[prev in list] [next in list] [prev in thread] [next in thread]
List: samba
Subject: Re: [Samba] PAM only and Kerberos...
From: Robert Marcano via samba <samba () lists ! samba ! org>
Date: 2018-05-30 15:29:22
Message-ID: ae3c127a-7054-25bc-08af-ad77588186fa () marcanoonline ! com
[Download RAW message or body]
On 05/30/2018 11:02 AM, Marco Gaiarin via samba wrote:
> Mandi! Robert Marcano via samba
> In chel di` si favelave...
>
>> Yes, check the documentation of krb5.conf.
>
> Ahem, 'apt-get install krb5-doc' misses. ;-)
>
>> In summary you will need to
>> disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set
>> you admin and kdc hostnames there, something like:
>
> How can i determine kdc and master_kdc values? All DC server are KDC
> and the FSMO role are master_kdc?
>
I wonder if you can choose the master as the more robust (HW and SW) of
your DCs, no idea.
On a non AD Kerberos realm you can get from DNS, For example:
dig +short _kerberos._udp.example.com srv
dig +short _kerberos-master._udp.example.com srv
both values, but the last one doesn't show on my Samba AD domain (single
server)
My installations of Samba as a AD DC are containerized and single server
(for now), so I don't know if _kerberos-master._udp doesn't show because
there is only one DC or if Samba doesn't setup that record.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic