Hi, I too ran into a lot of places where INVERSE (realm) kept popping up.
For us, things got a lot better after I changed the default realm in /etc/krb5.conf. Hope this will help you too. MJ On 6/9/2015 17:11, [email protected] wrote: > Hi Folks, > > I want to ask especially the folks at inverse, if there is a recommended > configuration with pf 5.1 . > > (I mean which distro do YOU recommend, as you do most testing on it at > your place…) > > Am I right, that you do use RH or centos at INVERSE? > > I do ask, because I think I did try nearly every combination (excluding > RedHat) since January and there wasn’t one that ran without issues. > > Yes, I did make the mistake to try pf with 4.x and as I wasn’t live with > the system when the 5.0 came out I thought it would be a good idea to > start our live-life with pf with the new version. Poor me, I even > dropped the VM as the Installation of the 4.x went so well, I didn’t > think it could be else with the 5.x versions. > > (YES, I am in programming business, I should have known better… J) > > If I did understand the posts here right, Louis is doing the packaging? > > Louis, I DO know how hard packaging and install tests are (in fact, I > was part of these tests at our place before I got my actual working > area) so you do have my FULL RESPECT(!!). > > You may allow me to suggest this: > > May be it would be helpful to test the pf installation at against > “changing” ADs (not just)INVERSE, because since 5.0 it is a pain in the > a.. to get the pf working against an own AD which is NOT called > “INVERSE” (at least for a dumbhead like me, it seems). “INVERSE” > seems/seemed(?) to be hardcoded in numerous places and neither the > krb5.conf, nor the corresponding winbind/samba config files looked like > they should look like, if one compared them to what the pf documentation > says they should – for THAT Linux distribution (eg. debian). > > There is no need for n ADs, just two and the second just to make sure, > there are no “INVERSE specifics” hardcoded. The more “rudimentary” the > second is, the easier it is to see, that the “INVERSE” settings are not > “templated” for everyone. > > Bye, > > Holger > > -- > > Holger Patzelt > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
