Hi MJ, 1-In PacketFence Admin, under domains configuration, clone your current domain configuration.
2- Change the IP address of the ActiveDirectory Server by it's DNS name. Rejoin the domain from each PacketFence server. 3-Make sure that the DNS server in the configuration can resolve that domain name. (If you need multiple DNS server, this got introduced recently: https://github.com/inverse-inc/packetfence/pull/2223/files) The resulting configuration change: /etc/krb5.conf: [...] [libdefaults] default_realm = domainname.local [...] /chroots/domainname/etc/samba/domainname.conf [...] password server = domainname.local Uppercase/Lowercase realm is not problematic. Regards, -- Thierry Laurion [email protected] :: +1.514.447.4918 *120 :: https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu) and PacketFence (https://packetfence.org) On 05/10/2017 02:55 AM, lists wrote: > Hi, > > No reactions. Could anyone then please tell me how to make such > adjustments in our own installation, in a permanent way? > > As in: we can edit .conf files in the chroot, but how can we make sure > they STAY the way we like them? > > MJ > > On 8-5-2017 13:20, lists wrote: >> Hi, >> >> I would like to ask for some feedback on the generated samba configs in >> the chroot in packetfence. >> >> The generated smb.conf includes a "password server = dc.ad.company.com". >> On the samba mailinglist, it's always recommened to use the auto >> discovery (using DNS) to locate the DCs. This will make use of ALL DC's, >> plus there's no need edit the config file, when you make changes to your >> DCs. >> >> The packetfence generated krb5.conf does also not seem to use >> autodiscover, but the same specific DC again. Samba folks recommend >> krb5.conf to contain just: >> >>> [libdefaults] >>> default_realm = SAMDOM.EXAMPLE.COM >>> dns_lookup_realm = false >>> dns_lookup_kdc = true >> (note also the UPPERCASE realm) >> >> (see https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member) >> >> But perhaps packetfence has valid reasons to not use those recommended >> settings..? >> >> Our concern is: we have three DCs, and packetfence only uses one. We >> would like to have failover for samba and krb, and use all DCs. How can >> we enable that behaviour in a packetfence-friendly way? >> >> MJ >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
