[PacketFence-users] vlans through packetfence inline
Hi, Perhaps some of the networkgurus here can give a quick answer: We have packetfence 5.3.1, inline, with access points in bridged mode, so all wireless clients are on the packetfence NAT range. Now a new version of our wifi system allows for more SSIDs, which can be bridged to VLANs. Our wired network is on vlan7 on the main chassis. (packetfence is also connected to VLAN7 on this chassis) Suppose I bridge a specific SSID to VLAN7, will the associated clients there actually find themselves on the regular 'main' network, like wired clients, basically 'bypassing' the packetfence inline NAT? Or am I mixing up things (network layers, blahblah) here? I hope I make myself clear... Regards, MJ -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Periodically losing domain trust
On Aug 20, 2015, at 17:46 , Morgan, Joel P. joel.mor...@mga.edu wrote: I was going to try Samba4, but when I tried to install via yum it said it conflicted with samba 3. When I tried to remove samba 3, it said packetfence.noarch depended on it. I decided to try something else to avoid breaking dependencies. PacketFence depends on “some version” of samba to be able to authenticate PEAP requests. Of course yum will complain if you try to uninstall samba. It cannot know that you intend to install another version. The way to do this is to uninstall the samba packages with # rpm -e —nodeps and then reinstall the samba4 packages. That will work. Last week, using yum I upgraded to Centos 6.7. Today, just like clockwork AD authentication started failing 7 days after the join. Here are the samba packages I have installed: yum list installed | grep samba samba.x86_64 3.6.23-20.el6 @base samba-client.x86_64 3.6.23-20.el6 @base samba-common.x86_64 3.6.23-20.el6 @base samba-winbind.x86_64 3.6.23-20.el6 @base samba-winbind-clients.x86_64 3.6.23-20.el6 @base samba4-libs.x86_644.0.0-66.el6_6.rc4@updates There is a package samba-winbind-krb5-locator.x86_64 that is available, but not installed. Redhat describes this package as It contains a plug-in for the system Kerberos library to allow the local Kerberos library to use the same KDC as Samba and Winbind use. Is this package required? I have never used it. It has never been necessary in the past. One thing I did notice was that in my /chroots/MGA/etc/samba/MGA.conf and /chroots/MGADomain/etc/krb5.conf the realm was listed in lowercase. Everything I've read states it should always be the domain in UPPERCASE. Today, I deleted the existing domain in the Packetfence GUI and created a new one where I input the domain in UPPERCASE. I'll see if it lasts more than a week. I doubt it. It would have failed before that and not at ticket renewal time. Just to be clear, all the PacketFence integration does is generate an smb.conf and krb.conf configuration based on the configuration you provide. It allows multiple domains by running each into a a chroot so that they don’t step on each other. Can you post your smb.conf and krb5.conf files? -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Periodically losing domain trust
Do you have a domain policy set that expires machine accounts faster than the default 30 days? Just curious. On Fri, Aug 21, 2015 at 10:47 AM, Louis Munro lmu...@inverse.ca wrote: On Aug 20, 2015, at 17:46 , Morgan, Joel P. joel.mor...@mga.edu wrote: I was going to try Samba4, but when I tried to install via yum it said it conflicted with samba 3. When I tried to remove samba 3, it said packetfence.noarch depended on it. I decided to try something else to avoid breaking dependencies. PacketFence depends on “some version” of samba to be able to authenticate PEAP requests. Of course yum will complain if you try to uninstall samba. It cannot know that you intend to install another version. The way to do this is to uninstall the samba packages with # rpm -e —nodeps and then reinstall the samba4 packages. That will work. Last week, using yum I upgraded to Centos 6.7. Today, just like clockwork AD authentication started failing 7 days after the join. Here are the samba packages I have installed: yum list installed | grep samba samba.x86_64 3.6.23-20.el6 @base samba-client.x86_64 3.6.23-20.el6 @base samba-common.x86_64 3.6.23-20.el6 @base samba-winbind.x86_64 3.6.23-20.el6 @base samba-winbind-clients.x86_64 3.6.23-20.el6 @base samba4-libs.x86_644.0.0-66.el6_6.rc4 @updates There is a package samba-winbind-krb5-locator.x86_64 that is available, but not installed. Redhat describes this package as It contains a plug-in for the system Kerberos library to allow the local Kerberos library to use the same KDC as Samba and Winbind use. Is this package required? I have never used it. It has never been necessary in the past. One thing I did notice was that in my /chroots/MGA/etc/samba/MGA.conf and /chroots/MGADomain/etc/krb5.conf the realm was listed in lowercase. Everything I've read states it should always be the domain in UPPERCASE. Today, I deleted the existing domain in the Packetfence GUI and created a new one where I input the domain in UPPERCASE. I'll see if it lasts more than a week. I doubt it. It would have failed before that and not at ticket renewal time. Just to be clear, all the PacketFence integration does is generate an smb.conf and krb.conf configuration based on the configuration you provide. It allows multiple domains by running each into a a chroot so that they don’t step on each other. Can you post your smb.conf and krb5.conf files? -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users