Hi, having to upgrade an instance of packetfence 10.3 to version 13.2, I encountered restrictions that made me think about rethinking the way Active Directory domain controllers have been integrated.
Previously for defining the Active Directory domain (Configuration->Policies and access control->Domains->Active Directory Domains) it was possible to specify the parameter "Active Directory server" in which the FQDN was entered that refers to a type A record in the DNS that lists all Domain Controller IP addresses on the network. I assume that since PacketFence version 13.1, in which the NTLM management mode has changed, the fields "Active Directory FQDN" and "Active Directory IP" can be set togeder for Active Directory domain configuration. The "Active Directory IP" field is declared as optional, but although apparently the records of FQDN on DNS are present, the lack of the same produces the error "ad_server: Please specify the IPv4 of the Active Directory server." Also, if in the "Active Directory FQDN" field the value used so far is set and pointing to the record with multiple IPs, once the settings are saved and the ntlm-auth-api service is restarted the JOIN fails, the following error appears on the log: Failed to bind to uuid 12345678-1234-abcd-ef00-01234567cffb for ncacn_np:comune.intranet[\pipe\netlogon,seal,schannel,abstract_syntax=12345678-1234-abcd-ef00-01234567cffb/0x00000001] NT_STATUS_INVALID_COMPUTER_NAME Instead, by using an FQDN pointing to a single Domain Controller IP and also valuing the "Active Directory IP" field, one is able to finalize the JOIN on Active Directory without running into errors. At this point, I am wondering how to reliably configure the domain in PaciketFence taking into account that a specific Domain Controller may be unavailable, for example because it is undergoing maintenance, without risking NAC service outages. Best regards. Leonardo
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
