From owner-freebsd-pf@freebsd.org Sat Aug 24 01:51:54 2019 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 42B5AD44E4 for ; Sat, 24 Aug 2019 01:51:54 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46Fh8S73vzz4VLy for ; Sat, 24 Aug 2019 01:51:52 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.92.1 (FreeBSD)) (envelope-from ) id 1i1LDP-0004hX-4D for freebsd-pf@freebsd.org; Fri, 23 Aug 2019 19:51:39 -0600 Date: Fri, 23 Aug 2019 19:51:39 -0600 From: The Doctor To: freebsd-pf@freebsd.org Subject: Making a unix box an Active Directory Domain controller Message-ID: <20190824015139.GA11631@doctor.nl2k.ab.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.12.1 (2019-06-15) X-Rspamd-Queue-Id: 46Fh8S73vzz4VLy X-Spamd-Bar: + X-Spamd-Result: default: False [1.12 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.65)[-0.652,0]; NEURAL_HAM_LONG(-0.08)[-0.085,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(0.00)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; BAD_REP_POLICIES(0.10)[]; RCVD_TLS_LAST(0.00)[]; NEURAL_SPAM_SHORT(0.03)[0.030,0]; URIBL_PBL(0.02)[empire.kred]; DMARC_POLICY_ALLOW(0.00)[nl2k.ab.ca,quarantine]; IP_SCORE(-0.20)[ip: (-0.47), ipnet: 204.209.81.0/24(-0.24), asn: 6171(-0.19), country: CA(-0.09)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; INTRODUCTION(2.00)[]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Aug 2019 01:51:54 -0000 Seem like my pf script could be blocking my virtual box from being a domain controller. The error I get is Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt. DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "nk.ca": The query was for the SRV record for _ldap._tcp.dc._msdcs.nk.ca The following domain controllers were identified by the query: debian.nk.ca However no domain controllers could be contacted. Common causes of this error include: - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses. - Domain controllers registered in DNS are not connected to the network or are not running. Possibly the pf.conf could be blocking the outside interface I telnet tested debian.nk.ca ion ports 445 and 139 and on the border no issue however outside the tests fail. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Manitoba - Vote Liberal to Give Palliser and Scheer a message on 10 Sept 2019 !