Re: [PacketFence-users] Periodically losing domain trust
I am also having the same problem as the guy in this post http://www.mail-archive.com/packetfence-users%40lists.sourceforge.net/msg09749.html where the DNS entry is changed to the 169.#.#.# address of the domain virtual NIC. I'm starting to wonder if the problem I'm having losing domain trust is related to the dynamic DNS issue. Maybe fixing the dynamic DNS problem will fix the losing trust problem. I'm going to try this http://www.mail-archive.com/packetfence-users%40lists.sourceforge.net/msg09751.html to see if it fixes both. Here are my krb5.conf and smb.conf files: vi krb5.conf [libdefaults] default_realm = MGA.EDU # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [libdefaults] default_realm = MGA.EDU # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] MGA.EDU = { kdc = dc.mga.edu admin_server = dc.mga.edu default_domain = MGA.EDU } [domain_realm] MGA.EDU = MGA.EDU .MGA.EDU = MGA.EDU [login] krb4_convert = true krb4_get_tickets = false vi MGADomain.conf [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = MGA realm = MGA.EDU netbios name = packetfence server string = packetfence pid directory = /usr/local/pf/var/run lock directory = /var/cache/sambaMGADomain private dir = /var/cache/sambaMGADomain security = ADS winbind use default domain = no idmap uid = 600-2 idmap gid = 600-2 template shell = /bin/bash winbind expand groups = 10 password server = dc.mga.edu domain master = no local master = no preferred master = no inherit permissions = yes admin users = @MGA\domain admins hide files = /~*/Thumbs.db/desktop.ini/ntuser.ini/NTUSER.*/SMax.*/ veto files = /lost+found/ allow trusted domains = yes # No printers on this host show add printer wizard = no disable spoolss = yes load printers = no printing = bsd printcap name = /dev/null # No usershares here usershare max shares = 0 # By default no guests and invisible browseable = no guest ok = no #interfaces = 169.254.0.1 #bind interfaces only = yes Joel -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Radius debug mode
Sorry if this is a dumb question, but couldn't find the answer in the archives. How do I run radius in debug mode? #radiusd -X -d /usr/local/pf/raddb gives radiusd not found error. I'm running PF 5.3.1 on Ubuntu 12.04. Thanks, Todd -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radius debug mode
perhaps you are using freeradius? freeradius -X -d /usr/local/pf/raddb On 8/25/2015 15:46, Todd Bergstrom wrote: Sorry if this is a dumb question, but couldn’t find the answer in the archives. How do I run radius in debug mode? #radiusd –X –d /usr/local/pf/raddb gives radiusd not found error. I’m running PF 5.3.1 on Ubuntu 12.04. Thanks, Todd -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Periodically losing domain trust
I use DDNS and have no problem, but for my dc's in packet fence I define each one via ip. I run Ubuntu 12.04 LTS with the stock samba. (round robin is broken for samba) The only issue I have is that winbindd will lockup if I restart the primary DC because of a known bug but then I just go in to packet fence and kill off the locked up process and restart it. You might want to use a static entry for your packet fence in DNS. It sounds more like you are having a scavenging issue at 7 days. Thanks Eric Tedder -Original Message- From: Morgan, Joel P. [mailto:joel.mor...@mga.edu] Sent: Tuesday, August 25, 2015 10:03 AM To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Periodically losing domain trust I am also having the same problem as the guy in this post http://www.mail-archive.com/packetfence-users%40lists.sourceforge.net/msg09749.html where the DNS entry is changed to the 169.#.#.# address of the domain virtual NIC. I'm starting to wonder if the problem I'm having losing domain trust is related to the dynamic DNS issue. Maybe fixing the dynamic DNS problem will fix the losing trust problem. I'm going to try this http://www.mail-archive.com/packetfence-users%40lists.sourceforge.net/msg09751.html to see if it fixes both. Here are my krb5.conf and smb.conf files: vi krb5.conf [libdefaults] default_realm = MGA.EDU # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [libdefaults] default_realm = MGA.EDU # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] MGA.EDU = { kdc = dc.mga.edu admin_server = dc.mga.edu default_domain = MGA.EDU } [domain_realm] MGA.EDU = MGA.EDU .MGA.EDU = MGA.EDU [login] krb4_convert = true krb4_get_tickets = false vi MGADomain.conf [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = MGA realm = MGA.EDU netbios name = packetfence server string = packetfence pid directory = /usr/local/pf/var/run lock directory = /var/cache/sambaMGADomain private dir = /var/cache/sambaMGADomain security = ADS winbind use default domain = no idmap uid = 600-2 idmap gid = 600-2 template shell = /bin/bash winbind expand groups = 10 password server = dc.mga.edu domain master = no local master = no preferred master = no inherit permissions = yes admin users = @MGA\domain admins hide files = /~*/Thumbs.db/desktop.ini/ntuser.ini/NTUSER.*/SMax.*/ veto files = /lost+found/ allow trusted domains = yes # No printers on this host show add printer wizard = no disable spoolss = yes load printers = no printing = bsd printcap name = /dev/null # No usershares here
[PacketFence-users] packetfence with one interface
Hi folks, to have a little bit of practice at home, I would like to install packetfence on a spare Metal at home. The main challengeis, that the server has only one interface and there is only a typical home all in one router (wlan,lan and Internet via dsl to the isp), which does not support VLAN tagging. As this breaks the actual installation manuals, have you any setup hints for me? Regards, Holger -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radius debug mode
Yes, that is it. Thank you very much!! Todd -Original Message- From: heupink [mailto:heup...@gmail.com] Sent: Tuesday, August 25, 2015 9:35 AM To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Radius debug mode perhaps you are using freeradius? freeradius -X -d /usr/local/pf/raddb On 8/25/2015 15:46, Todd Bergstrom wrote: Sorry if this is a dumb question, but couldn't find the answer in the archives. How do I run radius in debug mode? #radiusd -X -d /usr/local/pf/raddb gives radiusd not found error. I'm running PF 5.3.1 on Ubuntu 12.04. Thanks, Todd -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users