samba - Dec 2005 - Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?

Hi there,

I am reading the Samba3-By-Example dated 29Dec2005. I've found that
there's
no information on telling how to make a successful deployment on interdomain
trust, but this is the missing Chapter that I am really looking for.

Anyway, my question is beside Winbind, do I need to configure krb5 on Samba
(Domain A) when talking to Win2003SP1 on Domain B?

Best Wishes and Happy New Year

Simon

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simon Leung wrote:
> Hi there,
> 
> I am reading the Samba3-By-Example dated 29Dec2005. I've 
> found that there's no information on telling how to make
> a successful deployment on interdomain trust, but this
> is the missing Chapter that I am really looking for.
> 
> Anyway, my question is beside Winbind, do I need to 
> configure krb5 on Samba (Domain A) when talking to Win2003SP1
> on Domain B?
Beginning with 3.0.21 if you are talking to AD in anyways (domain member
server, domain controller with domain trusts, etc...) you should ensure
that you configure with ADS support and correctly configure /etc/krb5.conf.



cheers, jerry
====================================================================Alleviating
the pain of Windows(tm)      ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"There's an anonymous coward in all of us."              
--anonymous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDurbSIR7qMdg1EfYRAtx+AKCtpYTDLRRZaPUK6Jb+TYcXIaa1hQCgmi6K
4p+Bm+qY5Yy06Yq6OQWUYkU=fXKX
-----END PGP SIGNATURE-----

SHA1 wrote:
> Simon Leung wrote:
>> 
>> Anyway, my question is beside Winbind, do I need to configure krb5 on
>> Samba (Domain A) when talking to Win2003SP1 on Domain B?
> 
> Beginning with 3.0.21 if you are talking to AD in anyways (domain
> member server, domain controller with domain trusts, etc...) you
> should ensure that you configure with ADS support and correctly
> configure /etc/krb5.conf.
Hi Jerry
JHT hasn't got any mention of configuring /etc/krb5.conf in "S by
example" chapter 7.3.4 but he has in chapter 12.3.2.  Other docs say
only an empty config file is needed or non at all depending on whether
you are using Heimdal or MIT kerberos.....   

How much info if any should be in /etc/krb5.conf? is the chapter 12 example
enough?:
[libdefaults]
	default_realm = LONDON.ABMAS.BIZ

[realms] 
	LONDON.ABMAS.BIZ = {
	kdc = w2k3s.london.abmas.biz
	}


Sorry to ask a basic question, but if I do an apt-get install samba and
samba-common, will it install all the files needed for ADS domain
membership?  

Regards Geoff Scott


Gerald (Jerry) Carter wrote: