On Aug 20, 2015, at 17:46 , Morgan, Joel P. <[email protected]> wrote:
> I was going to try Samba4, but when I tried to install via yum it said it > conflicted with samba 3. When I tried to remove samba 3, it said > packetfence.noarch depended on it. I decided to try something else to avoid > breaking dependencies. PacketFence depends on “some version” of samba to be able to authenticate PEAP requests. Of course yum will complain if you try to uninstall samba. It cannot know that you intend to install another version. The way to do this is to uninstall the samba packages with # rpm -e —nodeps and then reinstall the samba4 packages. That will work. > > Last week, using yum I upgraded to Centos 6.7. Today, just like clockwork AD > authentication started failing 7 days after the join. > > Here are the samba packages I have installed: > > yum list installed | grep samba > > samba.x86_64 3.6.23-20.el6 @base > > samba-client.x86_64 3.6.23-20.el6 @base > > samba-common.x86_64 3.6.23-20.el6 @base > > samba-winbind.x86_64 3.6.23-20.el6 @base > > samba-winbind-clients.x86_64 3.6.23-20.el6 @base > > samba4-libs.x86_64 4.0.0-66.el6_6.rc4 @updates > > > There is a package samba-winbind-krb5-locator.x86_64 that is available, but > not installed. Redhat describes this package as "It contains a plug-in for > the system Kerberos library to allow the local Kerberos library to use the > same KDC as Samba and Winbind use." Is this package required? I have never used it. It has never been necessary in the past. > > One thing I did notice was that in my /chroots/MGA/etc/samba/MGA.conf and > /chroots/MGADomain/etc/krb5.conf the realm was listed in lowercase. > Everything I've read states it should always be the domain in UPPERCASE. > Today, I deleted the existing domain in the Packetfence GUI and created a new > one where I input the domain in UPPERCASE. I'll see if it lasts more than a > week. I doubt it. It would have failed before that and not at ticket renewal time. Just to be clear, all the PacketFence integration does is generate an smb.conf and krb.conf configuration based on the configuration you provide. It allows multiple domains by running each into a a chroot so that they don’t step on each other. Can you post your smb.conf and krb5.conf files? -- Louis Munro [email protected] :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
