Alex de Vaal
2008-Feb-27 12:28 UTC
[Samba] krb5.conf file in /var/lib/samba/smb_krb5; Samba 3.0.27a
Hello list,
I've upgraded from Samba 3.0.14a to 3.0.27a (Samba is a domain member of a
W2k3 native AD) and I see that in the /var/lib/samba/smb_krb5 directory a
krb5.conf file is created.
Is this krb5.conf file extracted from my original /etc/krb5.conf? Or is this
file created from the "password server =" entry in my smb.conf file?
My original /etc/krb5.conf contains the DC's in DNS name and the
krb5.conffile in /var/lib/samba/smb_krb5 contains DC's on IP address.
I noticed also that the krb5.conf file in /var/lib/samba/smb_krb5 is only
renewed if /var/lib/samba/gencache.tdb is deleted before winbind is
restarted and it also uses the DC that is configured as primary DC in Sites
and Services in the Active Directory.
Can anyone shed a light how this work?
Thnx,
Alex.
Some info:
/etc/samba/smb.conf
======
password server = adm02.test.com, adm03.test.com
/etc/krb5.conf
=========
[libdefaults]
default_realm = TEST.COM
[realms]
TEST.COM = {
kdc = adm02.test.com:88
kdc = adm03.test.com:88
kdc = adm01.test.com:88
/etc/hosts
=======
192.168.100.100 adm01.test.com
10.0.0.100 adm02.test.com
192.168.100.110 nhadm03.test.com
/var/lib/samba/smb_krb5/krb5.conf.TEST
============================
[libdefaults]
default_realm = TEST.COM
[realms]
TEST.COM = {
kdc = 192.168.100.110
kdc = 10.0.0.100
}
Eric Roseme
2008-Feb-27 17:03 UTC
[Samba] krb5.conf file in /var/lib/samba/smb_krb5; Samba 3.0.27a
I asked a co-worker who attended the Samba workshop last September to pose the following question. The answer follows (maybe it will help): Q1. Will the new (3.0.25b) krb5 code (that creates a Samba-specific krb5.conf file) be documented somewhere? A1. Samba does not have documentation about the Samba-specific krb5.conf that is placed in locking directory. And also, after running kinit to obtain Kerberos ticket, Samba stores the ticket into memory tdb, probbaly gencache.tdb. But Samba doesn't provide a tool to allow users to see which DC Samba is talking to. Currently, we can use klist to see which domain is being used by Samba. Obviously this does not answer your question about how it works, but it might get you closer. Eric Roseme Alex de Vaal wrote:> Hello list, > > I've upgraded from Samba 3.0.14a to 3.0.27a (Samba is a domain member of a > W2k3 native AD) and I see that in the /var/lib/samba/smb_krb5 directory a > krb5.conf file is created. > Is this krb5.conf file extracted from my original /etc/krb5.conf? Or is this > file created from the "password server =" entry in my smb.conf file? > My original /etc/krb5.conf contains the DC's in DNS name and the > krb5.conffile in /var/lib/samba/smb_krb5 contains DC's on IP address. > > I noticed also that the krb5.conf file in /var/lib/samba/smb_krb5 is only > renewed if /var/lib/samba/gencache.tdb is deleted before winbind is > restarted and it also uses the DC that is configured as primary DC in Sites > and Services in the Active Directory. > > Can anyone shed a light how this work? > > Thnx, > Alex. > > Some info: > > /etc/samba/smb.conf > ======> > password server = adm02.test.com, adm03.test.com > > > /etc/krb5.conf > =========> > [libdefaults] > default_realm = TEST.COM > > [realms] > TEST.COM = { > kdc = adm02.test.com:88 > kdc = adm03.test.com:88 > kdc = adm01.test.com:88 > > > /etc/hosts > =======> > 192.168.100.100 adm01.test.com > 10.0.0.100 adm02.test.com > 192.168.100.110 nhadm03.test.com > > > /var/lib/samba/smb_krb5/krb5.conf.TEST > ============================> > [libdefaults] > default_realm = TEST.COM > > [realms] > TEST.COM = { > kdc = 192.168.100.110 > kdc = 10.0.0.100 > }