Simon Leung
2005-Dec-30 06:53 UTC
[Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
Hi there, I am reading the Samba3-By-Example dated 29Dec2005. I've found that there's no information on telling how to make a successful deployment on interdomain trust, but this is the missing Chapter that I am really looking for. Anyway, my question is beside Winbind, do I need to configure krb5 on Samba (Domain A) when talking to Win2003SP1 on Domain B? Best Wishes and Happy New Year Simon
Gerald (Jerry) Carter
2006-Jan-03 17:46 UTC
[Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Simon Leung wrote:> Hi there, > > I am reading the Samba3-By-Example dated 29Dec2005. I've > found that there's no information on telling how to make > a successful deployment on interdomain trust, but this > is the missing Chapter that I am really looking for. > > Anyway, my question is beside Winbind, do I need to > configure krb5 on Samba (Domain A) when talking to Win2003SP1 > on Domain B?Beginning with 3.0.21 if you are talking to AD in anyways (domain member server, domain controller with domain trusts, etc...) you should ensure that you configure with ADS support and correctly configure /etc/krb5.conf. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org Centeris ----------- http://www.centeris.com "There's an anonymous coward in all of us." --anonymous -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDurbSIR7qMdg1EfYRAtx+AKCtpYTDLRRZaPUK6Jb+TYcXIaa1hQCgmi6K 4p+Bm+qY5Yy06Yq6OQWUYkU=fXKX -----END PGP SIGNATURE-----
Geoffrey Scott
2006-Jan-04 03:09 UTC
[Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
SHA1 wrote:> Simon Leung wrote: >> >> Anyway, my question is beside Winbind, do I need to configure krb5 on >> Samba (Domain A) when talking to Win2003SP1 on Domain B? > > Beginning with 3.0.21 if you are talking to AD in anyways (domain > member server, domain controller with domain trusts, etc...) you > should ensure that you configure with ADS support and correctly > configure /etc/krb5.conf.Hi Jerry JHT hasn't got any mention of configuring /etc/krb5.conf in "S by example" chapter 7.3.4 but he has in chapter 12.3.2. Other docs say only an empty config file is needed or non at all depending on whether you are using Heimdal or MIT kerberos..... How much info if any should be in /etc/krb5.conf? is the chapter 12 example enough?: [libdefaults] default_realm = LONDON.ABMAS.BIZ [realms] LONDON.ABMAS.BIZ = { kdc = w2k3s.london.abmas.biz } Sorry to ask a basic question, but if I do an apt-get install samba and samba-common, will it install all the files needed for ADS domain membership? Regards Geoff Scott Gerald (Jerry) Carter wrote: