When I join the computer to the domain, it puts it in the default OU. I have been moving it to another OU. How can move it without breaking the trust?
Joel ---------------------------------------------------------------------- Message: 1 Date: Tue, 4 Aug 2015 16:24:53 +0000 From: "Tedder, Eric" <e...@westlake.k12.oh.us> Subject: Re: [PacketFence-users] Periodically losing domain trust To: "packetfence-users@lists.sourceforge.net" <packetfence-users@lists.sourceforge.net> Message-ID: <ed41932e012da54abc32f6303d45517854563...@wcsmx.westlake.k12.oh.us> Content-Type: text/plain; charset="us-ascii" I would check to make sure that replication is working correctly in your domain. I have noticed that when a DC in my environment is not working correctly winbind has issues doing the failover to another DC. Also make sure that your computer account doesn't get moved from where you joined it to in the ou structure. Thanks Eric -----Original Message----- From: Morgan, Joel P. [mailto:joel.mor...@mga.edu] Sent: Tuesday, August 04, 2015 9:19 AM To: packetfence-users@lists.sourceforge.net Subject: [PacketFence-users] Periodically losing domain trust I've been periodically having trouble with my packetfence server losing its trust status to the domain. That's what I think anyway. If I join the packetfence server to the domain, everything works fine for days. In the GUI it says test join success. After several days, the GUI success message is replace by "test join fail!" A manual test join fails with the following error: [root@packetfence samba]# /usr/bin/sudo /sbin/ip netns exec MGA /usr/bin/net ads testjoin -s /etc/samba/MGA.conf kerberos_kinit_password PACKETFENCE$@MGA.EDU failed: Preauthentication failed kerberos_kinit_password PACKETFENCE$@MGA.EDU failed: Preauthentication failed Join to domain is not valid: Logon failure wbinfo -t gives the following error: [root@packetfence samba]# /usr/sbin/chroot /chroots/MGA wbinfo -t checking the trust secret for domain MGA via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR Could not check secret I found a person with the identical problem. http://www.spinics.net/lists/samba/msg118711.html Like the referenced post I added: winbind refresh tickets = yes to /chroots/MGA/etc/samba/MGA.conf I then rejoined the domain from the GUI. When I rejoined the domain, the setting I made disappeared. Where would the correct place to add this? Is anyone else having this problem? Joel ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users