incorrect credentials, I receive this error: Failed to join domain: failed to lookup DC info for domain 'OUR-DOMAIN.COM <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefens e.com%2Fv3%2F__http%3A%2FOUR-DOMAIN.COM__%3B!!GjvTz_vk!FoRGTlmtT0KNx_Xbwt3p9 nWyIfbJ_qVqKVTIA9lFxlF185Aukz9xQSfWS3eIKQ%24&data=04%7C01%7Cmdesantos%40jord ans.com%7C52028e43468c44d70cb708d9fd53bcd3%7C61563252c11c4b959cd290e8276b2bc 1%7C0%7C0%7C637819358377149171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL CJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Rk1wvFqd6KR2itvQm VVBs3pH3cFG1KQbYrbV3mucHyM%3D&reserved=0> ' over rpc: The attempted logon is invalid. This is either due to a bad username or authentication information. Appreciate any assistance, Kind Regards _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/pac ketfence-users__;!!GjvTz_vk!BW8yHkuKstu_s4rtHNY5-uqxPrCiYQiPFcNfjnIXdGHLmrpw PjE3-UrpwPeZ8Zpl$
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
