I use DDNS and have no problem, but for my dc's in packet fence I define each one via ip. I run Ubuntu 12.04 LTS with the stock samba. (round robin is broken for samba)
The only issue I have is that winbindd will lockup if I restart the primary DC because of a known bug but then I just go in to packet fence and kill off the locked up process and restart it. You might want to use a static entry for your packet fence in DNS. It sounds more like you are having a scavenging issue at 7 days. Thanks Eric Tedder -----Original Message----- From: Morgan, Joel P. [mailto:[email protected]] Sent: Tuesday, August 25, 2015 10:03 AM To: [email protected] Subject: Re: [PacketFence-users] Periodically losing domain trust I am also having the same problem as the guy in this post http://www.mail-archive.com/packetfence-users%40lists.sourceforge.net/msg09749.html where the DNS entry is changed to the 169.#.#.# address of the domain virtual NIC. I'm starting to wonder if the problem I'm having losing domain trust is related to the dynamic DNS issue. Maybe fixing the dynamic DNS problem will fix the losing trust problem. I'm going to try this http://www.mail-archive.com/packetfence-users%40lists.sourceforge.net/msg09751.html to see if it fixes both. Here are my krb5.conf and smb.conf files: vi krb5.conf [libdefaults] default_realm = MGA.EDU # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [libdefaults] default_realm = MGA.EDU # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] MGA.EDU = { kdc = dc.mga.edu admin_server = dc.mga.edu default_domain = MGA.EDU } [domain_realm] MGA.EDU = MGA.EDU .MGA.EDU = MGA.EDU [login] krb4_convert = true krb4_get_tickets = false vi MGADomain.conf [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = MGA realm = MGA.EDU netbios name = packetfence server string = packetfence pid directory = /usr/local/pf/var/run lock directory = /var/cache/sambaMGADomain private dir = /var/cache/sambaMGADomain security = ADS winbind use default domain = no idmap uid = 600-20000 idmap gid = 600-20000 template shell = /bin/bash winbind expand groups = 10 password server = dc.mga.edu domain master = no local master = no preferred master = no inherit permissions = yes admin users = @MGA\"domain admins" hide files = /~*/Thumbs.db/desktop.ini/ntuser.ini/NTUSER.*/SMax.*/ veto files = /lost+found/ allow trusted domains = yes # No printers on this host show add printer wizard = no disable spoolss = yes load printers = no printing = bsd printcap name = /dev/null # No usershares here usershare max shares = 0 # By default no guests and invisible browseable = no guest ok = no #interfaces = 169.254.0.1 #bind interfaces only = yes Joel ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
