[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] PAM only and Kerberos...
From:       Robert Marcano via samba <samba () lists ! samba ! org>
Date:       2018-05-30 15:29:22
Message-ID: ae3c127a-7054-25bc-08af-ad77588186fa () marcanoonline ! com
[Download RAW message or body]

On 05/30/2018 11:02 AM, Marco Gaiarin via samba wrote:
> Mandi! Robert Marcano via samba
>    In chel di` si favelave...
> 
>> Yes, check the documentation of krb5.conf.
> 
> Ahem, 'apt-get install krb5-doc' misses. ;-)
> 
>> In summary you will need to
>> disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set
>> you admin and kdc hostnames there, something like:
> 
> How can i determine kdc and master_kdc values? All DC server are KDC
> and the FSMO role are master_kdc?
> 

I wonder if you can choose the master as the more robust (HW and SW) of 
your DCs, no idea.

On a non AD Kerberos realm you can get from DNS, For example:

   dig +short _kerberos._udp.example.com srv
   dig +short _kerberos-master._udp.example.com srv

both values, but the last one doesn't show on my Samba AD domain (single 
server)

My installations of Samba as a AD DC are containerized and single server 
(for now), so I don't know if _kerberos-master._udp doesn't show because 
there is only one DC or if Samba doesn't setup that record.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
[prev in list] [next in list] [prev in thread] [next in thread]