Do you have a domain policy set that expires machine accounts faster than the default 30 days? Just curious.
On Fri, Aug 21, 2015 at 10:47 AM, Louis Munro <[email protected]> wrote: > > > On Aug 20, 2015, at 17:46 , Morgan, Joel P. <[email protected]> wrote: > > I was going to try Samba4, but when I tried to install via yum it said it > conflicted with samba 3. When I tried to remove samba 3, it said > packetfence.noarch depended on it. I decided to try something else to avoid > breaking dependencies. > > > > PacketFence depends on “some version” of samba to be able to authenticate > PEAP requests. > > Of course yum will complain if you try to uninstall samba. > It cannot know that you intend to install another version. > > The way to do this is to uninstall the samba packages with > # rpm -e —nodeps > > and then reinstall the samba4 packages. > > That will work. > > > > Last week, using yum I upgraded to Centos 6.7. Today, just like clockwork > AD authentication started failing 7 days after the join. > > Here are the samba packages I have installed: > > yum list installed | grep samba > > samba.x86_64 3.6.23-20.el6 @base > > samba-client.x86_64 3.6.23-20.el6 @base > > samba-common.x86_64 3.6.23-20.el6 @base > > samba-winbind.x86_64 3.6.23-20.el6 @base > > samba-winbind-clients.x86_64 3.6.23-20.el6 @base > > samba4-libs.x86_64 4.0.0-66.el6_6.rc4 > @updates > > There is a package samba-winbind-krb5-locator.x86_64 that is available, > but not installed. Redhat describes this package as "It contains a plug-in > for the system Kerberos library to allow the local Kerberos library to use > the same KDC as Samba and Winbind use." Is this package required? > > > > I have never used it. > It has never been necessary in the past. > > > One thing I did notice was that in my /chroots/MGA/etc/samba/MGA.conf and > /chroots/MGADomain/etc/krb5.conf the realm was listed in lowercase. > Everything I've read states it should always be the domain in UPPERCASE. > Today, I deleted the existing domain in the Packetfence GUI and created a > new one where I input the domain in UPPERCASE. I'll see if it lasts more > than a week. > > > I doubt it. > It would have failed before that and not at ticket renewal time. > > Just to be clear, all the PacketFence integration does is generate an > smb.conf and krb.conf configuration based on the configuration you provide. > It allows multiple domains by running each into a a chroot so that they > don’t step on each other. > > Can you post your smb.conf and krb5.conf files? > > -- > Louis Munro > [email protected] :: www.inverse.ca > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( > www.packetfence.org) > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
