Re: [PacketFence-users] [External] [External] Domain Joining PacketFence Fails

[Nate Breeden via PacketFence-users]

Ah I got ya, I was a little confused when I read “workgroup” lol.

Tinkered a little more with the domain settings, this ended up resolving my 
issue – changed the ad_server and sticky_dc to utilize the IP address of my DC. 
Not sure why that would be problematic, as the Debian VM is able to ping those 
by name, even without the FQDN…

{Old values}:
[DOMAINNAME]
dns_name= DOMAINNAME.Local
dns_servers=10.0.1.15
server_name=%h
ou=Domain Computers
ad_server=mydc1
workgroup=domain.Local
status=enabled
sticky_dc=mydc1
ntlm_cache_expiry=3600
# Copyright (C) Inverse inc.




{New values}:
[DOMAINNAME]
dns_name= DOMAINNAME.LOCAL
dns_servers=10.0.1.15
server_name=%h
ou=Domain Computers
ad_server=10.0.1.15
workgroup= DOMAINNAME
status=enabled
sticky_dc=10.0.1.15
ntlm_cache_expiry=3600
# Copyright (C) Inverse inc.


Nate Breeden
Director of IT
Criswell Automotive
F: (301) 212-4520
O: (301) 212-4520

[Criswell Automotive]
CONFIDENTIALITY NOTICE:
The contents of this email message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or privileged information and 
may be legally protected from disclosure. If you are not the intended recipient 
of this message or their agent, or if this message has been addressed to you in 
error, please immediately alert the sender by reply email and then delete this 
message and any attachments. If you are not the intended recipient, you are 
hereby notified that any use, dissemination, copying, or storage of this 
message or its attachments is strictly prohibited.


From: Fabrice Durand <oeufd...@gmail.com>
Sent: Tuesday, August 23, 2022 4:12 PM
To: Nate Breeden <nbree...@criswellauto.com>
Cc: packetfence-users@lists.sourceforge.net
Subject: Re: [External] [PacketFence-users] [External] Domain Joining 
PacketFence Fails

This message was sent from outside the company, please use caution when 
clicking links or opening attachments unless you recognize the source of this 
email and know the content is safe.

the WORKGROUP is the pre-windows-2000 name and the dns_name is the dns format.

If i am not wrong when you edit a user in Users and computers you should be 
able to see both.


Le mar. 23 août 2022 à 15:52, Nate Breeden 
<nbree...@criswellauto.com<mailto:nbree...@criswellauto.com>> a écrit :
Hey Fabrice,

I just tried them in all caps, still the same result.

As far as workgroup, would that not be my domain name? Also tried it without 
the .local in all caps, same thing happens there


Thanks!

From: Fabrice Durand <oeufd...@gmail.com<mailto:oeufd...@gmail.com>>
Sent: Tuesday, August 23, 2022 3:28 PM
To: Nate Breeden <nbree...@criswellauto.com<mailto:nbree...@criswellauto.com>>
Cc: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [External] [PacketFence-users] [External] Domain Joining 
PacketFence Fails

This message was sent from outside the company, please use caution when 
clicking links or opening attachments unless you recognize the source of this 
email and know the content is safe.

Iptables looks to be ok.

But are you sure about workgroup=domain.Local ?

Also put dns_name and workgroup in uppercase .


Le mar. 23 août 2022 à 15:09, Nate Breeden 
<nbree...@criswellauto.com<mailto:nbree...@criswellauto.com>> a écrit :
[DOMAINNAME]
dns_name= DOMAINNAME.Local
dns_servers=10.0.1.15
server_name=%h
ou=Domain Computers
ad_server=mydc1
workgroup=domain.Local
status=enabled
sticky_dc=mydc1
ntlm_cache_expiry=3600
# Copyright (C) Inverse inc.




Chain PREROUTING (policy ACCEPT 16868 packets, 1946K bytes)
pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 177K packets, 11M bytes)
pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 177K packets, 11M bytes)
pkts bytes target     prot opt in     out     source               destination
    2   201 SNAT       all  --  *      eth0    
169.254.0.0/16<https://urldefense.proofpoint.com/v2/url?u=http-3A__169.254.0.0_16&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=bN7h99u95vnWXdgcnyXbKhFNtKrIMJiUqmx4gtnfO4k&m=Xrb2MhTwVfsgB0Ly2kmXEpd4h5zh2ahQVimD-CDxZZA&s=0tEqXp2MNx2O4CDTriAGasv58incY0Mng0HhqweYcKk&e=>
       
0.0.0.0/0<https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0_0&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=bN7h99u95vnWXdgcnyXbKhFNtKrIMJiUqmx4gtnfO4k&m=Xrb2MhTwVfsgB0Ly2kmXEpd4h5zh2ahQVimD-CDxZZA&s=PrjR8DSaK1N5oqEtKvSK0RcEnlgVtojDQH13JSz54Jo&e=>
            to:10.0.1.19

Chain postrouting-inline-routed (0 references)
pkts bytes target     prot opt in     out     source               destination

Chain postrouting-int-inline-if (0 references)
pkts bytes target     prot opt in     out     source               destination

Chain prerouting-int-inline-if (0 references)
pkts bytes target     prot opt in     out     source               destination

Chain prerouting-int-vlan-if (0 references)
pkts bytes target     prot opt in     out     source               destination

From: Fabrice Durand <oeufd...@gmail.com<mailto:oeufd...@gmail.com>>
Sent: Tuesday, August 23, 2022 2:36 PM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Nate Breeden <nbree...@criswellauto.com<mailto:nbree...@criswellauto.com>>
Subject: Re: [External] [PacketFence-users] [External] Domain Joining 
PacketFence Fails

This message was sent from outside the company, please use caution when 
clicking links or opening attachments unless you recognize the source of this 
email and know the content is safe.

Hello,

can you show me the content of conf/domain.conf and also the result of iptables 
-L -n -v -t nat

Regards
Fabrice



Le mar. 23 août 2022 à 14:25, Nate Breeden via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 a écrit :
Hey Aaron,

My DCs are using Server 2019, also have tried it with the firewall disabled and 
had the same result.

Also thought this would be the easiest part of my install lol


Thanks!

Nate Breeden
Director of IT
Criswell Automotive
F: (301) 212-4520
O: (301) 212-4520

[Criswell Automotive]
CONFIDENTIALITY NOTICE:
The contents of this email message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or privileged information and 
may be legally protected from disclosure. If you are not the intended recipient 
of this message or their agent, or if this message has been addressed to you in 
error, please immediately alert the sender by reply email and then delete this 
message and any attachments. If you are not the intended recipient, you are 
hereby notified that any use, dissemination, copying, or storage of this 
message or its attachments is strictly prohibited.


From: Aaron Zuercher via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
Sent: Tuesday, August 23, 2022 11:25 AM
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Aaron Zuercher <aaron.techge...@gmail.com<mailto:aaron.techge...@gmail.com>>
Subject: Re: [External] [PacketFence-users] Domain Joining PacketFence Fails

This message was sent from outside the company, please use caution when 
clicking links or opening attachments unless you recognize the source of this 
email and know the content is safe.

Nate,
this part of my install was pretty straight forward.  What version of windows 
in your DC?   What about firewall blocking something?

Aaron

On Tue, Aug 23, 2022 at 7:34 AM Nate Breeden via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 wrote:
When trying to domain join PacketForce, on the web GUI we receive “Failed to 
join domain: failed to find DC for domain Computers - The object was not found.”

After searching through a bunch of articles, it looks like where it says “for 
domain Computers” should say “for domain MYDOMAIN”?

Did a full reinstall of PacketFence thinking something was wrong with the 
install, but am still facing the same issue.

In the actual Debian VM if I ping a hostname without the domain name it replies 
with the correct IP address, same thing when pining with the FQDN.


Cat /etc/resolv.conf > this returns the proper DNS IP addresses for my domain



Net ads status > this returns “ads_connect: No logon servers are currently 
available to service the logon request.” (X2)



Also have tried tweaking each setting on the Configuration > Policies and 
Access Control > Domains > Active Directory Domains > [my identifier], 
including either using IP addresses/hostnames (for Active Directory server, 
Sticky DC), changing the admin credentials around 
(myadmin@domain.local<mailto:myadmin@domain.local>, myadmin@domain, myadmin, 
mydomain\myadmin), have tweaked the “This server’s name” field, to either 
specify a name or utilize %h.




Here is the log from /usr/local/pf/logs/packetfence.log (censored my server 
name and domain name)

Aug 22 20:23:40 [myservername] pfqueue[12690]: pfqueue(12690) INFO: 
[mac:unknown] domain join : Failed to join domain: failed to find DC for domain 
Computers - The object was not found. (pf::domain::join_domain)
Aug 22 20:23:44 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:23:50 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:23:56 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:24:02 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:24:08 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:24:14 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:24:20 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:24:26 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:24:29 [myservername] packetfence[13694]: pfperl-api(1249) INFO: 
getting security_events triggers for accounting cleanup 
(pf::accounting::acct_maintenance)
Aug 22 20:24:29 [myservername] packetfence[13693]: pfperl-api(1242) INFO: 
processed 0 security_events during security_event maintenance (1661199869.09285 
1661199869.0996)  (pf::security_event::security_event_mainte>Aug 22 20:24:29 
[myservername] packetfence[13693]: pfperl-api(1242) INFO: processed 0 
security_events during security_event maintenance (1661199869.10111 
1661199869.10295)  (pf::security_event::security_event_maint>Aug 22 20:24:29 
[myservername] packetfence[13696]: pfperl-api(1248) INFO: Using 300 resolution 
threshold (pf::pfcron::task::cluster_check::run)
Aug 22 20:24:29 [myservername] packetfence[13696]: pfperl-api(1248) INFO: All 
cluster members are running the same configuration version 
(pf::pfcron::task::cluster_check::run)
Aug 22 20:24:32 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:24:38 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:24:44 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:24:50 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:24:56 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:25:02 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:25:08 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:25:14 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:25:20 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:25:26 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:25:29 [myservername] packetfence[13770]: pfperl-api(1243) INFO: Using 
300 resolution threshold (pf::pfcron::task::cluster_check::run)
Aug 22 20:25:29 [myservername] packetfence[13770]: pfperl-api(1243) INFO: All 
cluster members are running the same configuration version 
(pf::pfcron::task::cluster_check::run)
Aug 22 20:25:29 [myservername] packetfence[13772]: pfperl-api(1243) INFO: 
getting security_events triggers for accounting cleanup 
(pf::accounting::acct_maintenance)
Aug 22 20:25:29 [myservername] packetfence[13768]: pfperl-api(1249) INFO: 
processed 0 security_events during security_event maintenance (1661199929.04501 
1661199929.05668)  (pf::security_event::security_event_maint>Aug 22 20:25:29 
[myservername] packetfence[13768]: pfperl-api(1249) INFO: processed 0 
security_events during security_event maintenance (1661199929.05834 
1661199929.06063)  (pf::security_event::security_event_maint>Aug 22 20:25:32 
[myservername] packetfence_winbindd-wrapper[13632]: winbindd-wrapper(13632) 
WARN: [mac:[undef]] Re-registering [mydomain] (main::child_sighandler)
Aug 22 20:25:38 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)
Aug 22 20:25:44 [myservername] packetfence_winbindd-wrapper[13632]: 
winbindd-wrapper(13632) WARN: [mac:[undef]] Re-registering [mydomain] 
(main::child_sighandler)

Nate Breeden
Director of IT
Criswell Automotive
F: (301) 212-4520
O: (301) 212-4520

[Criswell Automotive]

CONFIDENTIALITY NOTICE:
The contents of this email message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or privileged information and 
may be legally protected from disclosure. If you are not the intended recipient 
of this message or their agent, or if this message has been addressed to you in 
error, please immediately alert the sender by reply email and then delete this 
message and any attachments. If you are not the intended recipient, you are 
hereby notified that any use, dissemination, copying, or storage of this 
message or its attachments is strictly prohibited.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers&d=DwQFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=bN7h99u95vnWXdgcnyXbKhFNtKrIMJiUqmx4gtnfO4k&m=Gw4I4PaWxpYyF9FT9uygv7bR39lEA6yxhIzkfJ-AHuA&s=SlktJgxLqTjOYtKpxj4htkwBIE4W9RsQG_4OxGjEUag&e=>



________________________________

This email has been scanned for spam and viruses. Click 
here<https://us-spambrella.cloud-protect.net/index01.php?mod_id=11&mod_option=logitem&mail_id=1661271047-GWqjQkgRREyf&r_address=nbreeden%40criswellauto.com&report=1>
 to report this email as spam.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers&d=DwQFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=bN7h99u95vnWXdgcnyXbKhFNtKrIMJiUqmx4gtnfO4k&m=Gw4I4PaWxpYyF9FT9uygv7bR39lEA6yxhIzkfJ-AHuA&s=SlktJgxLqTjOYtKpxj4htkwBIE4W9RsQG_4OxGjEUag&e=>



________________________________

This email has been scanned for spam and viruses. Click 
here<https://us-spambrella.cloud-protect.net/index01.php?mod_id=11&mod_option=logitem&mail_id=1661279743-zbCjT9rfq8Rm&r_address=nbreeden%40criswellauto.com&report=1>
 to report this email as spam.



________________________________

This email has been scanned for spam and viruses. Click 
here<https://us-spambrella.cloud-protect.net/index01.php?mod_id=11&mod_option=logitem&mail_id=1661282919-EcgJNsVhTfom&r_address=nbreeden%40criswellauto.com&report=1>
 to report this email as spam.



________________________________

This email has been scanned for spam and viruses. Click 
here<https://us-spambrella.cloud-protect.net/index01.php?mod_id=11&mod_option=logitem&mail_id=1661285557-mapruHSxcphA&r_address=nbreeden%40criswellauto.com&report=1>
 to report this email as spam.


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users